Page MenuHomePureOS Tracker

"Recommended Extensions" feature in Purebrowser allows unvetted 3rd party software source
Closed, ResolvedPublic


This "feature", "Recommended Extensions" of course comes from Mozilla.

What is happening

In the about:addons page of Purebrowser in the Extensions tab, there is a section at the end of the page called: "Recommended Extensions", and lists extensions recommended according to the description that:

"Some of these recommendations are personalized. They are based on other extensions you’ve installed, profile preferences, and usage statistics."

If you try to install one of these recommended extensions it will be installed.

Since some of these extensions are not packaged as *.deb packages, and they can be installed this leads to several assumptions:

  • They came from
  • This system/feature bypasses the modifications we included in Purebrowser to disable as a software source. To confirm this i tested this in a image of Purebrowser in a VM with no modifications (no firefox compatibility or anything like that).

In essence (involuntarily) we have a third party software source enabled in Purebrowser.

Another implication from the description of this feature is that there is some telemetry involved in order to: "recommend the addons", and it is not compleatly clear every ways this is done.

Here is a screenshot of the page with this "Feature":

And a video demonstration of installing an addon of mozilla addons via this way:

And a screenshot of me attemting to search a addon in about:addons page in the "normal way", not in the recommended extension section, to confirm that our standard block of addons from mozilla was still in place:

Meaning that while our block is in place this recommended addons feature bypasses it.

Suggestions: remove/block this recommended addons feature.

I would categorize this as a Freedom Issue, in the sense that this enables in Purebrowser a third party software source we do not control and that most likely does not comply with FSDG.

Event Timeline

@jonas.smedegaard can i ask you to have a quick look in this issue description to see if this is worth investigating or if i am being silly

Which version of PureBrowser is this? See also T823

Which version of PureBrowser is this?


Yes it is: PureBrowser 68.0.2esr

I imagine that this can be referenced in T823 as information/argument for a political decision on the greater issue that is how to handle purebrowser

jonas.smedegaard triaged this task as High priority.Sep 18 2019, 07:51

Thanks for reporting this.

I expect this to be implicitly addressed soon through T823 on the short term - and then eventually reappear...

...actually: @joao.azevedo please try update your system and tell me if this is still an issue on PureOS amber as of today?

joao.azevedo added a comment.EditedSep 18 2019, 08:11

@jonas.smedegaard did a

sudo apt update and sudo apt upgrade it had an update of Purebrowser.

"New" version is: Purism PureBrowser 60.9.0

Problem no longer exists...

Magicall rollback

This was the Purebrowser upgrade:

purebrowser/amber 68.1.0esr+really60.9.0esr-1~deb10u1pureos1 amd64 [upgradable from: 68.0.2esr-1pureos3]

jonas.smedegaard closed this task as Resolved.Sep 18 2019, 08:20
jonas.smedegaard claimed this task.

Thanks a ot for confirming!