Mr. Robot plugin found in all the instances of Mozilla Firefox Quantum

A new plug-in called “Looking Glass” discovered in each instance of the new Firefox Quantum browser. It was turned off by default, but users were still scared to see a plugin they hadn’t installed. When they examined to see what “Looking Glass” did, they found a vague and ominous release notes “MY REALITY IS JUST DIFFERENT THAN YOURS” which did little to quiet doubts.

“I did not memorize installing this add-on, and I would not intentionally install it,” one user wrote in the support forum. “Any comments welcome because I can’t find any reference online.”

As it spun out, Looking Glass was part of Mr. Robot’s long-running alternative existence game, a trail of clues left by writers for fans to find. According to Mozilla’s documentation, the plug-in was designed as a “shared experience to further your immersion into the Mr.Robotuniverse,” evolved as a collaboration between Mozilla and the Mr. Robot team in the USA. The story of the app itself establishes that, listing both Mozilla developers and USA officials as authors of the plug-in.

Once enabled, the plugin appears to have made only minor changes to specific websites, likely dropping more clues for players of the Mr. Robot ARG. But observing the plugin pop-up unannounced on their computers has started many Firefox users more than a little alarmed. As one user wrote on News:

  • There are several scary things about this:
  • Unknown Mozilla developers can share addons to users without their permission
  • Mozilla developers can share addons to users without their knowledge
  • Mozilla developers themselves don’t realize the consequences of doing this
  • Experiments are not explicitly authorized by users
  • Opening the addons window reverts arrangement of changes which disable experiments
  •  The only way to correctly disable this requires fairly arcane knowledge Firefox preferences lockpref(), which I’d never heard of until today

In a statement to News, Mozilla defended the practice and explained the secrecy as a fundamental part of the ARG experience.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil