Firefox angers users with alarming Mr Robot plugin

The opt-out extension led many users to believe they had been hacked

Firefox has faced backlash over its handling of a Mr Robot-themed plugin that was automatically installed on its browser over the weekend, causing concern among some users that they were being spied on by hackers.

Reddit users reported over the weekend that a mysterious extension called "Looking Glass" had been installed on their browsers without their permission, which added text to certain websites, including phrases such as "My Reality is Different Than Yours".

Unsurprisingly, this alarmed many users who suspected the extension was some type of malicious code, particularly as they were given no indication that it had been installed, nor any information as to its function.

"I just opened my add-ons tab and found an extension called "Looking Glass"," said one Reddit user. "I have no idea what it is or where it came from. I freaked out bit and uninstalled it immediately." [sic]

However, according to Firefox, the "Looking Glass" plugin was actually a collaborative effort with the team behind the Mr Robot TV series, designed as a "shared experience to further your immersion into the Mr Robot universe".

Advertisement
Advertisement - Article continues below

"The Mr. Robot series centres around the theme of online privacy and security," the company added, in a statement explaining the extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

The plugin only appeared for users who had allowed Firefox to install Shield Studies, Mozilla's preferred method for testing new features ahead of a full release. Once installed, the plugin would tweak websites, such as the placement of obscure messages, to act as clues for people playing a Mr Robot-themed puzzle game.

Unfortunately, the plugin hasn't had the desired effect across the board, with some users claiming it's an example of a company abusing its position.

"In the past I was fine with Mozilla's approach to telemetry and studies, making my browser available for occasional testing/experimenting/data collection to track down bugs or measure improvements or whatever is fine," said another Reddit user.

"This is not doing any of those things. This is an advertisement. This is an abuse of the telemetry and shield studies program. If I cannot trust Mozilla to use these tools responsibly I will have to disable them and recommend my friends and coworkers do the same."

The mysterious plugin also seems to have also taken some of Mozilla's employees by surprise, as software Dan Callahan tweeted that the "Looking Glass" plugin is a "fantastic" idea, "so long as it's opt-in".

Firefox has said the extension will now be moved to its add-on store in an effort to make it clear exactly what it does, and will no longer automatically download to browsers.

Jascha Kaykas-Wolff, Mozilla's chief marketing officer, said in a statement to Gizmodo: "Real engagement also means listening to feedback. And so while the web extension/add-on that was sent out to Firefox users never collected any data, and had to be explicitly enabled by users playing the game before it would affect any web content, we heard from some of our users that the experience we created caused confusion."

"As a result we will be moving the Looking Glass add-on to our add-on store within the next 24 hours so Mr Robot fans can continue to solve the puzzle and the source can be viewed in a public repository."

Javvad Malik, security advocate at AlienValut, said that "forcefully installing ads, or enabling plugins is a big no-no" for companies like Mozilla. "While advertising is a given in today's day and age, when it comes to the authority or actions of software, ultimately the user should be able to decide."

Advertisement
Advertisement - Article continues below

Photo by JeanLuz / CC BY 2.0

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/28014/how-to-enable-private-browsing
web browser

How to enable private browsing on any browser

25 Jun 2019
Visit/web-browsers/24796/which-is-the-best-browser-chrome-vs-firefox-vs-microsoft-edge
web browser

Google Chrome vs Firefox vs Microsoft Edge

30 Apr 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019