Firefox angers users with alarming Mr Robot plugin

The opt-out extension led many users to believe they had been hacked

Firefox has faced backlash over its handling of a Mr Robot-themed plugin that was automatically installed on its browser over the weekend, causing concern among some users that they were being spied on by hackers.

Reddit users reported over the weekend that a mysterious extension called "Looking Glass" had been installed on their browsers without their permission, which added text to certain websites, including phrases such as "My Reality is Different Than Yours".

Unsurprisingly, this alarmed many users who suspected the extension was some type of malicious code, particularly as they were given no indication that it had been installed, nor any information as to its function.

"I just opened my add-ons tab and found an extension called "Looking Glass"," said one Reddit user. "I have no idea what it is or where it came from. I freaked out bit and uninstalled it immediately." [sic]

However, according to Firefox, the "Looking Glass" plugin was actually a collaborative effort with the team behind the Mr Robot TV series, designed as a "shared experience to further your immersion into the Mr Robot universe".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The Mr. Robot series centres around the theme of online privacy and security," the company added, in a statement explaining the extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

The plugin only appeared for users who had allowed Firefox to install Shield Studies, Mozilla's preferred method for testing new features ahead of a full release. Once installed, the plugin would tweak websites, such as the placement of obscure messages, to act as clues for people playing a Mr Robot-themed puzzle game.

Unfortunately, the plugin hasn't had the desired effect across the board, with some users claiming it's an example of a company abusing its position.

"In the past I was fine with Mozilla's approach to telemetry and studies, making my browser available for occasional testing/experimenting/data collection to track down bugs or measure improvements or whatever is fine," said another Reddit user.

"This is not doing any of those things. This is an advertisement. This is an abuse of the telemetry and shield studies program. If I cannot trust Mozilla to use these tools responsibly I will have to disable them and recommend my friends and coworkers do the same."

Advertisement - Article continues below

The mysterious plugin also seems to have also taken some of Mozilla's employees by surprise, as software Dan Callahan tweeted that the "Looking Glass" plugin is a "fantastic" idea, "so long as it's opt-in".

Firefox has said the extension will now be moved to its add-on store in an effort to make it clear exactly what it does, and will no longer automatically download to browsers.

Jascha Kaykas-Wolff, Mozilla's chief marketing officer, said in a statement to Gizmodo: "Real engagement also means listening to feedback. And so while the web extension/add-on that was sent out to Firefox users never collected any data, and had to be explicitly enabled by users playing the game before it would affect any web content, we heard from some of our users that the experience we created caused confusion."

"As a result we will be moving the Looking Glass add-on to our add-on store within the next 24 hours so Mr Robot fans can continue to solve the puzzle and the source can be viewed in a public repository."

Javvad Malik, security advocate at AlienValut, said that "forcefully installing ads, or enabling plugins is a big no-no" for companies like Mozilla. "While advertising is a given in today's day and age, when it comes to the authority or actions of software, ultimately the user should be able to decide."

Photo by JeanLuz / CC BY 2.0

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/28014/how-to-enable-private-browsing
web browser

How to enable private browsing on any browser

25 Jun 2019
Visit/web-browsers/24796/which-is-the-best-browser-chrome-vs-firefox-vs-microsoft-edge
web browser

Google Chrome vs Firefox vs Microsoft Edge

30 Apr 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020