[HN Gopher] Gorhill pulls uBlock Origin Lite from Firefox store
___________________________________________________________________
Gorhill pulls uBlock Origin Lite from Firefox store
Author : croes
Score : 265 points
Date : 2024-10-01 12:18 UTC (10 hours ago)
(HTM) web link (www.neowin.net)
(TXT) w3m dump (www.neowin.net)
| petabit wrote:
| Apparently, as the article says, the lite version is the
| recommended one by the author to be used
| ziml77 wrote:
| Recommended for Chrome. I'm not sure why anyone would want this
| for Firefox.
| trustno2 wrote:
| It's lighter on resources and requires less permissions (so
| it's more private).
|
| manifest v3 is not as bad idea as some people are saying
| prmoustache wrote:
| The article is misleading. The lite version is recommended on
| chrome because very soon the non lite version will stop
| working.
|
| It doesn't apply to firefox.
| jqpabc123 wrote:
| Just follow the money.
|
| For all practical purposes, Mozilla is a Google subsidiary.
| VoxPelli wrote:
| How is that at all relevant here? Google doesn't have this same
| review process for Chrome?
| einpoklum wrote:
| If it does, that only strengthens the point.
| JohnBooty wrote:
| Generally, yes: follow the money.
|
| But that does not mean that random errors can be always
| _attributed_ to malice or financial interests.
|
| You think that's how Mozilla would kiss up to Google? "Hey, we
| disabled an ad-blocking extension (although not its more
| popular and powerful big brother) for half a day! And then we
| put it back up!"
|
| If I'm Google, that is not really thrilling me or making an
| impact.
|
| Also, the Google/Mozilla relationship goes both ways. Mozilla
| is dependent on Google for cash, which I absolutely dislike.
|
| However, Google also needs _Mozilla_ as a hedge against
| antitrust claims. From an antitrust standpoint the ideal
| situation for Google is that Google continues to fund Mozilla,
| and Mozilla continues to allow ad-blocking (looks good to
| regulators) while continuing to have a tiny market share (so
| that FF 's uBlock users don't actually have much of an impact
| on Google's advertising biz)
| jqpabc123 wrote:
| Yeah, you're probably right.
|
| This was just a completely innocent mistake. They had no idea
| that uBlock Lite was the most popular ad blocker for Firefox.
|
| I'm sure the result made sugar daddy cry.
| seba_dos1 wrote:
| > They had no idea that uBlock Lite was the most popular ad
| blocker for Firefox.
|
| Did I miss anything? Unless you really care about resource
| usage (on mobile, perhaps), there's hardly any reason to
| use uBlock Origin Lite on Firefox. It exists because of
| Chrome.
| Freak_NL wrote:
| I really hope Raymond Hill won't do the same for uBlock Origin
| (the manifest v2 version). I'm not too comfortable recommending
| others to install a self-hosted extension.
|
| It's a shame Mozilla and Raymond Hill can't/won't solve this
| together. I get that the review he got simply should not have
| happened for an extension like this (see the Github thread1) and
| that he is simply done with bothering, but I worry about how that
| will affect uBlock Origin's long-term stability as a project. The
| whole situation sounds decidedly unhealthy.
|
| 1: https://github.com/uBlockOrigin/uBOL-
| home/issues/197#issueco...
| free_bip wrote:
| Latest update from the link you provided: The Mozilla review
| team acknowledged their error and rectified it. Hopefully that
| allows it to continue existing.
| cholantesh wrote:
| Hill seems intent on self-hosting, so I mean it will exist,
| but will be a lot harder to discover and as GP mentions,
| probably harder to convince people to install.
| actinium226 wrote:
| But... ublock is like the main reason I use FF
| pbronez wrote:
| You can continue to use Ublock Origin, which uses the v2
| manifest.
|
| The delisted extension, Ublock Origin lite, is a v3 manifest
| plugin. Apparently it was created to address chrome blocking
| the v2 extension, but you can continue to use the v2 extension
| on Firefox
| anonymous_sorry wrote:
| ublock origin is still available in the Firefox add-on store.
|
| The developer has pulled the 'lite' version, which is developed
| mainly for Chrome because Google killed some APIs the full
| version was using.
| VoxPelli wrote:
| Because no one ever have taken over and compromised high profile
| extensions?
|
| Chrome battles with it a lot, see eg.
| https://news.ycombinator.com/item?id=36146278
|
| I find Mozilla's process to be quite reassuring, but would be
| good to have alternative "addon stores" that also have a review
| process
| sdflhasjd wrote:
| Mozilla is definitely doing the right thing by reviewing the
| extensions, but the issue here is that were wrong, they found
| issues that didn't exist (such as claiming it contained
| obfuscated code and collected private data).
|
| It appears the issues were found using simple heuristics (e.g
| they detected string pagead2.googlesyndication.com in a
| comment) and these detections weren't then manually reviewed as
| claimed, which is wasting everybody's time.
| protoster wrote:
| Why does lying about manual review seem so commonplace?
|
| For example, during basically any YouTube copyright or
| moderation controversy, there is always "manual review" of
| videos that have obviously been caught in automated systems
| that in case of actual manual review, would be cleared of
| problems by any reasonable human.
| nicce wrote:
| Maybe "manual review" here is that someone "manually" runs
| the automation tool for that specific entity.
| JohnBooty wrote:
| Absolutely. But: I don't think anybody is saying that high
| profile extensions should receive _less_ scrutiny?
|
| For high-profile extensions, the impact is higher for both
| false negatives _and_ false positives. So they should receive
| more attention.
|
| I do not know anything about Mozilla's internal procedures
| regarding add-on approvals. However, for a high profile
| extension like uBO/uBO Lite... it should either require
| multiple reviewers, or maybe just an escalation to a senior
| reviewer or something. You should never be a single human error
| away from a high impact mistake.
|
| Maybe they do that already, I dunno. But it seems hard for me
| to believe that multiple people approved uBO Lite's yoinking.
|
| Extensions are SUCH a crucial part of FF's appeal. And uBO/uBO
| is arguably the most important of them all.
| finnthehuman wrote:
| There is a difference between questioning if a review process
| should exist for the official addon index and questioning if
| the implementation is any good.
|
| You address the former when it seems like the issue is the
| later.
| mossTechnician wrote:
| Mozilla has the capability to handle compromised addons; this
| whole mess happened because they wiped out every version of
| uBOL except for the earliest one.
|
| They just haven't used that capability responsibly... Yet.
| latexr wrote:
| > I find Mozilla's process to be quite reassuring
|
| The fact that a review process exists might be reassuring, but
| the way they went about it surely isn't.
|
| https://github.com/uBlockOrigin/uBOL-home/issues/197#issueco...
| poincaredisk wrote:
| >The last message from the developer in a now-closed GitHub issue
| shows an email from Mozilla admitting its fault and apologizing
| for the mistake. However, Raymond still pulled the extension from
| the Mozilla Add-ons Store, which means you can no longer find it
| on addons.mozilla.org.
|
| This seems pretty harsh. Mozilla made a mistake, Mozilla
| apologized, Mozilla fixed the mistake (maybe even improved their
| processes), and the author still pulls their choose and
| criticizes Mozilla. On my opinion either author took this a bit
| up personally, or cares about improving the review process and
| wants to make a strong point (with some hurt done for their
| project visibility).
| VoxPelli wrote:
| Feels like they were just waiting for a reason to pull out -
| likely feels its a hassle to upload and have it review and just
| want everyone to trust them and keep it simple
|
| And I guess some people would claim that since its an open
| source addon no one can feel entitled to anything else
| latexr wrote:
| Remember why uBlock _Origin_ exists in the first place: Raymond
| Hill was fed up with the chore of all the administrative crap
| around uBlock1. They wanted it to be a hobby and it started
| feeling like a job.
|
| https://github.com/gorhill/uBlock/issues/38#issuecomment-918...
|
| So it's predictable they'd get fed up with that Mozilla review
| process and call it quits too.
|
| 1 Which led them to hand the project to an unscrupulous rando
| that immediately tried to monetise it, leading Raymond to hate
| the outcome and having to decry his own previous project and
| ending up essentially where it all started but with a bunch of
| extra work in the middle.
| finnthehuman wrote:
| I can't fault gorhill for not wanting to play the "give large
| rich organization infinite second chances" game. Sometimes
| enough is enough even if you think you'd act differently in his
| shoes.
|
| > Mozilla apologized
|
| No they didn't. Now I'm not here to play apology police or
| anything. But that's just a perfunctory customer service voice
| statement which happened to include the word "apologize". And
| that's fine. Nobody expects more. We can acknowledge it for
| what it is tho.
