Recently Mozilla introduced Jetpack, a Firefox add-on that makes it possible to post-process webpages within the web browser. For the non-techies out there, this means that one can now create small software programs that, if installed, can alter a webpages content by changing, adding or removing parts of it before it is displayed on your computer screen.
For the more technically minded, this post-processing of web pages is made possible because JetPack plugins have access to the Document Object Model (DOM). Since the DOM describes the structure and content of a web page, the software can manipulate the webpage’s content after the page is received from the web server but before it is displayed to the user. As a result static web pages, even the ones you do not control, can become dynamic mashups.
This may seem insignificant but it has dramatic implications. For example, imagine a JetPack plugin that overlays a website – say of BarrackObama.com or FoxNews.com – that causes text bubbles that counterspin a story when your mouse hovers over it. The next republican nominee could encourage supporters to download such a hypothetical plugin and then direct their supporters to Obama’s website where each story could be re-spun and links to donating money to the republican campaign could be proffered. They would, in short, dynamically use Obama’s webpage and content as a way to generate money and support. TPM could create a similar Jetpack plugin for the FoxNews website which would do something similar to the title and body text of articles that were false or misleading.
Such plugins would have a dramatic impact on the web experience. First, they would lower costs for staying informed. Being informed would cease to be a matter of spending time searching for alternative sources, but a matter of installing the appropriate JetPack plugin. Second, every site would now be “hijackable” in that, with the right plugin a community could evolve that would alter its content without the permission of the site owner/author. On the flip side, it could also provide site owners with powerful community engagement tools: think open source editing of newspapers, open source editing of magazines, open source editing of television channels.
The ultimate conclusion however is that JetPack continues to tilt power away from the website creators to viewers. Webpage owners will have still less control over how their websites get viewed, used and understood. Effectively anyone who can persuade people to download their JetPack plugin can reappropriate a website – be it BarrackObama.com, FoxNews.com, eBay, or even little old eaves.ca – for their own purposes without the permission of the website owner. How the web eco-system and website developers in particular react to this loss of control will be interesting. Such speculation is difficult. Perhaps there will be no reaction. But one threat is that certain websites place content within proprietary systems like Flash where it would be more difficult for JetPack to alter their contents. More difficult to imagine, but worth discussion, is that some sites might simply not permit Firefox browsers to view their site.
In the interim three obstacles need to be overcome before JetPack realizes its full potential. Currently, only a relatively small community of technically minded people can develop JetPack add-ons. However, once Jetpack becomes an integral part of the Firefox browser this community will grow. Second, at present installing a JetPack plugin triggers a stern security warning that will likely scare many casual users away. Mozilla has hinted at developing a trusted friends system to help users determining whether a plug-in is safe. Such trust systems will probably be necessary to make JetPack a mainstream technology. If such a community can be built, and a system for sorting out trusted and untrustworthy plugins can be developed, then Jetpack might redefine our web experience.
We are in for some interesting times with the launch of Firefox 3.5 and new technologies like JetPack around the corner!
Jetpack is available at jetpack.mozillalabs.com
Diederik van Liere helped write this post and likes to think the world is one big network.
It's funny that this type of concern is being raised about Jetpack when Mozilla's add-on platform has provided tremendous flexibility for years now. There are currently over 7,000 add-ons being hosted on addons.mozilla.org which provide enhancements for things that users are asking for & if anything, add-ons empower users in ways that no other browser has allowed. The proof is in how Google is implementing add-ons into Chrome & how their add-ons will look similar to Jetpack.You're right that someone could build an add-on to provide a feature as you mentioned above but at the end of the day, it's the user's choice to use that tool or not. They're making a conscious decision to use a tool that will allow *them* to have a better web experience. It's no different than using price comparison sites to determine the best product pricing between Amazon, Buy.com or Overstock. Jetpack will open up tremendous opportunities for web developers to build what they can imagine & from my experience as Mozilla's Add-on Community Lead, the majority will create exciting applications and enhancements which will make browsing substantially better.Rey BangoAdd-ons Community LeadMozilla
The JetPack plugin, now that I've had some time to root around in the files, I found is very similar to a Firefox plugin that's been around for years called GreaseMonkey. The problems jetpack introduces aren't new – Flash, ActiveX and a variety of other software enable features just like it (which are far more subtle in their implementation – making it harder to track differences). It's really just a permissive form of a security-breach called XSS or cross-site scripting aka “monkey-patching.”The issue doesn't stop with site creators – users are also going to have their experience tinkered with, many of them unwilling or unable to examine the source of the plugins they install to ensure they understand how they work, and more importantly where. The recent debacle between plug-in developers AdBlock Plus and NoScript serves to underscore the fragility of a system like this. Before Jetpack, any problems required a high-head in distribution of configuration files to make any serious impact (plugin incompatibilities abound – but the chances of two being installed in the same system are small if add-on configs are highly idiosyncratic). Making the tools easier and more powerful gives developers (good and bad) access to the long-tail of use-cases – making the problems both more common and harder to resolve.
