Opened 3 months ago

Last modified 3 months ago

#31582 new enhancement

Consider disabling AMO search field in add-ons dialog

Reported by: JeremyRand Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


The Tor developers advise against installing extensions from AMO, due to potential anonymity risks. Unfortunately, end users don't always listen to this advice. It might be a good idea for Tor Browser to consider disabling the AMO search field in the add-ons dialog, which would make it somewhat less easy for users to shoot themselves in the foot. This behavior could be controlled by an about:config pref, so that the few users who actually need to install AMO add-ons can still get the old behavior back. (Making it controlled by a pref would also make it possible to upstream the patch to Firefox.)

A side benefit of this change (not related to anonymity) is that Tor Browser's status in terms of the GNU FSDG is borderline, because AMO contains non-free add-ons. Removing the AMO search field by default would make Tor Browser compliant with the GNU FSDG, which would enable FSF-endorsed distros to distribute Tor Browser.

Because of the relevance to GNU FSDG, GNU IceCat actually already carries a patch for this. See . This might be a good starting point for a proper patch that is controlled by a pref and would therefore be upstreamable to Firefox (thus benefiting both Tor Browser and GNU IceCat).

Child Tickets

Change History (3)

comment:1 Changed 3 months ago by cypherpunks

I believe this has already been proposed in another ticket, though I can't find it now.

comment:2 in reply to:  1 Changed 3 months ago by gk

Replying to cypherpunks:

I believe this has already been proposed in another ticket, though I can't find it now.

I was under the same impression but could not find it either. I am not sure about disabling the field yet. I wonder whether we should instead try the warning approach (#30032).

Last edited 3 months ago by gk (previous) (diff)

comment:3 Changed 3 months ago by cypherpunks

BTW don't forget #19508 ;)

Note: See TracTickets for help on using tickets.