Break stuff. Now.

The Day Web Privacy Went Away

Browsing the web unprotected due to a broken Firefox add-on system

May 4, 2019

This morning, while I was browsing the web using Firefox, something felt off. It took a while before I noticed that my add-on icons were missing. I recently reinstalled my OS, so I must have just forgotten to install them. But I'm pretty sure I didn't forget.

So I went to the add-ons page.

Firefox intalled add-ons page

Huh. They're not there. I was pretty sure I installed them. But that warning message looks suspicious, it should not be there. So I clicked the link in the warning.

Firefox unsupported add-ons page including LastPass, HTTPS Everywhere and Adblock Plus

Huh. I did install them. But why are they not enabled? Why are they considered legacy? Could it be just me? A quick search on the internet revealed that Firefox broke their add-ons.

DuckDuckGo search about disabled Firefox add-ons

From what I understand, the certificate used to sign the add-ons expired, leading to Firefox rejecting add-ons signed with it. How could they let this happen, twice? Was it not in any of the backlogs? Have they not learned from the first incident?

And if you look closely at the add-ons I have, all of them are privacy-related. Adblock Plus blocks unwanted content. HTTPS Everywhere ensures content is loaded securely. LastPass generates secure passwords and stores them securely.

With all three lost due to this fiasco, it feels like being dropped into battle without a weapon, nor armor. The worst part of this issue is that regular users might not be aware what it's all about, thinking that it's just another Firefox quirk. Missing password manager? Oh well, I'll just manually type my password - that kind of stuff.

There are workarounds in place. But the technical nature of the workarounds is a deterrent. They require enabling some questionable settings, diving into about:config, or manually loading add-ons. Most regular users would probably just wait for a fix, and browse the web without protection in the mean time - something you don't want happening.

Privacy and security should be first in priority. It should not be forgotten, nor be something at the bottom of the backlog. Things like these should never happen, especially to a browser which advertises itself as free, open, and privacy-oriented. I still use Firefox, and it's the right choice. But the next time something like this happens, I'm switching.