This article in Infoworld touches on many of the same issues Diederik and I were trying to share here.
Rey – thank you for commenting. Let me start with saying that David and I are both very excited about the potential of JetPack to enrich the users’ experience of the web and we both see JetPack unequivocally as a positive development. What we hoping to illustrate was the potential for JetPack to have a far greater (and positive) impact on the user experience then some people might realize. We tried to push the boundaries of potential JetPack plugins that go beyond status update applications but to philosophize about possible plugins that inject ‘smartness’ in web pages beyond your control. This said, there are people who are afraid of this future (we are definitely not!) and the Mozilla community should be prepared for this resistance. Some will come from more traditional sources (traditional media) but some could come from our some of our traditional supporters (online retailers, cloud computing providers). Best,D & D
The potential to abuse add-ons to modify web pages in subversive ways has been there since add-ons and since Greasemonkey, as people have pointed out.This does raise an issue: how does Greasemonkey deal with HTTPS pages? How does JetPack deal with them? Do they have some integrity protection, i.e. a GM script or JP add-in needs special permission to view/modify such pages? Can I install a JP add-in with limited privileges, so that even if it turns out to be malicious, at least it cannot affect my chrome and sensitive web sites?
Ultimately, it comes down to this – if you don't trust the software you're voluntarily installing, why are you installing it? JetPack doesn't change anything in that regard.
You're asking legitimate — but old — questions. Both existing Firefox plugins and Greasemonkey have offered these capabilities and raised these concerns for years. (As I am not the first in this thread to note.)I predict that JetPack will slightly lower the barrier to entry, but in the end, we'll see about the same level of “abuse” as we do with Greasemonkey and conventional Firefox plugins — almost none. I also predict we won't see much “creative hijacking” either. I think we'll continue to see pretty much the same kinds of Firefox plugins we're seeing now, which is to say, things that are wonderful and great for techies, but don't trickle out much beyond the bleeding/leading edge.
Another thing worth asking. What sort of statistics does Mozilla gather about addon usage? People are making suppositions about who uses what kinds of addons, where's the data? Mozilla is in a position to know what IP addresses have installed what addons on what versions of Firefox and in what order. They also know what those IPs have looked at in terms of addon pages and search results.There are lots of hooks for collective intelligence here. The value of such a system will only increase as the number of addons goes up.
Thanks for recognizing the dynamic balance between the needs of creators and the needs of consumers:“The ultimate conclusion however is that JetPack continues to tilt power away from the website creators to viewers. Webpage owners will have still less control over how their websites get viewed, used and understood….”Sometimes a content creator wants a predictable presentation layer. Sometimes a consumer wants to change that presentation layer. Both needs are valid. The more options we have, the greater the chances that creators and consumers can find a mutually-acceptable contract.(The alternative — “everything must be greasmonkeyable, nothing else must be permitted!” — creates an imbalance, and would deter many creative efforts. Choices help.)jd/adobe
This sort of technology isn't new, and I'm not talking about GreaseMonkey. “Third Voice” and Ka-Ping Yee's “Crit” from way back in the 90's operated in the same conceptual space. (Albeit much more primitively. :-) ) Doesn't seem as though The Google remembers too much about either of these. There are some references out there, but not too many and nothing very high quality.Cheers,- Richard