This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Are there privacy issues to be concerned about with Add Ons seen in the permissions button?

more options

Before downloading an add on there is a 'permissions' button that says you agree to 'Legacy technology' having access to all browser functions and data without my permission.

Before downloading an add on there is a 'permissions' button that says you agree to 'Legacy technology' having access to all browser functions and data without my permission.

Valgt løsning

Of course you should be careful when installing add-ons and check their described functionality and reviews, just as when you install other kinds of software. This is true of both Legacy extensions and Firefox 57-compatible extensions.

In addition to new extensions with no reviews yet, some extensions have loads of fake-looking reviews. I don't install those.

Les dette svaret i sammenhengen 👍 1

All Replies (14)

more options

Not to worry, the Legacy extensions will be a thing of the past once Firefox 57 is released.

more options

Valgt løsning

Of course you should be careful when installing add-ons and check their described functionality and reviews, just as when you install other kinds of software. This is true of both Legacy extensions and Firefox 57-compatible extensions.

In addition to new extensions with no reviews yet, some extensions have loads of fake-looking reviews. I don't install those.

more options

One would think that Firefox would review add-ons and extensions for security assurance, however, it seems Firefox actually is warning users that with convenience comes loss of privacy. Thanks for the info.

more options

Extensions are reviewed, but the process allows some practices with full disclosure. For example, you can have ads in an extension if it is disclosed in the description. So you do need to read up on each one as you consider them.

more options

Why would an extension/add on MODIFY your browser history?? What kind of MODIFICATION are we talking about here?- adding to, deletions, WHAT?? dark sided.

more options

Barcarolle said

Why would an extension/add on MODIFY your browser history?? What kind of MODIFICATION are we talking about here?- adding to, deletions, WHAT?? dark sided.

According to the documentation, the history permission is needed to allow an add-on to view, add, and remove history entries. What extension wants to do that?

https://developer.mozilla.org/Add-ons/WebExtensions/API/history

That said, it might only be a subset of the permission to read and modify data on all websites. Where is the documentation on all this?

more options

What do you mean "where is the documentation on all of this?"?? Most of the add ons have permissions to : read, remove, (add??), modify browser history; read and modify DATA on websites ....My question is WHY does an app/add on/extension have to MODIFY browser history, and access all data in order to function as an app/extension- when in the previous firefox versions, you could download an extension WITHOUT them having to have any permissions.. All YOU have to do is go to the Add on/ get add ons page and download any app like download videos and read the list of permissions for yourself.

more options

Barcarolle said

My question is WHY does an app/add on/extension have to MODIFY browser history, and access all data in order to function as an app/extension- when in the previous firefox versions, you could download an extension WITHOUT them having to have any permissions..

Legacy extensions had 100% permissions. They could read and write anywhere on your computer! New extensions are more restricted and need to declare themselves. So now you see the ugly truth that was hidden from you before.

Anyway: Downloads are stored in history, so if the extension makes lists of your past downloads, that's probably the reason for the permission.

more options

Legacy extensions had 100% permissions?? From Mozilla/Firefox, but not from the end user! The ugly truth that was hidden ... That an app/extension could read/write ANYWHERE on a PC without the end user's knowledge...that's evil. Now that I know the ugly truth, it makes me see Mozilla/Firefox in a whole new light. Is Firefox just another Inet Explorer? (that was rhetorical)

more options

Barcarolle said

Legacy extensions had 100% permissions?? From Mozilla/Firefox, but not from the end user! The ugly truth that was hidden ... That an app/extension could read/write ANYWHERE on a PC without the end user's knowledge...that's evil. Now that I know the ugly truth, it makes me see Mozilla/Firefox in a whole new light. Is Firefox just another Inet Explorer? (that was rhetorical)

Well, it was never as dangerous as ActiveX...

You always have to be careful when you install any kind of software or script. Firefox's add-on system was slammed by security experts over the years for being too permissive. Mozilla always reviewed extensions to try to keep the bad ones out. A while back, extensions were barred from including compiled components that the Add-ons team couldn't inspect (that's why the Norton password vault was gone for a year). Now there are more drastic restrictions, and more notifications.

But security experts also debate whether it's worth showing users permission dialogs because we can't always understand what they mean and seeing them over and over numbs us. How many times do you even finish reading this phrase before clicking: "Click here to acknowledge you read and understood this phone book length agreement"?

The more you think about it, the worse it is. So let's talk about something else now.

more options

I know you'll think I'm flogging a dead horse, but my question wasn't really answered: WHY would an extension have to MODIFY Browser history in order for it to function. It can read data, but WHY must it also WRITE? And if it can read anything/data on your PC, what's to keep it HONEST? Instead of reviewing all extensions before offering them, you could write parameters of allowable 'behavior' of the apps, and filter all apps/extensions within these parameters. Any app/extension that would require EXTRA permissions would have to give detailed app function, and meet some (ethical?) standard. Of course, Mozilla/Firefox seems to have the end users (internet) interests at heart..I've been using Firefox since 2005, and prefer it to IE and Chrome.

more options

Barcarolle said

I know you'll think I'm flogging a dead horse, but my question wasn't really answered: WHY would an extension have to MODIFY Browser history in order for it to function. It can read data, but WHY must it also WRITE?

I don't know, it's part of a cross-browser standardization push. Maybe that kind of distinction could be added.

more options

The bottom line is, if you download a Firefox add-on and it warns you that if you agree to download the app you give them permission to access all data for all websites, and access browser activity during navigation, you can bet your privacy is gone and off to third party advertisers and /or Mozilla user reports in exchange for online convenience.

more options

I think a lot of extension developers have no interest in exfiltrating your data. You need to review them on a case-by-case basis.