-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PINNED] Firefox version is out of date (pre-URL change), and we know #349
Comments
Any future dups will be closed as dups against this one instead. |
For anyone looking for a workaround, if are logged in and go to twitter.com/?mx=1, it'll let you browse for a while under the twitter.com domain instead of x.com, which keeps the extension working. |
Thank you omg, maybe people won't make 20 dupes of the same issue |
Hi folks. I'm Simeon from the Mozilla Add-ons team. I'm visiting by way of this thread.
If you've been waiting a long time (multiple weeks), something unusual is likely happening. Maybe there was a miscommunication, maybe someone missed an update. Regardless, I think your best course of action is to reply to the relevant rejection email thread to bring it back to the reviewers' attention. |
Hm, that would probably be up to @kheina, although that may be changing depending on how discussion in #327 goes... |
Does the "wontfix" label mean that there won't be an updated version to firefox at all? or does it mean we're just waiting for firefox to approve the next version? |
I think @rougetimelord meant the latter, but let's wait for confirmation... |
Asking as an idiot, is there a technical limitation stopping the developers of Blue-Blocker from adding an XPI binary to the github releases for users to install into Firefox manually? I only ask because there are other similarly "blacklisted" addons (most notably bypass-paywalls-clean) that use this method to get around being unable to use the mozilla addon store anymore. |
Waiting for Mozilla AMO to do something, and also kind of at the end of my (personal) will to make changes at their whims... |
There isn't, we just haven't done that in the past. I can add uploading the zips to the release workflow pretty easily (edit: see #370) |
Is there any available versions we can load manually after 4.2? It's still working but I'm just curious. |
Thank you! I hope they approve the newest version soon, you have made more than enough changes because they asked for them |
Following up, the v0.4.12 release has built zips attached to it. All future releases should also have built zips. |
Popping back in 'cause users have posted about this on our Discourse server (this is just the most recent). @kheina, I didn't go into detail about the policy issues last time I commented for privacy reasons, but I can answer questions or provide guidance if you tag me in a question here. Alternatively, if you send an email to my first initial + last name @mozilla.com from the email address used to publish the extension on AMO, I'll take that as permission to share the reviewer's comments here.
Sorry, @rougetimelord. I know it's hard to get clarification form reviewers, and even if you can they're not really in a position to provide guidance on how fix policy issues. That's where I come in. Let me know if you have any questions :) |
Just a heads up that Dani has been MIA for a few months, I'm currently trying to get in touch with her so I can get added on as an author on AMO but for right now, none of the active maintainers have access to the AMO listing.
I'm confused here, the last review notes I saw was a failure to build from the source code because the host used to test that didn't have jq installed. We have since documented that jq must be installed to build the extension in the instructions, which was listed as a possible resolution, and we have taken steps to guarantee that jq is installed. |
@rougetimelord you've already been added~ |
Oop, it's not showing up on my end :( |
email sent. |
I'm currently in the hospital (and previously was preparing for being in the hospital) so apologies for being MIA. I've done my best to allow everyone here to keep things updated and running without me |
Thank you so much! Hope you're doing well/heal well 💖 |
@kheina we've only just met, but I hope you have a swift recovery! The most recent review action I see was on Nov. 1, 2024, 11:54 AM (UTC I think?) on version 0.4.11.
There are two issues identified here:
The first one comes from the "User Consent and Control" section of the Add-ons Policies. The concern here is that sensitive user data being transmitted without the user's express consent puts them at risk of data collection, fingerprinting, de-anonymization, etc. It looks like the reviewer was concerned with the My first question here would be "is it strictly necessary to pass the URL to OldTwitter?" If so, then I'm afraid the Add-ons Policies require that you disclose the fact that you "collect" this data in a data collection consent screen right after installation. The privacy policy should also disclose who the data is shared with. |
I personally hate when extensions create new tabs on install (especially when we clearly explain how we collect data on the store page). but, regarding old Twitter, is it possible to send the data via the addon api somehow (send message or storage listeners) to avoid it being "public" and accessible to other add-ons? |
Just checking whether this is the reviewers notes or your own? It would be really nice to have more specific notes from the reviewers directly in the future, would be great if you passed that along to folks at AMO.
I'm really confused with this one, the code location mentioned: Blue-Blocker/src/content/index.ts Lines 128 to 149 in 0e604e5
Is an event listener that picks up on events emitted by OldTwitter and translates them into our extensions events... OldTwitter is passing the URL to Blue Blocker. Is the problem in Additionally our privacy policy explicitly lays out that the extension will share data with extensions that the user opts into integrating Blue Blocker with. So I'm also lost on what exactly y'all want changed here. See: Lines 46 to 50 in 0e604e5
|
I see that there's |
#375 should be good to merge now. |
Checking back in over here. Whew, buys couple of days. Sorry for the delay.
Fair feedback on new tabs being annoying. For the moment we don't have a better way to get this kind of explicit consent from the user, but hopefully we can improve things at the platform level in the future. Unfortunately I don't think 1:1 communication with Old Twitter would address the concern. The core issue is the extension is externalizing data that it accesses. The specific method of externalization isn't as concerning.
Sorry for the ambiguity. The quote I included at the top of my reply was the the message from the reviewer. They identified two files and lines of concern: src/content/index.ts line 130 and src/injected/inject.ts line 36. I tried to map their comments to the concerning blocks of code directly in this repo. I appreciate the feedback on initial comms not being helpful enough.
If I'm reading the source correctly (and I may not be), the block I highlighted in
Yep, I think that's definitely an issue. It looks like While Firefox's Xray Vision may provide you with another way of communicating between a script injected into a page context and a content script, I'm not sure doing so will address the concerns identified by the reviewer. The simple problem is that even if the content script exported a function that the page script use to pass data back to the extension, an adversarial page may shim that function to access sensitive data. And, as @rougetimelord mentioned, this isn't available across browsers. In the WECG we're currently discussing some new APIs that would enable secure communication between extension scripts that span words (#678, #679), but no browsers implement them yet. I'll try to get some clarification here.
Hm. The most common issue I see with privacy policies is that the extension author hosts the policy on their own website rather than on AMO, but I can see that the policy is on AMO: https://addons.mozilla.org/en-US/firefox/addon/blue-blocker/privacy/. I think the mention of the mention of the privacy policy in the reviewer's message is just part of the message template rather than a specific comment about your current privacy policy.
I'll take a look and share feedback in another comment. |
I believe that if reviewers agree with you on this, we can no longer support Firefox. Could you ask around on your end and see if that's the case?
I know you're not the AMO support helpline, but as an extension author the way that every reply is a template that does not give clear feedback is super frustrating and unhelpful. I don't like having policies re-explained to me, but I would like to know how I need to fix the extension. If we're going to get manual reviews I would prefer if it felt like a human read my code. |
I have the sneaking suspicion that Firefox will resolve their complaints about this extension just in time for every person who wants to run BlueBlocker on Firefox to have moved onto Bluesky et al. |
v0.4.13 has been accepted by AMO, and is currently listed!! 🥳 🍾 |
I keep forgetting which discussions to refer people to when closing duplicate issues about the Firefox version being broken due to the change in URLs from Twitter to X, so I'm pinning this issue as a reminder: see discussion in #294, #321 and #327.
There is not a whole lot that we can do to get the Firefox version updated from our end, we have tried to implement all of their requested changes and are currently still waiting to hear back from them. If you want to talk to people who actually have power over this, use Mozilla's forum. ~@rougetimelord
The text was updated successfully, but these errors were encountered: