Firefox angers users with alarming Mr Robot plugin

The opt-out extension led many users to believe they had been hacked

Firefox has faced backlash over its handling of a Mr Robot-themed plugin that was automatically installed on its browser over the weekend, causing concern among some users that they were being spied on by hackers.

Reddit users reported over the weekend that a mysterious extension called "Looking Glass" had been installed on their browsers without their permission, which added text to certain websites, including phrases such as "My Reality is Different Than Yours".

Unsurprisingly, this alarmed many users who suspected the extension was some type of malicious code, particularly as they were given no indication that it had been installed, nor any information as to its function.

"I just opened my add-ons tab and found an extension called "Looking Glass"," said one Reddit user. "I have no idea what it is or where it came from. I freaked out bit and uninstalled it immediately." [sic]

However, according to Firefox, the "Looking Glass" plugin was actually a collaborative effort with the team behind the Mr Robot TV series, designed as a "shared experience to further your immersion into the Mr Robot universe".

"The Mr. Robot series centres around the theme of online privacy and security," the company added, in a statement explaining the extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

The plugin only appeared for users who had allowed Firefox to install Shield Studies, Mozilla's preferred method for testing new features ahead of a full release. Once installed, the plugin would tweak websites, such as the placement of obscure messages, to act as clues for people playing a Mr Robot-themed puzzle game.

Unfortunately, the plugin hasn't had the desired effect across the board, with some users claiming it's an example of a company abusing its position.

"In the past I was fine with Mozilla's approach to telemetry and studies, making my browser available for occasional testing/experimenting/data collection to track down bugs or measure improvements or whatever is fine," said another Reddit user.

"This is not doing any of those things. This is an advertisement. This is an abuse of the telemetry and shield studies program. If I cannot trust Mozilla to use these tools responsibly I will have to disable them and recommend my friends and coworkers do the same."

The mysterious plugin also seems to have also taken some of Mozilla's employees by surprise, as software Dan Callahan tweeted that the "Looking Glass" plugin is a "fantastic" idea, "so long as it's opt-in".

Firefox has said the extension will now be moved to its add-on store in an effort to make it clear exactly what it does, and will no longer automatically download to browsers.

Jascha Kaykas-Wolff, Mozilla's chief marketing officer, said in a statement to Gizmodo: "Real engagement also means listening to feedback. And so while the web extension/add-on that was sent out to Firefox users never collected any data, and had to be explicitly enabled by users playing the game before it would affect any web content, we heard from some of our users that the experience we created caused confusion."

"As a result we will be moving the Looking Glass add-on to our add-on store within the next 24 hours so Mr Robot fans can continue to solve the puzzle and the source can be viewed in a public repository."

Javvad Malik, security advocate at AlienValut, said that "forcefully installing ads, or enabling plugins is a big no-no" for companies like Mozilla. "While advertising is a given in today's day and age, when it comes to the authority or actions of software, ultimately the user should be able to decide."

Photo by JeanLuz / CC BY 2.0

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

25 Nov 2020
What is phishing?
phishing

What is phishing?

25 Nov 2020
NCSC urges firms to patch against MobileIron vulnerability
Security

NCSC urges firms to patch against MobileIron vulnerability

25 Nov 2020
2FA bypass flaw on cPanel threatens the security of 70 million domains
Security

2FA bypass flaw on cPanel threatens the security of 70 million domains

25 Nov 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Tech becomes Bristol's fastest growing industry
Business strategy

Tech becomes Bristol's fastest growing industry

24 Nov 2020