Response by Dave G
Developer response
posted 6 years agoThis is patently nonsense. If Mozilla's permissions system scares you, please do some research about it before ranting. The "new" permission was added for a "new" feature finally added to newer versions of Firefox to replace an old one that Flagfox previously used for TEN YEARS. Yes, it's astonishingly stupid that Mozilla's addon upgrade GUI handles permissions so poorly, but I have no control over this.
A detailed explanation of each WebExtension permission Flagfox uses is here:
https://flagfox.wordpress.com/faq/#permissions
Some quick notes for the TL;DR people who won't read that, though:
1) Being paranoid about allowing copy/paste is a new one for me, especially given Flagfox having features that explicitly are labeled with "copy" and "paste" that use it.
2) "Your IP address and hostname" is wrong; the permissions it wants are for the IP/host of the sites you visit for Flagfox to look up. Yes, it seems that Mozilla worded its permissions very badly. (for this specific permission, it really means DNS, and Flagfox only uses it in its offline mode, currently)
3) IPs/hosts are not only for "surveillance/tracking"; that's ridiculous. IPs are encoded location information and Flagfox is an addon to look up locations. This shouldn't be complicated to understand as long as you don't short-circuit your understanding of words once you hit one that is sometimes uses in a scary situation.
4) "all the data on all the Web pages you browse": Flagfox needs access to various things for different features, but yes, technically not "all". There is no way provided by Mozilla to restrict it more, and certainly not without making a mess of new confusing permissions that nobody would be able to reasonably sort through. (especially given how Firefox seems to break upgrades with new permissions)
5) MOZILLA STILL HAS AN ADDON REVIEW PROCESS THAT REQUIRES ALL ADDONS TO FOLLOW MOZILLA POLICY. All updates go through both an automated and human check before being allowed public. If Flagfox was really doing whatever nefarious thing you can't articulate, it'd be kicked off of this site and potentially banned from Firefox.
A detailed explanation of each WebExtension permission Flagfox uses is here:
https://flagfox.wordpress.com/faq/#permissions
Some quick notes for the TL;DR people who won't read that, though:
1) Being paranoid about allowing copy/paste is a new one for me, especially given Flagfox having features that explicitly are labeled with "copy" and "paste" that use it.
2) "Your IP address and hostname" is wrong; the permissions it wants are for the IP/host of the sites you visit for Flagfox to look up. Yes, it seems that Mozilla worded its permissions very badly. (for this specific permission, it really means DNS, and Flagfox only uses it in its offline mode, currently)
3) IPs/hosts are not only for "surveillance/tracking"; that's ridiculous. IPs are encoded location information and Flagfox is an addon to look up locations. This shouldn't be complicated to understand as long as you don't short-circuit your understanding of words once you hit one that is sometimes uses in a scary situation.
4) "all the data on all the Web pages you browse": Flagfox needs access to various things for different features, but yes, technically not "all". There is no way provided by Mozilla to restrict it more, and certainly not without making a mess of new confusing permissions that nobody would be able to reasonably sort through. (especially given how Firefox seems to break upgrades with new permissions)
5) MOZILLA STILL HAS AN ADDON REVIEW PROCESS THAT REQUIRES ALL ADDONS TO FOLLOW MOZILLA POLICY. All updates go through both an automated and human check before being allowed public. If Flagfox was really doing whatever nefarious thing you can't articulate, it'd be kicked off of this site and potentially banned from Firefox.