Firefox angers users with alarming Mr Robot plugin

Firefox has faced backlash over its handling of a Mr Robot-themed plugin that was automatically installed on its browser over the weekend, causing concern among some users that they were being spied on by hackers.

Reddit users reported over the weekend that a mysterious extension called "Looking Glass" had been installed on their browsers without their permission, which added text to certain websites, including phrases such as "My Reality is Different Than Yours".

Unsurprisingly, this alarmed many users who suspected the extension was some type of malicious code, particularly as they were given no indication that it had been installed, nor any information as to its function.

"I just opened my add-ons tab and found an extension called "Looking Glass"," said one Reddit user. "I have no idea what it is or where it came from. I freaked out bit and uninstalled it immediately." [sic]

However, according to Firefox, the "Looking Glass" plugin was actually a collaborative effort with the team behind the Mr Robot TV series, designed as a "shared experience to further your immersion into the Mr Robot universe".

"The Mr. Robot series centres around the theme of online privacy and security," the company added, in a statement explaining the extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

The plugin only appeared for users who had allowed Firefox to install Shield Studies, Mozilla's preferred method for testing new features ahead of a full release. Once installed, the plugin would tweak websites, such as the placement of obscure messages, to act as clues for people playing a Mr Robot-themed puzzle game.

Unfortunately, the plugin hasn't had the desired effect across the board, with some users claiming it's an example of a company abusing its position.

"In the past I was fine with Mozilla's approach to telemetry and studies, making my browser available for occasional testing/experimenting/data collection to track down bugs or measure improvements or whatever is fine," said another Reddit user.

"This is not doing any of those things. This is an advertisement. This is an abuse of the telemetry and shield studies program. If I cannot trust Mozilla to use these tools responsibly I will have to disable them and recommend my friends and coworkers do the same."

The mysterious plugin also seems to have also taken some of Mozilla's employees by surprise, as software Dan Callahan tweeted that the "Looking Glass" plugin is a "fantastic" idea, "so long as it's opt-in".

Firefox has said the extension will now be moved to its add-on store in an effort to make it clear exactly what it does, and will no longer automatically download to browsers.

Jascha Kaykas-Wolff, Mozilla's chief marketing officer, said in a statement to Gizmodo: "Real engagement also means listening to feedback. And so while the web extension/add-on that was sent out to Firefox users never collected any data, and had to be explicitly enabled by users playing the game before it would affect any web content, we heard from some of our users that the experience we created caused confusion."

"As a result we will be moving the Looking Glass add-on to our add-on store within the next 24 hours so Mr Robot fans can continue to solve the puzzle and the source can be viewed in a public repository."

Javvad Malik, security advocate at AlienValut, said that "forcefully installing ads, or enabling plugins is a big no-no" for companies like Mozilla. "While advertising is a given in today's day and age, when it comes to the authority or actions of software, ultimately the user should be able to decide."

Photo by JeanLuz / CC BY 2.0

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.