| latexr wrote:
| What could the email have said that would have made you
| believe they had apologised? If the literal string "we
| apologize" isn't it, what is?
| nicce wrote:
| "Statistically your extensions are one of the most used on
| Firefox. We will handle all related matters with higher
| priority and care in the future, and are deeply sorry about
| this."
| amiga386 wrote:
| "Our review processes are not fit for purpose. We commit to
| replacing them with ones which acknowledge our entire
| ecosystem is built on the goodwill of unpaid volunteers,
| and we must not squander their time or resources. People
| like you are our lifeblood and we must not lose your
| trust."
|
| "We admit we used automated scanning here and tried to pass
| it off as human review. We got caught. Badly. All our
| future scans will have to pass our own internal reviews
| before we make demands of extension authors."
|
| these sorts of things
| marssaxman wrote:
| The author is a volunteer and the software is a labor of love:
| of course it's personal. Such projects thrive when the author
| feels like they are giving a valuable gift to a community which
| is receiving and appreciating it. Being required to submit your
| creation through an impersonal "review" process which rejects
| you in such a way that it's obvious nobody cared enough to even
| _look_ is not just a buzzkill: it 's an _insult_.
|
| I would walk away, too.
| freedomben wrote:
| > when the author feels like they are giving a valuable gift
| to a community which is receiving and appreciating it.
|
| Who is the "community" in this case? Mozilla? Or is it us
| users? If the former then fine, but if the latter, then who
| is being hurt by this, and how does Mozilla being annoying
| reflect ingratitude in the community?
| latexr wrote:
| > who is being hurt by this
|
| See Raymond's comment five days ago:
|
| https://github.com/uBlockOrigin/uBOL-home/issues/197
|
| Who is being hurt is Raymond Hill (their sanity / mental
| stability / desire to work on this popular extension);
| Firefox users who preferred the Lite version; Firefox users
| on Android; Everyone who would've been recommended this
| extension and now won't (see other comments in this
| thread); Mozilla (taking yet another hit to their
| reputation) and by extension the open web as more reasons
| to abandon Firefox lead to less browser diversity.
| trustno2 wrote:
| Judging from his replies, this is not the first time he had
| problems with the review system
| akira2501 wrote:
| > author took this a bit up personally
|
| Yea, those pesky unpaid developers, letting their emotions get
| mixed into their personal projects. Why can't they be cold and
| unfeeling, like the people who run the firefox "store?"
| latexr wrote:
| For anyone confused by the real title:
|
| > uBlock Origin Lite maker ends Firefox store support, slams
| Mozilla for hostile reviews
|
| "Review" here means the Mozilla review to allow the extension in
| the store, not user reviews of the extension.
| einpoklum wrote:
| Mozilla decided at some point to kill extensions - whether
| following Google Chrome or of its own volition. It took an axe to
| its ecosystem by disablign the loading of anything external other
| than WebExtensions - and note that it's just an artificial
| disabling, as internally, Firefox is still basically some bundled
| "extensions" over a C++ core.
|
| And now there's the "manifest v3" change, and making people jump
| through hoops to be on AMO.
|
| This is very sad, almost as much as the internal governance over
| there.
| kristjank wrote:
| Another Mozilla classic...
| timeon wrote:
| From the article:
|
| > uBlock Origin Lite is a Manifest V3-compatible version of the
| content blocker. It is less powerful, but since Google is
| disabling Manifest V2 support in Chrome, it is what will remain
| from uBlock Origin for Chromium-based browsers.
|
| > Does it affect uBlock Origin? The core extension remains
| available for Firefox. Unlike Google Chrome, Firefox will
| continue to support Manifest V2 extensions. Mozilla has not
| flagged this extensions or disabled it
|
| But somehow it is Mozilla who is the bad guy not Chromium-based
| browsers.
| yjftsjthsd-h wrote:
| > But somehow it is Mozilla who is the bad guy
|
| Sounds like it, yeah.
|
| > not Chromium-based browsers.
|
| Nobody said that.
| seszett wrote:
| This story is about Mozilla removing the Lite/Manifest v3
| version from Firefox's extensions, this has nothing to with
| Chromium.
|
| Now why does such a version even exist when the "normal"
| uBlock Origin is available on Firefox, I don't know. But
| there's no question it was a mistake by Mozilla. Mistakes do
| happen, I'm just explaining why it's only related to
| Mozilla's actions here.
| JadeNB wrote:
| To be clear, the complaint is not about Manifest V2 vs.
| Manifest V3 (which is of course its own can of nonsense), but
| about Mozilla's review:
|
| > Mozilla says that it has reviewed the extension and found
| violations. The following claims were made:
|
| > The extension is not asking for consent for data
| collecting.
|
| > The extension contains "minified, concatenated or otherwise
| machine-generated code".
|
| > There is no privacy policy.
|
| The article points out that all three points are false, and
| _this_ , or--I'll go ahead and trust the author of an
| extension I rely on heavily--what the author says:
|
| > In a follow-up, Hill criticized the "nonsensical and
| hostile review process" that put added burden on developers.
| Mozilla disabled all versions of the extension except for the
| very first one. It still flagged the extension for the very
| same reasons, but nevertheless decided to keep the outdated
| version up.
|
| is what makes Mozilla the bad guy here. (It also says Mozilla
| restored the extension a few days later, which is better than
| doubling down but, of course, worse than not making the
| ridiculous error in the first place.)
| roblabla wrote:
| I mean, those are _completely_ separate issues? People can be
| mad at Google/Chrome about Manifest V3, whilst also being mad
| at Mozilla/Firefox for randomly flagging UBOL with bullshit
| reasons.
| nicholasjarnold wrote:
| The article seemed to highlight the inconsistencies or errors
| in the plugin review process which puts undue burden on
| developers trying to add value to the ecosystem. It was not
| about the differences in Manifest v2/3 and the issues with
| Chrome, though this was mentioned and is the reason why the
| 'Lite' version of uBlock Origin exists in the first place.
|
| tl;dr - continue using Firefox and installing uBlock Origin.
| If you develop Firefox plugins for distribution through their
| official channel beware the review process I guess.
| 1GZ0 wrote:
| Mozilla just can't help themselves, can they? Seriously, once
| Google is broken up and their donations to Mozilla stop, I won't
| be sad when Mozilla is forced to shut down.
| jordanb wrote:
| These "lapses in judgement" are driven by Mozilla's brass
| representing the desires of their real masters. A post-Google
| Mozilla may be smaller, but I bet Firefox would be better and
| more popular.
| 1GZ0 wrote:
| I hope so, but I wouldn't count on it.
| noworriesnate wrote:
| I wish they'd get smaller first, build up a fund so they
| could literally just invest in the stock market and run
| indefinitely off the returns, and only then go Google-free.
| That would be a more permanent solution.
| yencabulator wrote:
| That sounds like it'd make less money for the CEO, why
| would they be interested in that?
|
| Mozilla no longer does what is good for Firefox.
| seba_dos1 wrote:
| It's a blog post about something that happened a month ago and
| boils down to "some (obvious) mistake happened during review".
| Not much to see here.
| bluGill wrote:
| That obvious mistakes can happen is itself a problem.
| flyingpenguin wrote:
| Have you never been at work being forced to do something
| because you need money but you just are not feeling it that
| day? Obvious mistakes will ALWAYS happen, regardless of
| rules, regulations, human involvement, process, etc. It's
| thoughts like this
|
| "How can we make sure this doesn't happen again"
|
| "Its unacceptable than an obvious mistake happened"
|
| that make corporations so full of random rules, because they
| think it's possible to prevent things like this. What matters
| is the frequency with which they happen, and how gracefully
| you handle yourself after it happened.
| hermannj314 wrote:
| "But the bias-variance tradeoff doesn't really apply to us"
| - every bureaucracy ever.
| talldayo wrote:
| Obvious mistakes are an issue with most software stores. Less
| a matter of attention being paid, and more a consequence of
| scale: https://www.pcmag.com/news/beware-theres-a-fake-
| lastpass-app...
| bluGill wrote:
| Software management doesn't scale as much as google would
| like.
| talldayo wrote:
| Software management doesn't scale at all. It relies on an
| individual human element that is free to make the wrong
| choice apropos of nothing. They have no motivation to
| explain their reasoning and by-and-large are protected by
| the marketing of a multi-million dollar business.
|
| Kinda why it's a mistake to charge money for a process
| that is demonstrably incorrect.
