Effective self-censorship

No, I won’t be talking about China or Australia here. I would like talk about my experience of downloading a Firefox theme.

The given theme was marked as experimental, and thus – to download it – I had to create a user account on the site. The F.A.Q. explains it as follows:

Why do I have to log in to install an experimental add-on?

The add-on site requires that users log in to install experimental add-ons as a reminder that you are about to undertake a risk step.

Now lets analyze the approach a little deeper: Firefox addons (and themes) can be downloaded from any website, not just from the official one. Downloading from other sites is a two-step process, whereby you first have to approve the site, then the addon. Hosting an addon on the official site gives it an air of trustworthiness. Historically “experimental” / “beta” addons were hosted on the author’s site or on mozdev. I assume that the option of hosting “experimental” extensions on the official site was created as a compromise between people wanting to post less-tested extensions on the mozilla site and the mozilla staff wanting to avoid less-stable plugins giving a bad name to Firefox.

However, I argue that such a move is detrimental to both parties. The sign-up process is quite “old school”, and has a couple of usability issues:

  • No javascript validation of the fields, you have to submit the form to find out that you’ve missed / mistyped something
  • You have to solve a CAPTCHA every time the form is displayed, even though you’ve successfully solved the CAPTCHA for the previous submission
  • You have to validate your e-mail address. This arguably is a security feature, however it could be implemented much more sensibly (for example not letting you do things that modify the “state” of the site – like submitting comments – until you’ve validated your account, but still letting you download things)
  • The confirmation link doesn’t automatically log you in. Again, this is arguably a security feature, however we are not talking about your online banking here, we are talking about a site which tries to “sell” you a product.
  • It doesn’t support OpenID

Many people will be deterred by one of these obstacles, resulting in less usage (testing) for the extension. Those who will battle their way trough (like me), will be frustrated by the experience. The method itself is sending a mixed message from the mozilla team: “yes, this is an addon on the official site, but no, we don’t want you to download it”. The only possible benefit would be it the addons would show up when searching on the official site (or from the Firefox UI), however they do not! Luckily most people rarely use the site-specific search engine to find things (this is true for all the sites, not just mozilla).

What would be a better solution?

  • Take a firm stance on the matter. Either make these extensions “first class citizens” (don’t require logins to download them, make them show up in search results, etc). One thing which could be done (which seems acceptable) is to place these plugins at the end of the search results.
  • Optimize the signup experience. No, you are not protecting fort knox!
  • Trust user ratings / reviews! If the given addon is of such poor quality, it will quickly get a reputation as such (or more importantly: it won’t get a reputation as a “must have” extension).

Finally: the paranoia is overblown considering the percentage of Firefox users in general and the percentage of those users who use any extensions. I would argue that people who use more than two extensions are a very, very small percentage of the userbase, making the risk associated with “bad” extensions tarnishing FF name very small.


Leave a Reply

Your email address will not be published. Required fields are marked *