Top 4th of July Sales Best 4K Projectors 7 Early Prime Day Deals Wi-Fi Range Extenders My Favorite Summer Gadgets Cheap Car Insurance Target's 4th of July Sale Best Running Earbuds, Headphones

Mozilla backpedals after 'Mr. Robot'-Firefox misstep

The privacy-promoting nonprofit says mea culpa after distributing an extension to its Firefox browser that made people worry they'd been hacked.

It sounded like a good idea at Mozilla -- promote computer security and privacy awareness using a tie-in with an online game from the popular "Mr. Robot" hacker TV series. But almost immediately, the plan started backfiring.

On Wednesday, Firefox users started complaining that a cryptic extension had been installed in their browser with no explicit permission or explanation of what it does -- only a description that read "MY REALITY IS DIFFERENT THAN YOURS." People ripped into Mozilla in a Reddit discussion after one Firefox user fretted, "I have no idea what it is or where it came from. I freaked out a bit and uninstalled it immediately."

Mark 57, a Firefox-themed takeoff on an Iron Man suit, served as Mozilla's Quantum mascot.

Mark 57, a Firefox-themed takeoff on an Iron Man suit, served as Mozilla's Quantum mascot.


Mozilla had installed the Looking Glass extension remotely on their machines this week through a partnership with "Mr. Robot," but it stopped doing so when people started giving them an earful, the nonprofit organization said.

"Suffice to say, we've learned a good deal in the last 24 hours ... Although we always have the best intentions, not everything that we try works as we want," said Jascha Kaykas-Wolff, Mozilla's chief marketing officer. "Within hours of receiving feedback," Mozilla moved Looking Glass to its Firefox add-on store, where people will be able to get it if they want it as it becomes available this weekend.

The issue shows just how much control outside organizations have over our computing hardware and software -- even well-meaning organizations devoted to online privacy and to making us all "empowered, safe and independent."

"Mozilla should have known better," said computer security and privacy researcher Bruce Schneier.

Like Apple's U2 moment

Schneier likened the situation to Apple sending iPhone users U2 music even if they hadn't asked for it and Amazon remotely removing a copy of George Orwell's "1984" from people's Kindle e-book readers. "These companies have control, and you don't," Schneier said. "They can do things against your interest all the time."

To check to see if you got the extension, type "about:addons" into Firefox's address bar; then click "extensions" on the left side of the page. If "Looking Glass" is there, you can click the "remove" button.

The faux pas comes at a bad time. With its new Quantum version of Firefox years in the making and released a month ago, Mozilla is trying to win back users from Chrome with faster performance and software that's designed to benefit you, not a powerful corporation. It's also jabbing Google with an ad campaign that says, "Big browser is watching you."

Mozilla is trying to get people to use Firefox to protect their privacy, taking a potshot at Google Chrome in this ad on Facebook.

Mozilla is trying to get people to use Firefox to protect their privacy, taking a potshot at Google Chrome in this ad on Facebook.

Screenshot by Stephen Shankland/CNET

But the "Mr. Robot" extension damaged trust for some. "I switched back to Mozilla about a month ago when Quantum came out, and this is just frustrating," said one Redditor. "Are you guys trying to make me switch back to Chrome?" asked another. "Right as they pulled me in with that 'we respect your privacy' sweet talk," complained a third.

Remote installation

To install the extension, Mozilla had used a tool that lets it test Firefox features. Several on the Reddit discussion said they're disabling that ability, another sign of damaged trust.

"In the past I was fine with Mozilla's approach to telemetry and studies, making my browser available for occasional testing/experimenting/data collection to track down bugs or measure improvements or whatever is fine," a Redditor said. "This is not doing any of those things. This is an advertisement. This is an abuse of the telemetry and shield studies program. If I cannot trust Mozilla to use these tools responsibly I will have to disable them and recommend my friends and co-workers do the same."

Mozilla distributed the extension only to people in the United States, the organization said, adding that it checked the extension to make sure it didn't collect any user data.

Mozilla wasn't paid for the "Mr. Robot" tie-in, Kaykas-Wolff said. "We've enjoyed a growing partnership with the show and the show's audience," he said.

The extension was part of a "Mr. Robot" alternate-reality game that offers players clues and puzzles. "We've found the audience of the show and our users have many points of alignment. This was not a paid promotion but rather a collaboration that was intended to be fun."

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Special Reports: CNET's in-depth features in one place.