| SSLy wrote:
| latest message from moz on the GH issue is from the day back
| InsomniacL wrote:
| > The organization issued an apology for the "mistake" and
| recommended to Hill to reach out whenever he has questions or
| concerns about a review.
|
| Before taking drastic action like pulling addons from the store,
| Mozilla should reach out if they have questions or concerns about
| a review.
| elAhmo wrote:
| It appears all of the companies that are gatekeepers to apps,
| extensions and similar user-generated stuff are really quick to
| overreact and unless you are a high-profile person, have a lot
| of followers or a really popular app or an extension, good luck
| resolving it in a timely manner.
| CaptainFever wrote:
| On first glance, it really does seem to be the case,
| regardless if one is "big tech" (e.g. Apple) or a non-profit
| organization (e.g. Mozilla).
| AdmiralAsshat wrote:
| Oof. I get gorhill is pissed about the whole thing, but, this
| feels like cutting off your nose to spite your face. It's going
| to be much trickier for people to get uBO Lite onto their Firefox
| for Android installations now, or even if they can, they might
| just not bother.
|
| And, while I suppose gorhill could make the case that he's
| protesting this egregious process on behalf of the little guy,
| the fact is, he's _not_ the little guy as far as Firefox add-ons
| go. uBO was one of the first (if not _the_ first) 3rd-party addon
| to be offered as part of Firefox for Android after Mozilla 's
| reorg started rolling out. He clearly has Mozilla's attention.
| I'm not sure what he gains from continued intransigence offers
| after Mozilla admits their mistake and apologizes.
| Timshel wrote:
| He gains by not having to interact with them for UBOL.
|
| When you waste people's time sometimes an apology is not enough
| for them to want to continue to work with you ...
| 51Cards wrote:
| An outlook like that will really limit who you work with in
| the future. I don't know anyone, corp or otherwise, that
| doesn't mess up from time to time. What matters is the
| acknowledgement of the mistake and taking steps to rectify
| it.
|
| IMO, as much as I highly respect his products, the dev pulled
| a hissy fit over a mistake.
| yencabulator wrote:
| So, half of what you say matters seems to be missing.
| ForHackernews wrote:
| They restored his extension (until he removed it again),
| what more do the Mozilla-haters want?
| SSLy wrote:
| An apology, a post mortem, and lessons learned and
| implemented so it doesn't happen again.
| yjftsjthsd-h wrote:
| > It's going to be much trickier for people to get uBO Lite
| onto their Firefox for Android installations now, or even if
| they can, they might just not bother.
|
| Why would they bother? Firefox - Android or desktop - runs
| full/regular uBo just fine.
| AdmiralAsshat wrote:
| > Why would they bother? Firefox - Android or desktop - runs
| full/regular uBo just fine.
|
| gorhill himself stated[0]:
|
| > This is unfortunate because despite uBOL being more limited
| than uBO, there were people who preferred the Lite approach
| of uBOL, which was designed from the ground up to be an
| efficient suspendable extension, thus a good match for
| Firefox for Android.
|
| [0] https://github.com/uBlockOrigin/uBOL-
| home/issues/197#issueco...
| carlosjobim wrote:
| > I'm not sure what he gains from continued intransigence
| offers after Mozilla admits their mistake and apologizes.
|
| What would he gain from submission to Mozilla? Either way he
| gains $0 for all the work he's done to improve the Internet for
| millions of people.
| AdmiralAsshat wrote:
| He gains Mozilla's distribution model and audience, which
| allows users of Firefox to download add-ons from their
| browser's UI and updates automatically, rather than having to
| manually pull an extension file from a Github page for each
| new release and install it.
| phoronixrly wrote:
| That's a long-winded way to say $0
| Crespyl wrote:
| Time and effort are usually considered to be worth some
| amount of money.
| carlosjobim wrote:
| Time and effort is what he spends, $0 is what he gains.
| AdmiralAsshat wrote:
| You gain $0 for uploading your Linux package to
| yum/apt/dnf as well, but you recognize that there's value
| in being able to install such packages easily through a
| well-curated repository, no?
| SSLy wrote:
| > _allows users of Firefox to download add-ons from their
| browser 's UI and updates automatically, rather than having
| to manually pull an extension file from a Github page for
| each new release and install it._
|
| only because mozilla is gatekeeping that away otherwise.
| abhinavk wrote:
| For extensions which have full access to all websites, I
| appreciate that. That is one of the main reasons for
| ManifestV3 because not all extensions can be reviewed.
| witrak wrote:
| I agree with one exception:
|
| > [...] and audience [...]
|
| If you take into account small market share of Firefox and
| even smaller percentage of Firefox user needing uBOL then
| "audience" isn't anything important in this case. Perhaps
| this whole story will increase popularity of uBOL more...
| wolpoli wrote:
| > The organization issued an apology for the "mistake" and
| recommended to Hill to reach out whenever he has questions or
| concerns about a review.
|
| It's unclear why the author of the article decided that the word
| 'mistake' deserved the scary quote treatment.
| greentxt wrote:
| Because there was a privacy policy it's hard to understand how
| that could be a mistake. The insinuation is the reviewer was
| not acting in hood faith.
| pdpi wrote:
| Which brings us to: It's unclear why the author of the
| article decided that the reviewer was not acting in good
| faith.
| jeroenhd wrote:
| The reviewer asserts that the addon transmits data. It does
| not.
|
| That may not be malice, of course. It could just be
| incompetence (someone running an automated scanner and not
| verifying that the results are correct), someone trusted
| with a job they're not capable of doing, or maybe it's just
| Mozilla pretending someone reviewed the addon while using
| shitty AI like ChatGPT to do all the work.
|
| The email even directly links to resources that are
| supposedly "minified, concatenated or otherwise machine-
| generated". That's simply not true.
| busterarm wrote:
| Maybe it's the fact that 80+% of Mozilla's revenue comes
| directly from payment by Google who are extremely hostile
| to ad blockers (and UBO in particular) at the moment.
|
| That should be obvious, honestly. The extension is a threat
| to the reviewer's paycheck...
| cholantesh wrote:
| UBO isn't even the extension that was scrutinized, and
| besides how do you even know that the reviewer (if they
| are a human which seems open to question) is a Mozilla
| employee rather than a volunteer, and that they were not
| acting out of sheer incompetence?
| eviks wrote:
| Pretty clear: because it's a quote form the Mozilla's response
|
| "We apologize for the mistake and encourage"
| SuperNinKenDo wrote:
| Fair play. uBO is THE killer extension, and apparently it never
| occured to Mozilla that if they were going to insist on using
| some hideous, Google style, machine led review process for
| extensions, perhaps they should at least make a carve out for one
| of the single most important extensions that exists.
|
| I can totally understand gorhill becoming completely insensed by
| the whole thing and refusing to play ball when Mozilla "realises
| their mistake". Their mistake was assuming he would simply put up
| with being subjected to the drudgery that so many extension and
| open-source developers allow themselves to be subjected to in
| return for little thanks and ever increasing demands.
|
| The outcome is far from ideal, but the fault, sadly, lies
| squarely with Mozilla. Real shame.
| abhinavk wrote:
| This is about uBOL. I haven't seen much delays for the main
| extension. It is always more up to date on Firefox compared to
| Chrome/Edge.
| SuperNinKenDo wrote:
| OK? So you support Mozilla's actions or something? What is
| the purpose of your comment?
| jorams wrote:
| The purpose of their comment is to correct your statement
| that:
|
| > perhaps they should at least make a carve out for one of
| the single most important extensions that exists.
|
| uBOL is not an important extension on Firefox.
| witrak wrote:
| >uBOL is not an important extension on Firefox.
|
| Perhaps you should read some earlier comments then you
| wouldn't say such things?
|
| Hints: Firefox mobile; range of privileges required.
| jorams wrote:
| I did, it does not change what I said. uBO works
| perfectly fine on Firefox Mobile and doesn't use much
| battery. People can _prefer_ uBOL, but that doesn 't make
| it important to the ecosystem.
| mossTechnician wrote:
| Out of all the criticism Firefox fans make of the mobile
| version, excess CPU usage and excess RAM usage are at the
| top of the list. Maybe high-end phones run Firefox
| decently now, but not everybody has a high-end phone. If
| uBOL has a place on Firefox, mobile Firefox is where it's
| best.
| ravenstine wrote:
| uBlock Origin is likely the primary reason Firefox has any
| amount of meaningful browser market share today. If Firefox
| didn't support it then I would be using another browser. Seeing
| as Mozilla has been struggling to get anything right, they
| should be kissing gorhill's behind.
| maest wrote:
| > uBO is THE killer extension
|
| Now that you say that, I wonder if that's Google's end game:
| keep Mozilla on the payroll, disincentivise them from
| innovating on their product and wait for Firefox to slowly
| bleed users until nobody is using them and solidify Chrome's
| position. And that's how they take care of adblockers. They
| already have wide control over Chromium so that would only
| leave Safari as the last viable browser alternative (a much
| harder product to attack).
|
| Now, Google can't stop Firefox from allowing ad blocker
| extensions, but they can encourage Mozilla to run Firefox in
| all but abandonware mode, until it dies out.
|
| It's embarrassing how hard the Mozilla Foundation has fumbled
| their position and I'm having a hard time attributing their
| actions simply to incompetence.
| ForHackernews wrote:
| So Mozilla goofed, apologised of their own accord and corrected
| the mistake? And in response this dev is throwing his toys out of
| the pram? Do I read this right?
| jampekka wrote:
| I can see how having to jump pointless bureaucratic hoops in a
| volunteer project can cause throwing out toys.
| ForHackernews wrote:
| What pointless hoops? The extension was restored.
| jampekka wrote:
| After pointless hoops. And the process seems to involve
| pointless hoops even when the review is not rejected.
|
| https://github.com/uBlockOrigin/uBOL-home/issues/197
| ForHackernews wrote:
| Again, what pointless hoops?
|
| > After re-reviewing your extension, we have determined
| that the previous decision was incorrect and based on
| that determination, we have restored your add-on.
| catapart wrote:
| Yeah, it's kind of wild to see the general reaction to this
| being "the developer is being unreasonable".
|
| It's like... I, too, find it burdensome for a review that
| claims to be "manual" to suddenly flag a file my code has
| been utilizing for years, and puts the onus on me to refute
| it's findings. Not only is it trying to prove a negative,
| it's ridiculous that an unchanged file needs re-review for
| things like "is it minified?".
|
| As far as I can see, there are errors here and they are _ALL_
| on Mozilla 's side. Better training, maybe, but probably just
| stop lying that a manual review has happened when it hasn't.
| And then, when you have whatever semi-automated review is
| being done flag a thing, then actually have a human review
| it. And, since that would be a firehose, implement simple
| standards to filter out spam and publish those standards -
| and what effect each infraction will have on the review
| process, including steps for remedy. Make them able to be
| completed as automatically as possible for the developers, so
| that you don't have to manually review, again. If it's a
| minification issue, require the devs to re-upload non-
| minified versions, check it automatically, and then allow the
| publish.
|
| I'm being simplistic and flip, but a reasonable
| generalization is just that bureaucracy should be imposed on
| the implementers of the bureaucracy, not the people who are
| trying to engage with it.
| x0x0 wrote:
| When Mozilla is being gifted enormous amounts of free labor,
| they should be more careful with the donor.
| aaronmdjones wrote:
| You do not read this right. Mozilla goofed, then goofed again,
| then again, then again, then again, then the developer got fed
| up of having every single version reviewed incorrectly and
| pulled it, then Mozilla apologised.
|
| I'd do exactly the same thing.
| lol768 wrote:
| Why does this extension even exist on AMO? The article says it's
| the "Lite/Manifest v3 version" - why would you _ever_ install the
| inferior edition meant for legacy browsers, instead of the one
| that blocks ads properly that 's meant for Firefox?
| SSLy wrote:
| Because it's lighter on power usage, and that matters for
| firefox on android.
| panarky wrote:
| And because it can block ads without infinite permission to
| read and change every site you visit.
| mmwelt wrote:
| But now it's not even possible to use the add-on in Firefox
| for Android, as only add-ons from AMO can be installed.
| mdaniel wrote:
| I was curious if trying to load it via
| file:///storage/emulated/0/Download/... would work (as my
| recollection is that .xpi installation is content-type:
| sensitive) but insult-to-injury is that FF Nightly for
| Android _searches_ for the string "file:///storage...", so
| they seemingly have nuked even the file: protocol handler
| for Android. Good times over there at Mozilla
| Elfener wrote:
| Pretty sure file:// is very broken in different ways on
| every android browser.
|
| For example, on kiwi browser typing in a file URL causes
| it to be searched, but using the "go to URL in clipboard"
| button (with the file url in your clipboard) works.
| Except when you randomly run into some weird android file
| permission issue and the browser just can't see certain
| files...
| pmontra wrote:
| file:/// is gone in Firefox Android since at least 2
| years ago. I discovered it a few days ago
| https://bugzilla.mozilla.org/show_bug.cgi?id=1806171
|
| It works in Chrome on my Android 11 phone.
| mod50ack wrote:
| That's not true anymore. You have to press the Firefox logo
| on the about screen a few times, which will make the menu
| option appear in settings to install an extension from the
| local filesystem
| Timshel wrote:
| It can run with way less permission as opposed to UBO.
| sureIy wrote:
| I don't think people care about giving permissions to one of
| the most popular extensions ever. The advantages of giving
| that extension full access are quite clear and the dangers
| minimal.
| pessimizer wrote:
| > I don't think people care about giving permissions to one
| of the most popular extensions ever.
|
| I'm going to fail to go out on a limb and say that those
| people shouldn't use this version in order to avoid that,
| then. I suspect this extension been made available for
| others, like those you're replying to here.
| kccqzy wrote:
| I do care. I trust Gorhill but that doesn't mean mistakes
| can't slip through. Maybe criminals attacked his system to
| steal his credentials, or maybe criminals just used old
| fashioned violence to force Gorhill to release a malicious
| extension update. Exactly because this is the most popular
| extension ever, criminals have so much higher incentive to
| take over his trusted extension to do criminal things.
|
| Of course all of us have our own assessment of trust and
| danger.
| jeroenhd wrote:
| For the few good reasons Google had for restricting addon
| manifests: performance and security. Declarative domain lists
| are easier to cache and lead to fewer (unnecessary) addon
| activations. Fewer permissions means the impact of a malware-
| infected version hitting the addon store in the future is a lot
| lower. uBlock's rule engine is incredibly powerful, to the
| point where a custom ruleset can inject code into any website.
| That applies to custom rulesets, but also to the built-in ones
| that may or may not get their accounts/hosting hacked, or
| bought out in the future.
|
| Not that I would use the lite version myself, or that I agree
| with Google's choice, of course; they killed ad blocker APIs
| without providing an alternative API, after all. With the code
| already out there anyway, for the people stuck in their ways
| still using Google Chrome, they may as well make this version
| available for Firefox.
| wvenable wrote:
| The other good reason that Google has is that it puts them
| entirely in control of the lists. If they don't want Chrome
| to block ads on Google properties they can opt them out of
| the block lists.
| trustno2 wrote:
| manifest v3 is actually not a bad idea at all. it's more
| efficient, more private.
| EasyMark wrote:
| It's bad though in that it reduces your power over your
| browsing experience. We should get a choice on that. uBO is a
| good actor and I trust them. Also good crippled storage for
| lists in v3 while Firefox did not. Clearly it's to limit size
| of Adblock lists on google's part to make the adblockers more
| irrelevant and in their interest to put as many ads in your
| face as possible.
| EasyMark wrote:
| It's faster and has less security implications. I accept that
| UBO is more powerful even if it has a slightly less secure
| footprint, but that's a decision, others may choose for more
| security per V3
| akira2501 wrote:
| > why would you ever install the inferior edition
|
| It's my computer. I paid for it and I maintain it. I'll do
| whatever I please with it.
|
| > instead of the one that blocks ads properly that's meant for
| Firefox?
|
| I have a better question. Why even use Firefox if it refuses to
| do what I want?
| 4bpp wrote:
| If I understand the timeline correctly here, it seems that
| gorhill overreacted, and I say that as someone who is usually
| harshly critical of everything Mozilla has done in the past 5+
| years. It's hardly practical for Mozilla to manually review every
| add-on revision for safety in a timely manner, so they had the
| choice between automation and delays that would make add-on
| development a slog; automation though inevitably will cause false
| positives.
|
| What's the alternative? No pre-release review at all? As a user I
| would hope that this will not be the case, especially now that we
| have confirmation that flashy supply chain attacks are being
| executed in the wild. In fact the review policy protects gorhill
| himself too, since it makes him a bit less attractive as a target
| for a rubberhose attack (no point in blackmailing him to put in
| spyware if the spyware would be caught before release).
| SSLy wrote:
| > No pre-release review at all?
|
| certainly not leaving only the _oldest_ version of the
| extension up.
| jeroenhd wrote:
| I'm not even surprised the addon got flagged. The linked files
| in the Github issue all had file names insinuating a direct
| connection to known trackers (which, of course, uBOL is
| blocking). Whatever automated scanning tool Mozilla uses
| probably latched on to "oh this is Google Tag Manager" and
| issued the warning that is normally handed out to addons that
| do include sketchy scripts like these.
|
| HOWEVER: the email clearly states:
|
| > Your Extension uBlock Origin Lite was manually reviewed by
| the Mozilla Add-ons team in an assessment performed on our own
| initiative of content that was submitted to Mozilla Add-ons
|
| Either that is a lie, or the manual reviewer that did the
| "review" doesn't understand that the automated tool they ran is
| capable of false positives.
|
| Nothing wrong with automated abuse assessments on a platform
| like Mozilla's, but don't lie in your communications about it
| (or hire people who know what they're doing when it comes to
| blocking addons).
| GrantMoyer wrote:
| I agree with what you say about the tradeoffs of a review
| process, but strongly disagree that Raymond Hill overreacted.
| He's a solo dev working on uBlock as a hobby who doesn't even
| take donations; he doesn't owe us anything. He gets to decide
| if the review process frictionless enough for him to contribute
| his time and energy, and even though he decided it's not in
| this case, he made his extension open source, so anyone else is
| free to publish uBlock Origin Lite in his stead.
| Timshel wrote:
| Don't remove stuff that are used for some time using only
| automatic tooling ...
|
| And from the start the review was supposedly: "Your Extension
| uBlock Origin Lite was manually reviewed by the Mozilla Add-ons
| team".
| yojo wrote:
| I think it's reasonable to expect that one of Firefox's most
| popular extension publishers gets a higher tier of review
| service. Gorhill (and other top extension devs) are providing
| real value to Firefox, and have demonstrated good behavior for
| years.
|
| This doesn't mean they should get to publish whatever they
| want, but if a reviewer is about to reject a high profile
| plugin, they should get a second set of eyes on it. Which would
| have obviously caught the mistake here.
|
| Feels like another "Firefox is underinvested in developer
| relations" story, which is surprising given how much they rely
| on them.
|
| Edit: honestly the idea that gorhill doesn't have a dedicated
| rep at Mozilla is baffling to me. According to their stats the
| extension has 8.4 million users. They should call him on the
| phone to let him know there's a problem with his extension.
| causi wrote:
| Yeah they've repeatedly used his name in advertising Firefox
| Mobile.
| munch117 wrote:
| But this is not about a high profile plugin. The high profile
| plugin is "uBlock Origin", and this is about "uBlock Origin
| Lite", which is a big thing for Chrome, but not for Firefox.
| Why would anyone want to use uBOL, when they have the option
| to use uBO?
|
| Perhaps Mozilla does have a higher tier of review, but it's
| for specific plugins, not for specific authors.
| umbra07 wrote:
| From what I remember, there are noticeable efficiency gains
| when using uBOL on mobile browsers.
| chimeracoder wrote:
| > But this is not about a high profile plugin. The high
| profile plugin is "uBlock Origin", and this is about
| "uBlock Origin Lite", which is a big thing for Chrome, but
| not for Firefox. Why would anyone want to use uBOL, when
| they have the option to use uBO?
|
| uBlock Origin requires giving the extension full read and
| write permissions on every site you visit, which is a huge
| liability, security-wise.
|
| uBlock Origin Lite uses Manifest V3, which doesn't require
| providing those permissions to the extension.
|
| Perhaps you trust gorhill with that power, but it's pretty
| understandable why others might not want to give that power
| to a third party.
| zdragnar wrote:
| This is exactly why Apple implemented the precursor to
| Chrome's v3 manifest in Safari (not to mention the
| performance implications).
|
| It's a lot easier to just accuse Google of acting in bad
| faith, and Mozilla of being their lapdogs, and ignore any
| possible evidence to the contrary.
| chimeracoder wrote:
| > It's a lot easier to just accuse Google of acting in
| bad faith, and Mozilla of being their lapdogs, and ignore
| any possible evidence to the contrary.
|
| There are two issues at play here.
|
| Manifest V3 is, undeniably, a security improvement over
| Manifest V2. Providing full read/write access to all
| websites is a _huge_ security risk, and the fact that we
| 're willing to do it is really a testament to how bad the
| state of the web is without adblockers.
|
| However, the final standardized version of Manifest V3
| limited the size of content filters - essentially,
| limiting the number of ad sources that you could filter.
| This severely limits the utility of adblocking
| extensions.
|
| Mozilla responded to this by promising not to implement
| the cap in their implemention of Manifest V3 - ie,
| ignoring that part of the spec and allowing extensions to
| filter an unlimited number of sources in Firefox. Chrome
| and other browsers are sticking to the spec, though,
| including the cap on sources.
|
| I believe UBlock Origin Lite is a downgrade feature-wise
| from UBlock Origin, but that's because it's targeting
| both Firefox and non-Firefox browsers. In theory, a
| Manifest V3 version of UBlock Origin Lite designed for
| Firefox could provide the same functionality as the
| Manifest V2 UBlock Origin.
|
| Honestly, I hope someone (whether gorhill or someone
| else) takes up the mantle and does that, because there's
| no reason that Firefox users should have to use an
| adblocker with a less secure design, just because other
| browsers don't support it.
| wtallis wrote:
| > Providing full read/write access to all websites is a
| huge security risk, and the fact that we're willing to do
| it is really a testament to how bad the state of the web
| is without adblockers.
|
| That seems to be completely ignoring that extensions
| aren't just independent self-contained programs. They're
| intended to extend and modify the capabilities of your
| user agent to better suit the needs of the user. Trusting
| the user agent with full read/write access to the data
| it's fetching is fundamental to the purpose of a user
| agent. Sure, it's nice when you can sandbox a helper, but
| it's irresponsible to suggest there's anything wrong or
| unusual about having the kind of powerful extensions that
| Google doesn't want you to have.
| chimeracoder wrote:
| > Sure, it's nice when you can sandbox a helper, but it's
| irresponsible to suggest there's anything wrong or
| unusual about having the kind of powerful extensions that
| Google doesn't want you to have.
|
| You're arguing against a straw man here.
| Dylan16807 wrote:
| Last I checked google didn't remove the read-only access
| to network requests in v3, so an extension that wants to
| track everything can still do that. It just can't block
| anything with custom code.
| EasyMark wrote:
| To have a reviewer under your employ that doesn't know
| what UBO is or it's dev, makes me feel pretty confident
| in siding with gorilla on this, but I hope that he does
| calm down a bit and put the extension back up.
| chimeracoder wrote:
| > To have a reviewer under your employ that doesn't know
| what UBO is or it's dev, makes me feel pretty confident
| in siding with gorilla on this, but I hope that he does
| calm down a bit and put the extension back up.
|
| FYI, it's UBlock Origin _Lite_ that is affected here, not
| UBlock Origin. Same developer account, but a tiny
| fraction of the installation base. I think I still have
| an extension that has more users than UBlock Origin Lite
| did on Firefox (only 5000 installations at the time it
| was taken down).
|
| To be honest, neither party looks good here. It reflects
| poorly on Mozilla that they don't have guardrails in
| place to prevent adverse action on the developer account
| that publishes their most popular extension. Gorhill's
| reaction (particularly his most recent comment from an
| hour ago) comes off as petty and vindictive. Yes, it's
| his prerogative to spend his unpaid time how he wants,
| but expressing that sort of aggression and directing it
| at your _users_ doesn 't win over many allies in the long
| run.
| shadowgovt wrote:
| I must have missed that update; I haven't seen any
| aggression directed at users of the plugin.
| spacechild1 wrote:
| > in siding with gorilla on this
|
| Off topic, but this is such a funny autocomplete accident
| :)
| weare138 wrote:
| But it's the same dev who's been active for over a decade
| and has a solid reputation. Users rely on these extensions.
| Removing a popular, well established extension without
| warning or apparently even making sure it was in violation
| of said policies to begin with is irresponsible.
|
| And the specific extension in question being a popular
| ad/tracker blocker while Mozilla has been cozying up to the
| adtech industry lately and selling access to Firefox user
| data isn't a good look for Mozilla. Maybe Mozilla is just
| being grossly mismanaged but this is all getting noticeably
| suspicious.
| EasyMark wrote:
| It's more efficient which can pay dividends in battery life
| on android, especially for those who have older phones.
| munch117 wrote:
| Thanks for the info. Wikipedia describes uBOL solely as a
| reaction to Manifest V3, and that's what I was going by.
