Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox abandons RSS, recommends add-ones that require access to your private browsing data?

  • 8 replies
  • 3 have this problem
  • 196 views
  • Last reply by Moznaut

more options

Hi, Firefox has recently abandoned RSS support and is recommending add-ones to replace this functionality, but they all require access to your browser/user data.

Is this not a massive security problem? Am I misunderstanding something?

For now I use open source thunderbird to get RSS but doesn’t provide a mobile experience.

Thanks for any clarification!

Hi, Firefox has recently abandoned RSS support and is recommending add-ones to replace this functionality, but they all require access to your browser/user data. Is this not a massive security problem? Am I misunderstanding something? For now I use open source thunderbird to get RSS but doesn’t provide a mobile experience. Thanks for any clarification!

Chosen solution

By default, Firefox now treats RSS feeds as downloads which you can open in an external feed reader. You don't need an add-on, although I agree it's convenient to have them integrated with the browser. There also are websites you can use to accumulate feeds for reading, although they may be ad-supported.

Extensions that intercept and reformat content in the browser require access to that content. Of course, the problem is not the RSS feed content -- you're just reading it -- but the fact that the permission is not limited in advance to only the sites you care about. In order to intercept anything that any user might want, such extensions usually use "all sites" permission. It is normal to be nervous about that; I have at least 6 extensions that have that permission that I use on a daily basis and consider trustworthy, but it's something I consider with each new one.

Possibly someone could create an extension that you grant permission on a site-by-site basis. This is complicated to do in this case because you'll get a download dialog and the add-on can't integrate there. You could manually copy/paste/type the site address. I think if you wanted the extension to detect the address automatically (give you a list to choose from) you would need to grant the extension download permission (permission to read your download history, which might also be sensitive) or history permission.

Read this answer in context 👍 1

All Replies (8)

more options

Directly from documentation:

“The extension can read the content of any web page you visit as well as data you enter into those web pages, such as usernames and passwords..”

more options

What addons are you referring to?

more options

(duplicate)

Modified by Moznaut

more options

WestEnd said

What addons are you referring to?


I went through as many RSS add-ons I could find and they all require the following permissions: "Access your data for all websites"

Which, when you click on learn more, states:

"The extension can read the content of any web page you visit as well as data you enter into those web pages, such as usernames and passwords."

more options

Hello kicker_d,

You may already have read these articles, but just in case :

https://blog.mozilla.org/addons/2018/02/01/understanding-extension-permission-requests/

https://support.mozilla.org/en-US/kb/tips-assessing-safety-extension

But maybe you'd find more (better) information in this thread :

https://support.mozilla.org/en-US/questions/1225776

more options

McCoy said

Hello kicker_d, You may already have read these articles, but just in case : https://blog.mozilla.org/addons/2018/02/01/understanding-extension-permission-requests/ https://support.mozilla.org/en-US/kb/tips-assessing-safety-extension But maybe you'd find more (better) information in this thread : https://support.mozilla.org/en-US/questions/1225776

Thanks for the links, looks like i'll be staying clear of any add-ons.

more options

Chosen Solution

By default, Firefox now treats RSS feeds as downloads which you can open in an external feed reader. You don't need an add-on, although I agree it's convenient to have them integrated with the browser. There also are websites you can use to accumulate feeds for reading, although they may be ad-supported.

Extensions that intercept and reformat content in the browser require access to that content. Of course, the problem is not the RSS feed content -- you're just reading it -- but the fact that the permission is not limited in advance to only the sites you care about. In order to intercept anything that any user might want, such extensions usually use "all sites" permission. It is normal to be nervous about that; I have at least 6 extensions that have that permission that I use on a daily basis and consider trustworthy, but it's something I consider with each new one.

Possibly someone could create an extension that you grant permission on a site-by-site basis. This is complicated to do in this case because you'll get a download dialog and the add-on can't integrate there. You could manually copy/paste/type the site address. I think if you wanted the extension to detect the address automatically (give you a list to choose from) you would need to grant the extension download permission (permission to read your download history, which might also be sensitive) or history permission.

more options

jscher2000 said

By default, Firefox now treats RSS feeds as downloads which you can open in an external feed reader. You don't need an add-on, although I agree it's convenient to have them integrated with the browser. There also are websites you can use to accumulate feeds for reading, although they may be ad-supported. Extensions that intercept and reformat content in the browser require access to that content. Of course, the problem is not the RSS feed content -- you're just reading it -- but the fact that the permission is not limited in advance to only the sites you care about. In order to intercept anything that any user might want, such extensions usually use "all sites" permission. It is normal to be nervous about that; I have at least 6 extensions that have that permission that I use on a daily basis and consider trustworthy, but it's something I consider with each new one. Possibly someone could create an extension that you grant permission on a site-by-site basis. This is complicated to do in this case because you'll get a download dialog and the add-on can't integrate there. You could manually copy/paste/type the site address. I think if you wanted the extension to detect the address automatically (give you a list to choose from) you would need to grant the extension download permission (permission to read your download history, which might also be sensitive) or history permission.

Thanks jscher2000, I appreciate your insightful comments. The reason I do not use Feedly or other aggregators is that I recently quit Facebook and Twitter and would like to stay away from companies who collect and use consumer data for their benefit.

I will keep my eyes out for an open source RSS app that doesn't track you but for now I will use Thunderbird on desktop.

I am just surprised that it is so easy to install add-ons that easily handover a dangerous amount of user data with little to no warning to users. Maybe Firefox could be a little more liberal with their user warnings to users about the possibilities of compromised logins.

However as you said, it is up to users to decide who they trust.

Thanks again.