Mozilla has published initial details of what went wrong over the week-end when all add-ons were disabled due to the expiry of a certificate and what they did to quickly rectify the problem.

hacks.mozilla.org/2019/05/tech

Discussion on Hacker News [ hacks.mozilla.org/2019/05/tech ]

Follow

Nice touch. Mozilla has also deleted Telemetry data for that period as some users had to enable Telemetry to get the hot-fix.

"In order to respect our users’ potential intentions as much as possible, based on our current set up, we will be deleting all of our source Telemetry and Studies data for our entire user population collected between 2019-05-04T11:00:00Z and 2019-05-11T11:00:00Z."

blog.mozilla.org/blog/2019/05/

@sohkamyung Surely a nice touch would be not building such telemetry and invasive features to begin with. And not taking hundreds of millions of dollars every year from Google and not being entirely funded by surveillance capitalists.

@aral @sohkamyung I don't really understand how an opt-in feature can be considered invasive.

@jkb @sohkamyung Can you point me to where it states that telemetry and studies are opt-in? In my experience, they are enabled by default and you have to opt-out. There are some opt-in studies but the feature itself afaik is opt-out. Happy to be proven wrong if something has changed or if I missed something.

@aral @sohkamyung Indeed I was mislead into thinking it was an opt-in feature by the report saying that some users had to enable it. You are right, telemetry is enabled by default: mozilla.org/en-US/privacy/fire

@sohkamyung @phoe I still would like them to just post fix so anybody can download it/verify and install themselves than just "you need to enable studies/telemetry/whatever to get the fix, but we'll be nice and delete the data". If I can' trust them to handle certificate with fixed expiration date for the second time in a row, I don't really trust them with anything anymore.

@sirmacik @phoe They have also released an updated version of Firefox (a point release).

Some details on that in this companion post about the technical aspects of the outage

hacks.mozilla.org/2019/05/tech

@sohkamyung @phoe I know there are at least few users for which new release haven't fixed anything. There are still issues with containers. What's so technical about "we forgot to renew the dam certificate for the second time"...

@sirmacik
Wasn't it the cert owned by the company that signs mozilla's certs that expired, the intermediary cert?
@sohkamyung @phoe

@sohkamyung Perhaps this is the point at which some enquiring journalist picks up on the difference between the public image of Mozilla and the telemetry stuff they do.
@bob @sohkamyung A considerable amount of Mozilla's PR budget goes towards suppressing stories about the telemetry and downplaying said, so I wouldn't hold your breath.
@maiyannah @bob @sohkamyung and paying Twitch streamers pretend money for even mentioning Firefox, which I wouldn't have believed it I didn't sit there and watch it happen.
@maiyannah @sohkamyung I don't know if that's true, but I have experienced some flak from them for mentioning the telemetry problem.
@bob @sohkamyung They really don't want things like Normandy becoming a major story, and it hasn't now, has it?
Sign in to participate in the conversation
Mastodon

mstdn.io is one of the instance in the fediverse. We're an open-minded generalistic instance. Learn more here!