AFAIK even Chromium won't let you install an extension directly from a website. You must download it, keep it somewhere, turn on dev mode, and "load unpacked extension". It wont sync across browsers, etc.
Compare this to Firefox which will sign your extension and let you distribute it directly through your website with a user-friendly experience.
Firefox is way behind Chrome on this front. You can't permanently install a private extension in the release version of Firefox, unless you upload the source code to their servers for signing, and the unlisted extension complies with their developer policy.
Mozilla's stance on extension signing is hostile to users, there are several extensions that got remotely blocked for loading code from Google Translate [1]. This is software that you privately install for your own use, and Mozilla blocks it remotely in your browser.
They've also rolled out the new version of Firefox for Android which only supports a couple of extensions that they have whitelisted. I can no longer use the extensions I have developed and published on Firefox Addons, and I can only imagine the grief it is causing for less technical users that have suddenly lost the productivity tools that they've relied on.
They've also disabled about:config in the new version of Firefox for Android, you can no longer configure the browser that way.
I agree with your perspective that the extension signing model is user-hostile, but under no circumstances should a signed extension be loading remote code, even if it's google translate. Maybe if the remote code is also signed and you're asserting that it matches a SHA256 hash... but at that point just bundle it into your extension.
If you allow loading remote code into an extension there's no point in signing or review or any other security measures because the extension is just malware waiting to happen.
If you absolutely must load remote code, load it in the page context where it doesn't have access to dangerous extension-only APIs. This is my PoV as someone who maintained a 100k-weekly-user Chrome extension for 3 years: I hate the Chrome Web Store but the 'no remote code' policy is correct and Mozilla is correct to also enforce it.
> You can't permanently install a private extension in the release version of Firefox
For what it's worth (admittedly not very much), you can build the release version of Firefox yourself while allowing extension sideloading without even changing any code, it's just the "MOZ_REQUIRE_SIGNING" option.
Obviously this is not a real possibility for everyone, but I do it for this and getting rid of Pocket, along with a few other small changes.
You can also just run the Developer release, which is mostly meant for authoring new extensions, but does respect the about:config flag to disable signature checking.
Mozilla is in a tough spot as a browser vendor, since a sizable portion of their userbase is actually well served by the restrictions. Happily it's also open source, allowing true power users to do what they want with minimal fuss.
I don't see how is Mozilla in a tough spot regarding user freedom, it's entirely possible to allow local extension installation and educate users about the associated risks, like other browsers do.
Most people can live with the restrictions you impose on them, but the restrictions can still be missguided or thoughtless.
> it's entirely possible to allow local extension installation and educate users about the associated risks, like other browsers do.
I think one of the issues is that users aren't the only ones that can install extensions locally. I think Mozilla even introduced this as a response to Microsoft pushing its own extensions into Firefox.
I don't like the restriction either, however most users are dealing with an actively hostile OS and any setting that could be set at runtime instead of compile time would just look like an open invitation to the OS.
Compare this to Firefox which will sign your extension and let you distribute it directly through your website with a user-friendly experience.