| shadowgovt wrote:
| If it is, indeed, the case that they don't bump the entire
| account to a higher tier of service if one of their
| products justifies it, they've fundamentally conflated the
| technology with the humanity of the system and this is a
| predictable consequence.
|
| They're the browser with 2% market share.
|
| They're lucky he didn't also pull uBlock Origin because he
| felt insulted and let users figure it out. He doesn't owe
| Mozilla their tent-pole of "We make it harder for third-
| parties to track you", the tent-pole he set up for them for
| free.
| munch117 wrote:
| We all agree that this case is a very bad outcome for
| Mozilla.
|
| What I don't agree with, is that a system that is based
| on higher tiers for entire accounts, is necessarily
| better. If such a tier exists, then all the big players
| will apply pressure to be put in that tier. Suppose
| Amazon tries for that - surely they'll get it. And then
| they'll use it, not just for "the Amazon app", but for
| every crappy outsourced app they make for any purpose.
| Placing a huge burden on Mozilla, who now will have to
| spend extra resources to hand-check a lot of crap that
| could have been auto-rejected, just in case, because
| effectively the burden of proof has been shifted.
|
| I'd like you all to try to abstract from this case for a
| second, and think about the strategic choice: Which is
| the better rule, evaluating apps, or evaluating accounts.
| Sure, now you're all thinking that you'll make a super-
| duper amalgam system that looks at both in some
| combination. That's the benefit of hindsight. But suppose
| you're making version 1, and you're keeping it simple.
| What would you start with?
| shadowgovt wrote:
| > Which is the better rule, evaluating apps, or
| evaluating accounts
|
| For now, evaluating apps.
|
| ... but only because gorhill decided not to go nuclear
| (and good on 'em for doing so). The unequal power dynamic
| you're painting of Amazon exists today, whether or not
| Amazon attempts to pressure Mozilla right now; they're at
| their discretion to decide that they'll only support a
| Firefox extension if Mozilla plays ball with a bunch of
| other crappy apps too (and then Mozilla can tell them to
| go pound sand, and then the users can't get to the Amazon
| app easily, and then someone writes a workaround... The
| human system is far, far squishier and more complicated
| than the technical system).
|
| > But suppose you're making version 1, and you're keeping
| it simple.
|
| Sadly, Mozilla does not have that luxury because they
| exist in an ecosystem of other corporations with web-
| store presences and it's incumbent upon them to be
| competitive if they want to survive in that
| configuration. If Google and Amazon can glad-hand high-
| value customers, Mozilla needs to learn how to do so also
| or risk those customers deciding the Mozilla ecosystem is
| more trouble than it's worth to participate in (because
| what do you get? 2% market share?).
| yojo wrote:
| Generally, anything published by the guy who maintains your
| most-installed plugin is by definition high profile. That's
| why we're talking about this case on HN.
|
| If Mozilla is providing tiered support by plugin rather
| than publisher, this latest kerfuffle is evidence that they
| should reconsider the approach. But if I were betting, I'd
| guess there's no one at Mozilla whose job responsibilities
| include keeping their marquee plugin authors happy.
| shadowgovt wrote:
| And, in contrast, that job (or parallel jobs for
| different 'online stores') _definitely_ exist at Google
| and Microsoft. At Google, there 's a whole army of open-
| secret glad-handlers for liaising between high-profile or
| high-relevance Cloud customers and the development teams
| inside Google that work on Cloud (because sometimes a
| customer comes up with a novel way to use the tool that
| exposes the cracks in the abstraction and lets the
| underlying implementation leak out undesirably).
| Customers don't get to choose to be handled that way
| (though they can, of course, indirectly signal it by how
| much money they spend); it's Google's decision to
| maximize company value / security.
| guilhas wrote:
| Good point, they should be on the phone "Mr G how can our
| developers help you getting this extension approved"
|
| This developer one of the main reasons for many people to use
| Firefox, especially in this current chrome controversy
| manifestV2 vs V3
|
| And ironically this uBOL success should be of very interest
| to Mozilla because if it had gained more success than the
| main one uBO then it would be one less reason for the company
| to invest resources into maintaining manifestV2
| xnx wrote:
| Firefox is a thick wrapper around the core functionality of
| uBlock on Android. Without uBlock, the case for using Firefox
| is very weak.
| Jalad wrote:
| uBlock on Firefox pretty much is the only reason I haven't
| ditched Android yet
| xnx wrote:
| Same, though I've switched to uBlock in Kiwi Browser.
| medstrom wrote:
| This isn't about uBlock though. Just uBlock Origin Lite.
| fsckboy wrote:
| you mean, this isn't about _uBlock Origin_ though. Just
| _uBlock Origin Lite_.
|
| plain old _uBlock_ is another add-on which may no longer
| exist. (uBlock was the original original, but the same
| developer, gorhill, mistakenly let it slip into the wrong
| hands and it became a pay-to-play leaky ad blocker)
| SergeAx wrote:
| uBlock Origin is THE reason I am using Firefox Mobile. The
| moment it gone - there's no sense in keeping the browser.
| rightbyte wrote:
| Mozilla knows that. Which is why they excempted Ublock
| Origin from their user hostile all but that one extension
| ban on mobile. (In practice it was a ban. I think they
| called it something else.)
| bambax wrote:
| > _manually review every add-on revision for safety in a timely
| manner_
|
| Sure, but uBlock Origin, lite or not, is one of the most
| important browser add-on, if not the single most important one.
| This may not justify to give it a pass without looking, but it
| should certainly be reason enough to jump it in front of the
| queue and review it manually every time.
| asadotzler wrote:
| Lite is meaningless to 99% of Firefox users. The real deal is
| available and they aren't force to use the inferior Chrome
| version.
| jampekka wrote:
| Maybe a less crappy review system at least?
|
| "The burden is that even as a self-hosted extension, it fails
| to pass review at submission time, which leads to having to
| wait an arbitrary amount of time (time is an important factor
| when all the filtering rules are packaged into the extension),
| and once I finally receive a notification that the review
| cleared, I have to manually download the extension's file,
| rename it, then upload it to GitHub, then manually patch the
| update_url to point to the new version. It took 5 days after I
| submitted version 2024.9.12.1004 to finally be notified that
| the version was approved for self-hosting. As of writing,
| version 2024.9.22.986 has still not been approved."
|
| Doesn't sound like something I'd enjoy as a hobby.
|
| https://github.com/uBlockOrigin/uBOL-home/issues/197
| TiredOfLife wrote:
| Mozilla is not a single person in a basement with a 20 year old
| second hand computer. They spend hundreds of millions $ per
| year. uBlock origin has 8+ million installs. The second
| extension by install count has 4 (four) times less. If if
| anything to do with gorhill and their extensions is not
| priority one in their review system, then something is really
| wrong at Mozilla.
| seba_dos1 wrote:
| ...and the extension this article is about had about 5000
| (five thousand) installs before being taken down. That
| doesn't really scream "priority" to me.
| witrak wrote:
| It may be true, but your point of view isn't the sole
| possible. Many people have to use more than one browser and
| for them, the Google decision (effectively forcing the
| creation of uBOL) was really painful so Hill's new product
| is of big value. Also, there are people who don't know
| anything about uBO since they never used Firefox but they
| probably will start to use uBOL as other blockers for
| Chromium-based browsers are incomparable to it. Thus 5k
| downloads of uBOL are no measure of its importance.
| bitfilped wrote:
| This was for uBlock lite, a much lesser used plugin
| chimeracoder wrote:
| > This was for uBlock lite, a much lesser used plugin
|
| Sure, but it's published by the same developer and has
| existed for a while. It's not a brand new extension under
| his account, or published on a different developer account.
|
| I've built review systems before, and you typically have
| safeguards in place to prevent mistakes that impact your
| biggest users. No matter how you cut it, this isn't a good
| look for Mozilla.
| shadowgovt wrote:
| And behind the scenes is one human being maintaining both.
|
| If you make maintaining one of them more stressful than the
| other, the maintainer dropping one to focus on the other is
| a predictable consequence.
| pmontra wrote:
| If they piss off a dev they risk losing all the plugins of
| that dev. So they must not look at uBOL, the subject of the
| review, but at uBO, the most popular plugin of that dev.
| And it turns out that it's Firefox's most popular plugin
| among all its plugins. They should immediately escalate the
| review even if gorhill submitted a plugin to log Hello
| World in the console.
| phendrenad2 wrote:
| Exactly. And this is why we need paid browsers. If the ad-
| supported/donation-supported browsers like Firefox need to
| apply low-quality automated solutions to approving/rejecting
| even their most popular addons, then clearly the business model
| isn't working.
