Understanding the risks of installing self-hosted extensions
Extensions enable you to add features to Firefox for a personalized browsing experience.
Extensions that are distributed by the developers themselves, rather than by Mozilla on addons.mozilla.org (AMO), are referred to as “self-hosted.” While users should exercise caution when installing extensions from any source—AMO included—users should take special care determining the trustworthiness of a self-hosted extension. Although most extensions are created by developers with the honest intent of providing great new browser features, some bad actors may use extensions to compromise your personal browsing data.
Assess the trustworthiness of any website or source of a self-hosted extension
There’s inherent risk associated with installing any third party software. Extensions are no different. When evaluating the trustworthiness of a self-hosted extension, consider the following questions:
- Were you prompted by a website to install the extension? This isn’t necessarily a red flag, because there may be a legitimate reason for a website to promote an extension, but this is an indication that you should proceed carefully.
- Are you familiar with the website or source of the self-hosted extension? If you’re unfamiliar and can’t establish trust, avoid installing the extension. (Keep in mind some malicious sites may mimic the look and feel of known, trustworthy brands.)
- What can you learn about the extension and its developer from a quick internet search? Try searching the extension and developer’s name. What do you find? Do any concerning issues arise?
- Are you sure you need the extension? This may seem obvious, but it bears reinforcing—if you don’t really need or want the extension, consider avoiding it. Carefully review its features and services. Does the extension offer you a clear benefit?
These are just a few tips to help you assess the trustworthiness of a self-hosted extension, but it is by no means a comprehensive guide. Please use your best judgement when considering any third party software.