> Why should I even need an internet connection in order to run my own scripts in my browser
Snark: because browser extensions only run on HTTP(S)-schema URLs, so you’ll at least need an active (maybe virtual) NIC with a loopback interface and a webserver listening on it, in order to see your extension running.
Reality: you don’t. You can still tell Firefox (or Chrome!) to trust a local extension in Group Policy, and it will. But only if your PC is actually bound to an AD ___domain, such that that GPO policy came from the AD controller rather than being something your computer created locally for itself. Because a virus can (get elevation and then) create a GPO policy to allow itself.
(You don’t technically need an Internet connection for setting up AD binding, because your AD controller can actually live on a VM that runs on the computer it’s managing. Crazy, but it works. People who pirate Windows may be familiar with a tool I won’t name here, that’s essentially a tiny wire-protocol-mimic of a VM running Windows running an AD controller running a Key Management Server.)
> But on Windows they even removed the about:config-flag to disable it. That's very rude.
It’s because Windows is where all the viruses that install malware extensions are. MacOS/Linux could run the malware extensions just as well — the extensions are just trying to [hijack your browser to] show ads/mine bitcoin/add Amazon affiliate IDs to things, and all that can be done in pure JS — but they can’t run the viruses that install them (and they’re uncommon-enough on networks to have low per-neighbour R0 even for viruses written specifically for them), so they’re somewhat protected.
Snark: because browser extensions only run on HTTP(S)-schema URLs, so you’ll at least need an active (maybe virtual) NIC with a loopback interface and a webserver listening on it, in order to see your extension running.
Reality: you don’t. You can still tell Firefox (or Chrome!) to trust a local extension in Group Policy, and it will. But only if your PC is actually bound to an AD ___domain, such that that GPO policy came from the AD controller rather than being something your computer created locally for itself. Because a virus can (get elevation and then) create a GPO policy to allow itself.
(You don’t technically need an Internet connection for setting up AD binding, because your AD controller can actually live on a VM that runs on the computer it’s managing. Crazy, but it works. People who pirate Windows may be familiar with a tool I won’t name here, that’s essentially a tiny wire-protocol-mimic of a VM running Windows running an AD controller running a Key Management Server.)
> But on Windows they even removed the about:config-flag to disable it. That's very rude.
It’s because Windows is where all the viruses that install malware extensions are. MacOS/Linux could run the malware extensions just as well — the extensions are just trying to [hijack your browser to] show ads/mine bitcoin/add Amazon affiliate IDs to things, and all that can be done in pure JS — but they can’t run the viruses that install them (and they’re uncommon-enough on networks to have low per-neighbour R0 even for viruses written specifically for them), so they’re somewhat protected.