• apis@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    Am tired, but bit confused at sequence of events.

    Did Russia ban Mozilla from offering specific extensions, whereupon Mozilla removed for Russian users the banned extensions?

    Or…

    Did Russia ban Mozilla from offering some undefined type of extension, whereupon Mozilla removed for Russian users any which seemed to fall under the ban under an abundance of caution until they could assess each & reinstate those which did not fit the ban?

    Or, more worryingly, but maybe implied by the supposed temporary intent of the ban…

    Did Russia ban Mozilla from offering specific extensions, whereupon Mozilla temporarily removed for Russian users the extensions in order to give Russia the ability to track or otherwise meddle with Russian users of those extensions… or to enable Russia to interfere with the extensions’ code for their own ends?

    I feel I can make a reasonable guess, but there’s a fairly big safety issue here depending on what happened.

    Anyone dissenting within an authoritarian regime knows to exercise extreme caution, but always good to put out reminders to have multiple layers of protection, so if one fails you are still ok.

    • SpaceCowboy@lemmy.ca
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      6 months ago

      From the article:

      The browser extensions, which are hosted on the Mozilla store, were made unavailable in the Land of Putin on or around June 8 after a request by the Russian government and its internet censorship agency, Roskomnadzor.

      or to enable Russia to interfere with the extensions’ code for their own ends?

      Well for the extensions that are open source it is possible for Russia to meddle with the code, but they’d have to get past code review. But this is concern for anything open source not just Mozilla stuff. It’s rare that something gets bad gets into an open source project, but it did happen a few months ago with ssh. Didn’t get past testing and required someone to work on open source projects for years before they got a level of trust to get something pulled into main source tree. So it’s basically the equivalent of getting a job at a company for years just to put malware into some proprietary software. Which could also happen, but if there’s a good code review process it shouldn’t happen.

      Excepting those kind of weird scenarios, unless they’re extensions made by a Russian company that Moscow control over, then no, the extensions wouldn’t have been fiddled with by the Russian government. And if they were extensions the Russian government had the ability to change, they wouldn’t be trying to ban them.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        I highly doubt that a browser extension is going to allow a bad commit. It seems like that would be way more obvious as it is at a much higher level. (No C)