As in the sibling, thread, no, you can't disable the signature check, not in the regular, mainline FF download. Even if you enable it in about::config!
This was a change introduced in ~August 2016, to ignore your preferences on that setting.
(As you note in the sibling thread, you can get it in a special development version, but that still contradicts your claim that you can toggle something to allow it.)
And I've explained that you can't expect the average newbie coder to navigate the recompilation process; I'm unsure why you blithely dismiss people who aren't as capable as you.
1. So you have the set of people who would be much better off in a “walled garden”, in my experience that is almost everyone.
2. You have the set of people who can compile the code from source and who want to get outside of the wall.
3. You have the set of people who want to get out of the wall but don’t have the technical expertise to know the dangers of doing so.
4. You have people who have the technical expertise to know the dangers but not the technical expertise to compile code.
I think people in group 4 should learn how to be in group 2, because we have almost four decades worth of evidence to know how badly people in group 3 can do.
Edit: changed group 2 to group 3 in the last sentence.
Perhaps, they forced them to do that in the middle of their workday in order to get their UX back. Imagine if your computer crashed and when it restarted it came with the mouse drivers disabled and you had to use the arrows to move the mouse around, and you were reassured you could sign up for WDN to restore use of the mouse.
And I don’t think expecting the user to personally recompile for every update is reasonable, especially if you claim to let users gain control of their machines again.
The same users who have complete “control of thier computer” who don’t know what they are doing is what causes all of the crapware, malware, ransomware on many Windows based PCs.
I’m all for platforms being in a wall gardener by default where you have to jump through a few hoops to unlock an “advanced mode”.
And signing up for WDN (Windows Developer Network?) hopefully you would get signed drivers.
You can’t imagine the number of times my mom has done the perfectly reasonable thing of searching for Windows printer drivers on Google and ended up installing crapware from a third party site instead of getting the official driver. Signing requirements from MS would hopefully alleviate that and let advanced users try to figure out how to load unsigned drivers.
(Also tangentially, why are printer drivers still a thing on Windows anyway? Anyone who connects a Mac, iPad, or iPhone to my home network - if I give them access to the non-guest network - automatically can print.)
I don't because I also mention the developer edition and nightly, which allows unsigned addons and has regular updates.
I'm not dismissing people who aren't as capable as me either, I've mentioned alternative approaches and I'm getting tired of having to repeat "there is the dev and nightly edition" to the same 5 people over and over again.
Mozilla is making tradeoffs in protecting the average user and giving the power users a little bit less freedom unless they use an edition of firefox intended for power users and developers. Simple as that.
Right, we can't. Unless we're promising to give users control over their machines and there are trivial ways to accommodate this means of giving them control.
Users will abuse the ability to control their own machines. Given full administrative privilege on their machine, it takes, by my experience, about a month until the machine either has various pieces of malware installed or their malware has malware installed.
The average user cannot be trusted with full control of their machine and it's fairly reasonable to say that power users need to take the extra steps to, for example, install a power user edition of firefox.
I'm asking for: "If the user goes into a deep part of the obscure developer options and bypasses the warnings about unsigned addons, and then uses a non-obvious but documented process for side-loading, something virus peddlers can't really walk users through, then Firefox should honor that while explicitly displaying the list of unsigned addons the users added."
>I'm not dismissing people who aren't as capable as me either, I've mentioned alternative approaches and I'm getting tired of having to repeat "there is the dev and nightly edition" to the same 5 people over and over again.
And I and others have explained how those involve unacceptable tradeoffs and run directly contrary to "give users back control over their machines" ethos, though not, of course, to your extremely limited version of the ethos.
>"If the user goes into a deep part of the obscure developer options and bypasses the warnings about unsigned addons, and then uses a non-obvious but documented process for side-loading, something virus peddlers can't really walk users through, then Firefox should honor that while explicitly displaying the list of unsigned addons the users added."
Any such process would have to be difficult for external programs. As it stands, the best way to get verification of such a setting is through the built in binary verification that firefox does, which require that any application needs to reverse engineer and patch the binary to install it's own addons.
Your process requires editing the about:config values, which is possible for an external application and installing an addon, which copies it into a specific folder and is also possible for an external application. We know this is possible because this is what other applications did to install their shitty toolbars.
>And I and others have explained how those involve unacceptable tradeoffs and run directly contrary to "give users back control over their machines" ethos, though not, of course, to your extremely limited version of the ethos.
It seems to me that further discussion is unnecessary considering you continue to ignore significant portions of my comments.
>Any such process would have to be difficult for external programs.
Why? If the user already has a malicious 'external application' running on their system with sufficient privileges to do any of this, then they're already screwed, and they have bigger problems to worry about than malicious WebExtensions.
More generally, I don't think we should hold applications responsible for the security or behaviour of parts of the software/hardware stack at equal or higher privilege level to them, including other applications. Mostly because, well, they can't do anything truly effective in that regard.
I see you're worried about average users unknowingly installing random malicious crap, and I've seen a lot of that myself. I think the way forward is pretty much what is being done on mobile platforms currently: universally applied application sandboxing, usage of existing fine-grained access control models (and also the development of ones that are saner to use), and better communication to the user about what their applications are doing and what the permissions they are requesting actually mean. Yes, it's still a clusterfuck, but it's an improvement.
A security model involving applications in an arms-war with one another, using increasingly byzantine restictions in an attempt to prevent external manipulation, feels less like something I would want any part of, and more like something out of a dystopian sci-fi novel.
: Although I think Google went too far on the "lock things down completely" side of things when they made it outright impossible to, say, use rsync to backup or sync the entire contents of a phone's sd card to/from the network
They could add a way to add signing keys to the stables. This gives you security updates and user freedom without significant downsides because the user would still be in charge of signing.
That would allow any third party software running on your computer to add malicious plugins to the browser (which has happened in the past and is in part why it requires Moz' signature now).
Most users, ie, the average user plus a significant amount, don't really care that they can't install random addons from outside the addon store.
The attack model is largely that fairly normal software wants to install adware on the computer. The software isn't direct malware but will attempt to install and activate addons, redirect the users homepage and search engine as well as setting various other options on the user behalf that are ultimatively harmful to the user experience in Firefox.
Mozilla wants their branded Firefox to be something the user can trust and that means controlling what code with elevated privileges (ie, Addons) can run in the browser.
edit: It should be mentioned that in response to the first question; Firefox performs some binary verification and won't run or attempt to repair if it detects tampering.
This threat model appears to optimized for the argument giving control to mozilla. It assumes that your system is essentially compromised but the attacker has just exactly so many self-imposed restraints that they can be thwarted just as long as things are under mozilla's control. But if you give the user control then suddenly the balance tips and their already-compromised system will be used for bad things.
It's a really long-winded way of saying "we know better, you cannot be trusted, freedom is slavery".
The correct solution is to remove malware, not to play games with it that require freedom-reducing gambits.
There is plenty of software that adheres to these constraints. Most adware doesn't want to actively damage the system and doesn't worm too far in. In the past, adware would simply drop it's toolbar payload into the Mozilla and Chrome addon directories, which would after confirming it with the user, activate. Same thing with homepage and search engine settings (which still get modified).
I think it's a bit unfair to quote Orwell when the overall goal is to prevent the user from hurting themselves, not brainwashing them into thinking they don't need unsigned addons. If they need those there is the developer edition, which is officially supported by mozilla and allows installing any addon you like.
The default installs that most users will see simply have a different default setting. If you don't like that you can choose another edition or compile Firefox yourself.
This was a change introduced in ~August 2016, to ignore your preferences on that setting.
(As you note in the sibling thread, you can get it in a special development version, but that still contradicts your claim that you can toggle something to allow it.)