We can agree to disagree then. I think your opinion is reasonable and I can understand where you are coming from.
To me personally, however, this is a very bad smell. They have shown that they will push unrelated code as a Shield Study. This faux pas was signed off by a Firefox Product Manager, Data Steward, Legal, QA, Release Management, AMO review and a member of the core Shield Team [1]. If none of these members realized it was a bad idea, I have lost all faith in their product development. If it wasn't signed off by those members, there is a major red flag about who has the ability to add these types of things and/or their processes.
Either marketing has too much say, they have poor processes, or they are totally out of touch with their user base. These all raise red flags for me. I can't feel confident knowing that there is no spyware in my browser.
Mike Conley a Mozilla dev commented on the bug ticket, "I am also curious about this. I have been asking around, and have not yet found a single Firefox peer that was involved with this in either implementation or review."[2] Everything about this was handled incredibly poorly. I will wait for the postmortem, but currently I don't have a lot of faith in Mozilla or their processes.
There is no link, implied or otherwise, between allowing a harmless, off-by-default, accidentally visible extension and "spyware in my browser". This extension wasn't just harmless for your privacy, but it was intentionally, specifically harmless.
Yes, it does highlight that Mozilla isn't a perfect, flawless entity that never makes mistakes, but the process protected your interests exactly the way it was designed to do and you already knew that anyway.
If the issue is that Mozilla sometimes pushes imperfect code, why is everyone harping about this absolutely harmless instance and not, say, one of the hundreds of actually meaningful security vulnerabilities? Why are people fixated on this totally arbitrary and counterproductive metric of the fact it showed up under the "extensions" header, rather than a metric of whether it has literally anything to do with the interest you're trying to protect?
If you only want to run code written by perfect entities, fine, go ahead. But you shouldn't have been using Firefox in the first place, and you certainly shouldn't be making unsupported moral claims about them for not hitting impossible standards.
To me personally, however, this is a very bad smell. They have shown that they will push unrelated code as a Shield Study. This faux pas was signed off by a Firefox Product Manager, Data Steward, Legal, QA, Release Management, AMO review and a member of the core Shield Team [1]. If none of these members realized it was a bad idea, I have lost all faith in their product development. If it wasn't signed off by those members, there is a major red flag about who has the ability to add these types of things and/or their processes.
Either marketing has too much say, they have poor processes, or they are totally out of touch with their user base. These all raise red flags for me. I can't feel confident knowing that there is no spyware in my browser.
Mike Conley a Mozilla dev commented on the bug ticket, "I am also curious about this. I have been asking around, and have not yet found a single Firefox peer that was involved with this in either implementation or review."[2] Everything about this was handled incredibly poorly. I will wait for the postmortem, but currently I don't have a lot of faith in Mozilla or their processes.
[1]https://wiki.mozilla.org/Firefox/Shield/Shield_Studies [2]https://bugzilla.mozilla.org/show_bug.cgi?id=1424977