- by nttsound, 10 months agoRated 1 out of 5Everything was fine until we read that message today. I concur to the other reviews.
To the developer and who ever may agree with their rant:
You have zero understanding of security unfortunately. Forcing 2FA is not meant to force *YOU* into being more secure. It is in order to guarantee the safety of your *USERS* and by proxy Firefox's users. If your account gets hijacked, your addon can be used to hijack user's browsers.
2FA makes sure that YOU are the only one updating an addon. And also it removes any "plausible deniability" in case an addon has been found to do something questionable. An author can't claim "my account was hacked hence I didn't add that to the code".
It is in EVERYONE's best interest to enforce 2FA and you have no right to refuse security to millions of users with such a moronic excuse that has no merit at all. Enabling 2FA on your account, all it needs is a SINGLE email address. No other information AT ALL.
So we can safely conclude that the author addon specifically does not want to enable 2FA on his account for malicious reasons or he's a complete idiot who did not bother to even check what the process entails and also has zero understanding of security concepts. In any case an audit of the addon's code is in order and we should look for alternatives anyhow as after his statement we have exactly 0 trust in the author.
EDIT: This is a reply to the developer's reply. The world has ALWAYS been wicked. From its inception. It is exactly for this reason that security is required. You may be fed up with the state of the world, I am as well, but this has nothing to do with this particular case. If anything, enforcing 2FA on addon uploads helps REDUCE the effects of the wickedness you're talking about and your stance is literally opposing this. Intuition means nothing in this particular case because it's as simple as 1+1=2 and that's non-negotiable fact. It's not something that your intuition may later on prove you correct or anything of the sort. The facts are these:
1) Addons, through their legitimately required for functioning permissions, provide an attack vector for mallicious users.
2) If someone gets access to your account, ALL your userbase is made vulnerable to the attacker.
3) By enabling 2FA on your account you make fact number 2, extremely more difficult to occur.
4) By enforcing 2FA on all addon authors you literally protect millions of users using addons.
It is that simple. So it all boils down to:
A) Do you want millions of users in increased danger because you don't want to provide a single email address (that you may even just use for this reason alone and nothing else) just because your "intuition" tells you otherwise, defying all laws of logic and reason?
B) Do you actually want to help the web and millions of users' devices be safer and more private by making an effort to understand why and support this change by doing something as simple as adding 2FA to your account?
The choice is yours. Make no mistake, this is exactly what you're being called to choose. There are no buts or gray areas. It's either A or B.
Developer responseposted 10 months agoClearly I revealed some ignorance on my part of how 2FA works, but really, the details weren't the important thing. The point was, I was coming up to yet one more thing that makes this world confusing, stressful and a drag. I am 63 years old and grew up in a much more simple time. But more importantly, this was one more thing which is but another poignant symptom of an insanely wicked and declining world, and it would be a constant reminder of it. I then thought, "Okay, I'm done. This isn't fun for me anymore, and I don't need it." I am one who behaves largely out of intuition and I have found that whenever I've been true to that, I later could look back and see how it was the right choice, even though at the time it didn't sound logical or reasonable to some.
I've received about 25 emails now which have all been positive, ranging from extremely supportive, to folks kindly making efforts (successfully) to inform my thinking on 2FA, to folks just expressing their sadness to see I'm quitting. To those folks I am very thankful. They were a sweet contrast to the vitriolic messages that have been published here.
I have always felt that the gifts given to me are not mine to profit from, and have enjoyed sharing them freely with others. There is a pleasant side-effect to living this way and that is I am always free and not beholding to anyone. My public contribution of ATH was for a season, and now it looks like the season has changed.
Regarding the current state of ATH, remember, it is still a working app, still available on AMO, and probably will run for a long time before some Firefox update introduces a bug. I've had maybe one or two bugs introduced from FF updates in 4 years, which have been minor ones. ATH is open source and maybe at some point someone will fork it and continue to update it. The source code is in the addon itself; the .xpi file is just a zipped file. Unzip it and you have the source.
Again here is a link to the last version (in case it disappears from AMO due to lack of updates,) as well as a link to it with a .zip extension (so Firefox doesn't try to install it.):
- by witrak(), 10 months agoRated 1 out of 5I fully support the previous opinion. The message of the author of All Tabs Helper wrote today:
" As of March 15, addons.mozilla.org (AMO) will require 2-factor authentication for developers to access AMO's addon developers web portal. This means that developers must have 2-factor authentication implemented in order to update addons through the web portal. So what's the big deal about 2-factor authentication, why not just do that?
2-factor authentication requires using a 3rd-party for authentication, meaning I must supply some very personal information to an organization not associated with Mozilla. So why not just do that? I give that level of information to banks and such, why not just give it to them? First of all, well, there is just something that feels plain creepy about all of this. The other thing is I don't like being forced to make my account more secure than it already is. Shouldn't it be my choice how secure it should be? If I don't want to lock my door at night, shouldn't I be able to? Mozilla, like most of the world's entities nowadays, feel they need to make me safe, whether I want it or not. Regarding 2-factor authentication, it is ironic that in order to make my account more secure, and make me more safe, I have to reveal more information about myself to the world (Anyone see the bigger picture of what's happening here?)
Possibly there are other options that don't require 2-factor, such as the addons api and updating through the command line. I haven't investigated that thoroughly. I have always said that when this becomes no fun any longer, I will stop doing it. Well when I have to start jumping through hoops and there gets to be more and more hoops, it starts not being fun anymore. And I am very clear this will not be the last hoop, and this insanity is only going to get worse. We'll see what I decide to do as far as other options go, but I just wanted to get this message out while I could still log into AMO, in case it may be the last time.
If I stop doing updates, after a time AMO may pull my addons page. I have a copy of the latest version here: kevinallasso.org/alltabshelper/all_tabs_helper-1.2.43-fx.xpi. I can't promise that it will be there forever. Folks are still free to contact me through my support email firstname.lastname@example.org.
It seems this is all just part of the handwriting on the wall. It should be pretty clear to everyone by now that we live in a society that is intent on oppressing people "for their own good." I may not just be done with mozilla addons, I may just be done with the world. After all, you can only be oppressed if you fear starving to death, but starving to death is not a problem for me.
Cheers :-) "
This is absurd!
- by smartboyathome, 10 months agoRated 1 out of 5I was enjoying this addon up until the update that the developer sent out today, containing a complaint about addons.mozilla.org requiring addon devs to use two factor before publishing. They obviously don't understand security, to the point where they thing time-based two factor authorization gives out personal information, which it doesn't. Given that they don't want to make their account more secure, which could open their account to being hijacked if their password were ever leaked, I no longer trust the author with all the permissions the addon gets, and am removing it.
- by Firefox user 16748679, 10 months agoRated 1 out of 5I was happy with this add-on until the developer chose to abuse his access to my browser to display a popup message unrelated to the functionality of the add-on. I'm sorry, but I'm going to have to uninstall this add-on if you're going to do this.
- by Nibinaear, 2 years agoRated 1 out of 5There are no instructions of how to use the extension.
All I can find is Copy all tab urls from toolbar, or suspend from the right click menu on each tab.
In response to the developer:
The information on about:addons just shows the same information as the page on addons.mozilla.org, it doesn't show where to find the buttons for it.
I thought the sidebar was just a bookmarks list, which I've never used. You can get bookmarks from the address bar so why use a sidebar for them? I've never seen an addon work from there before.
The screenshots showed a menu system but it was not clear where that menu system could be found which is why I had trouble using the extension.
I've used Frefox for at least 10years and feel that I know a lot about it compared to most.
Developer responseposted 2 years agoOn the addon main page, under "About this extension":
"The ATH UI can be accessed 3 ways: In the sidebar, from the toolbar button popup, or in the full view window. Each UI provides 4 different views: .... etc etc etc"
(I don't provide instructions on how to use basic Firefox function, such as using the sidebar or using the toolbar buttons as I expect users to already know how to use Firefox.)
...along with the 19 screenshots which give descriptive images and detailed text for the use of each function.
For all addons that use a toolbar drop-down menu Firefox places a button in the toolbar, appearing with the addon's icon. Look for the button with the ATH icon (the big blue "A".)
For all addons that use the sidebar Firefox places the addon's listing in the sidebar menu (View > Sidebar.)
Using ATH in the sidebar allows the menu to be viewed at all times, whereas using the toolbar button drop-down is ad hoc.
- by chris p, 4 years agoRated 1 out of 5I thought the whole point in updating software is to make it better, not make it worse and remove features, which is what's happening with AllTabsHelper, what the heck are you doing!? Used to be great. Now so much functionality is missing it would not even be worth installing for some one new to FF or coming to ATH from a different sidebar tab addon. Can't even rearrange tabs from the tab list any longer. Last version that worked perfectly was ver 0.2.38. Like i said, used to be 5 stars ez, now i wouldn't even give it a single star.
developer has an "I'm always right attitude" move along people, this ones not worth your time
"not true" oh really? funny because I'm pretty sure i can tell the difference between when it worked and when it stopped working!