| Semaphor wrote:
| > their most popular addons
|
| It's the lite version. It's not popular at all.
| EasyMark wrote:
| However gorhill is quite a high tier extension dev which
| should get him more attention and at least a second set of
| eyes on any drastic action like cutting his extensions.
| talldayo wrote:
| ...except there is no evidence that paid, manual review
| works. Closest thing we have is Apple's App Store, which
| infamously has manual review cycles worse than an automated
| malware checker: https://www.pcmag.com/news/beware-theres-a-
| fake-lastpass-app...
|
| This is why you should be happy that you _don 't_ pay for a
| browser.
| marcinzm wrote:
| Anecdotes are not data, and requiring perfection is a
| really odd bar for working or not working.
| talldayo wrote:
| > Anecdotes are not data
|
| When you blatantly violate the IP of a well-trusted dev,
| posing as a third-party and successfully tricking Apple,
| yeah, you are a pretty big data point. You can't call
| CloudStrike an anecdote.
|
| My bigger intention is to fight the idea that automated
| solutions are necessarily better than inept human-reliant
| ones. Firefox doesn't even have remotely Apple's scale or
| revenue to work with - who seriously expects Mozilla to
| do better than them?
| sgc wrote:
| You jump immediately to money. But less crappy automation in
| this case is almost certainly a question of configuration and
| then thoughtfulness on the part of follow up reviewers, not
| just throwing money at the problem. It feels like you are
| shoehorning your own agenda in the conversation a bit.
| EasyMark wrote:
| I think not everyone thinks that money solves all things.
| Look at the $8 blue check "verified" accounts on Twitter that
| are easily identified as CCP/Russian spam bots. We've had
| free browsers for nearly 30 years, so I'd say we don't need
| paid browsers just yet. There are of course some out there
| for those who like the idea, but overall it's not a solution.
| n=1 failure doesn't mean flushing the whole enterprise down
| the toilet. There is an easy policy change for this. Fire one
| high level executive and get 10 more quality reviewers so
| that the more experienced reviewers can get high traffic
| items like those from gorhill
| mcherm wrote:
| I think that the alternative is some form of "per review",
| where the effort of performing reviews is spread out among a
| volunteer f with reasonable "reputation" management and in
| which a party can accelerate their own review by contributing
| to the reviews for others.
| mort96 wrote:
| Meh, it's perfectly reasonable to decide that you don't want to
| deal with this kind of bullshit and pull the extension from
| problematic stores. There's probably a miniscule amount of
| people using uBO Lite on Firefox anyway.
| politelemon wrote:
| I don't think the author has overreacted, but your first
| paragraph doesn't seem to match the timeline, so maybe the
| article didn't portray it correctly. For a better understanding
| have a look at the Github issue:
| https://github.com/uBlockOrigin/uBOL-home/issues/197
|
| It was not an automated review, it was a manual review, poorly
| done. The author then explains that they don't want to deal
| with the stress (there are also some extra explanations of
| what's involved in the AMO review process), and also that they
| left a somewhat harmful version of the plugin up. Not wanting
| to deal with stress is a perfectly understandable reaction.
| shadowgovt wrote:
| Sometimes, people apparently forget how much of this
| ecosystem is built on volunteers: their time and their
| talent.
|
| You can lose a volunteer army fast if you don't provide them
| the warm fuzzies of the experience they don't get working
| with a faceless corporation.
| Ekaros wrote:
| No he did not. Mozilla is in situation where they should bend
| backwards with very popular extensions, which I believe both
| uBlock Origin versions must be. Ensure anything you do with
| them is absolutely correct.
|
| In general quite many extensions are done for passion. And any
| chance of destroying that passion will make your product less
| desirable to work with and thus in long run less popular.
| seneca wrote:
| Mozilla is an absolute joke of an organization, and it's tragic
| that they are still the primary alternative to Google having a
| total monopoly on browsers. I suppose you shouldn't expect much
| from a company that is just there to maintain a facade to fend
| off regulators.
| busterarm wrote:
| We're at a really dangerous point with browsers at the moment
| where there's really no consumer-friendly option available.
|
| I'm scared to say that Safari comes closest but you're just in
| Apple's walled garden then instead of someone elses'.
|
| Our only hope seems to lie with Ladybird, if that even ends up
| being good and it seems extensions aren't on the agenda at
| least for a while.
| slig wrote:
| I'd say we're past that point. Less than 5% of global users
| (and going down) and NO mobile presence at all. The newer
| generation of devs and power users won't even care.
| busterarm wrote:
| You're absolutely right, but I'm trying to retain a shred
| of optimism, especially with a high amount of focus and
| interest on this area lately with projects like Ladybird
| and even new Gopher and Gemini clients.
|
| If the vast majority of endusers want to live in the moat,
| I can't stop them, but at least I'd like an alternative to
| explore interesting content even if my bank, etc will never
| support it.
|
| At least banks are regulated enough that I don't expect
| their websites to be running full-page video ads anytime
| soon.
| x0x0 wrote:
| It's past time to give up on Mozilla.
|
| I told our dev teams to not even bother testing because,
| on our b2b site, Firefox usage was under 0.01%. That is
| not a typo. I can't spend dev time on that.
|
| They're doing the same, and now playing VC, an industry
| at which they have no apparent expertise.
| JimDabell wrote:
| The issue is bigger than that. The web standards process
| relies on two independent implementations for something to
| become a web standard. This just about works when there are
| three big players, but if Mozilla drops out, then it's just
| Google and Apple arguing. It's bad enough that two out of the
| three rendering engines that participate in the web standards
| process are funded by Google. We really need another
| independent rendering engine to step up. Hopefully Ladybird
| will get some traction.
| sunaookami wrote:
| It's very annoying you have to submit your extension to
| gatekeepers to even distribute them to normal users. As gorhill
| said on GitHub it took days for a self-hosted version to be
| approved - that's unacceptable. Imagine you would need approval
| from Microsoft to distribute software. Not even Android is this
| closed. Enforcing signatures and removing XUL were the worst
| things Mozilla has ever done. And yes, Google does the same and
| it's even worse there but this it to be expected from them, but
| not from Mozilla.
| Zak wrote:
| On desktop Firefox, you can download an extension from anywhere
| and install it. All they're gatekeeping is their own
| repository, which I think most of us would like them to do.
|
| I think mobile requires using a nightly build to install
| extensions from outside Mozilla's repository, and that suggests
| their thinking is becoming contaminated by the rest of the
| mobile ecosystem.
| Semaphor wrote:
| No, the normal version blocks (at least permanent) installs.
| You need the developer version to install unsigned
| extensions.
| Zak wrote:
| I see. The extension I installed to test that actually _is_
| signed, though it 's not in AMO.
|
| I don't like this. I know there have been issues with
| malicious extensions, so it makes sense to me that
| installing unsigned extensions is turned off by default,
| but requiring developer builds is a step too far.
| pxc wrote:
| What release made this change effective?
| Semaphor wrote:
| That was many years ago, there was a bit of a public
| complaint.
| adduc wrote:
| Are you certain extensions can be downloaded and installed
| from anywhere? Firefox's documentation[1] states "Extensions
| and themes need to be signed by Mozilla before they can be
| installed in release and beta versions of Firefox." If UBlock
| Lite was rejected through Mozilla's signing API, they'd have
| no ability to create an XPI that can be installed by
| release/beta version of Firefox.
|
| [1]: https://extensionworkshop.com/documentation/publish/sign
| ing-...
| bytebolt wrote:
| You can no longer package extensions yourself and if you try
| using "Load add on from file" you get that extension loaded
| but it's gone after a restart. All extensions have to be
| signed first to be permanent and Mozilla denied to fix that
| on their bug tracker.
| burnte wrote:
| Signing is such a low bar to pass I agree that not offering
| that as an option is reasonable. It takes seconds to do.
| Zak wrote:
| We're talking about signing by Mozilla to indicate the
| extension has passed some sort of review process, not
| signing by the author. It isn't a low bar because it
| gives Mozilla veto power over what extensions users can
| install.
| Arnavion wrote:
| To add on to the other replies, you *can* load unsigned
| extensions with desktop Firefox if the build you're using
| disabled the signing requirement at build time. A bunch of
| distros' FF packages do that, for example, and is why I use a
| bunch of extensions I wrote myself (and thus trust) for
| myself without having to deal with Mozilla. (Zip up the
| files, change the file extension to `.xpi`, drop it in
| `$libdir/firefox/browser/extensions/`)
| kevincox wrote:
| > removing XUL
|
| Nah, XUL had to go. The other stuff wasn't really related. It
| was a more "if we are going to break most extensions we may as
| well use this time to push everything else we want". If
| anything XUL is a scapegoat.
|
| I know because I maintained VimFx for a while after the XUL
| removal. It was difficult to keep up with internal APIs that
| are changing, but I can't blame them, they need to develop
| their product. The thing that really made me give up on
| maintaining VimFx was the signing enforcement. They just keep
| tightening the screws so that I couldn't even run "my own" code
| with any reasonable UX.
|
| What I would have like to have seen:
|
| 1. Provide WebExtensions as the recommended way to do things
| with some compatibility and deprecation guarantees.
|
| 2. Stop caring about compatibility of other APIs.
|
| 3. Still allow outside "full access" extensions that use those
| internal APIs. You can give warnings in the store "this
| extensions uses unsupported APIs and may break at any time and
| steal all of your personal data" and make the install button
| bright red but still allow it.
|
| 4. Keep supporting self-distributed extensions with developer
| managed signing keys and update URLs.
|
| Since there are no compatibility guarantees on these APIs it
| wouldn't have been much extra work. Just a bit of UX work to
| add scary warnings and maintenance of the non-store update
| code.
| irq-1 wrote:
| > 4. Keep supporting self-distributed extensions with
| developer managed signing keys and update URLs.
|
| Mozilla followed the big corps in the 'store' model, instead
| of keeping it open free-form. We might have a viable
| developer certification trust system by now, but with that
| too, only the corps have enforced signing systems (that are
| closed and fragmented.)
| EasyMark wrote:
| What?You can install extensions in Firefox easily without going
| through the Firefox extension store. XUL had to go.
| mort96 wrote:
| No, you can't. Extensions must be signed by Mozilla for
| Firefox to let you install them.
| kevingadd wrote:
| This is simply not true. I've been using unsigned
| extensions for years. You drag-drop a zip file into the
| extensions window and it will let you install it.
| drdaeman wrote:
| You must be using either the Developer Edition, ESR,
| nightly or some unbranded version. Vanilla Firefox
| doesn't allow to install unsigned extensions permanently.
| fastest963 wrote:
| > Imagine you would need approval from Microsoft to distribute
| software.
|
| You mean like how you need permission to distribute software on
| MacOS/iOS? More and more platforms are moving in this direction
| and I wouldn't be surprised if Windows goes the same way in the
| future.
| solarkraft wrote:
| It's not only that, Firefox also forces you to use the Developer
| edition (which updates about daily, FORCING you to restart it) if
| you want to install extensions that aren't signed by Mozilla
| (e.g. your own).
|
| This behavior reminds of Apple. They say it's for security (where
| have I heard that before), yet Chrome doesn't seem to need such a
| restriction.
|
| To me it seems like another step in many of Mozilla's
| enshittification.
| rgreekguy wrote:
| I am pretty sure Chrome has also added the forced restart for a
| bit now. It might not show up right after the update, but it
| doesn't take long. I don't remember if it was straighforward,
| or just crashed new tabs.
| aaronmdjones wrote:
| You don't have to use the developer edition to run unsigned
| addons; you can use the ESR version or nightly as well.
| Dkuku wrote:
| This again shows the problem of automatic reviews. There should
| be a person name in every review that was responsible for it,
| currently it's blamed on our automated system. If the law would
| require someones name on it then I'm pretty sure the review
| process would be much better and the explanation would include
| more than an apology.
| system7rocks wrote:
| Curious why Firefox doesn't just start incorporating uBlock into
| the browser? Make it a standard feature that comes pre-
| installed... but maybe not automatically enabled? Thoughts?
| bogwog wrote:
| Mozilla has been trying to become an ad company for a while
| now. A built-in ad blocker would mess that up for them.
| jjice wrote:
| Have they? I haven't seen this. They have a lot of tracking
| protection built in, but no ad blocker. I'm not doubting you,
| I just haven't seen any action or posts on their part about
| this.
| BenjiWiebe wrote:
| You get sponsored content in the new tab page by default.
| mossTechnician wrote:
| They developed Privacy Preserving Attribution with Facebook
| to collect data from browsers. It's enabled by default in
| fresh Firefox installs. They also acquired an advertisement
| subsidiary, Anonym, earlier this year. So when Mozilla
| makes a statement about advertisements, it's worth a little
| extra scrutiny.
| open-paren wrote:
| I manage a medium-sized browser extension at work. We also
| offer(ed) it on Firefox. But I have spent the past year
| struggling to get back into Mozilla store after a manual review.
| As far as I can tell, there are maybe two reviewers that are
| based in Europe (Romania?). The turn around time is long when I
| am in the US, and it has been rife with this same kind of "simple
| mistake" that takes 2 weeks to resolve. "You need a privacy
| policy"-we already have one. "You are using machine generated and
| minified code"-no you are looking at the built code, not the
| included source. "We cannot reproduce your source"-that's because
| you didn't follow instructions and are in the wrong directory.
| Very frustrating.
| sureIy wrote:
| I had these issues too a few years ago. Now the review time is
| shorter than Chrome's and hasn't been flagged in a few years.
| However my extension has about 10k users, if that makes any
| difference.
| jjice wrote:
| Also had these issues when working on my previous job's
| extension. The Firefox review process was a real nightmare to
| work with. Same heavy delays and misunderstandings your
| mentioned. Eventually the company just stopped updating the
| Firefox extension as often since usage was low and the review
| process was such a pain. Unfortunate for me, as the only
| engineer (maybe employee) at that company that used Firefox.
| whstl wrote:
| Same here. We even had a special "mini" Firefox version that
| didn't require any additional Javascript build step, to make
| the review easy. But there were so many issues with the
| review and so few users that we just decided to give up.
| rightbyte wrote:
| The whole extension change Mozilla forced on Firefox seems
| like some sort of sabotage.
|
| Mozilla sneaking in more and more spyware and ad friendly
| functionality seems in line with the same conspirators.
|
| And given how high profile all these changes are, it runs to
| the top of the company.
| Squeeeez wrote:
| So, which browser are you using?
| ilrwbwrkhv wrote:
| That's not just mozilla. Google's review team all are in India
| and they cannot write clear English. It's a mess.
| politelemon wrote:
| Also Apple and Meta. It's awful dealing with infallible
| gatekeepers.
| Rinzler89 wrote:
| _> Google's review team all are in India and they cannot
| write clear English._
|
| Which is ironic considering the reason they went to India and
| not other countries with cheap labor is that English is an
| official language there.
| lenerdenator wrote:
| The problem is that the set of "Indians who can speak
| fluent English" and the set of "Indians who will work for
| the absolute lowest bid" are exclusive. And I don't blame
| them, really.
|
| These execs mistake "English is an official language" for
| "English is a widespread first language". Only 0.02% of
| Indians speak English as their first language, while total
| speakers (of first, second, or third language) are 10.6% of
| the population.[0]
|
| [0] https://en.wikipedia.org/wiki/Languages_of_India#Multil
| ingua...
| giancarlostoro wrote:
| > that's because you didn't follow instructions and are in the
| wrong directory.
|
| You just need to have a shell script in the root directory that
| assumes the person running it has 0 clue about your extension.
|
| Also some of this reminds me of Apple. They clear something up,
| then bring it up again the next time review is needed.
| adrian17 wrote:
| Even this we had issues with - we wrapped the entire build
| environment and script in a dockerfile, but depending on
| system configuration you may or may not have to run docker
| with sudo - it just so happened that reviewer's environment
| required it, while ours didn't, and the reviewer needed
| specific instructions on what to do in this case.
|
| Another time, they failed the review because the reviewer's
| VM _ran out of disk space_ (which we only learned after
| digging into the issue, as the first report just mentioned
| "build errors"; according to later inquiries the VM had ~9GB
| available) and we had to add some extra build logic to delete
| intermediate files, just for them. The build is quite large
| because it involves rust->wasm compilation, but I'd still
| expect the reviewer's machine to have a bit more space...
| cxr wrote:
| Everything described here sounds like your team, your
| extension, and your software development process are the
| problem. Demanding >9GB of disk space to build a browser
| extension is capital F, capital I Fucking Insane. Go yell
| at the Rust folks about their shitty toolchain and your
| engineering lead for buying into it instead of blaming
| people who have enough problems as it is just coming into
| contact with the quagmire you described.
| adrian17 wrote:
| The 9GB limit was not just the Rust stuff, that was for
| the entire docker environment with compiler, JRE, node,
| wasm toolkit, typescript, webpack etc. Yes, we need all
| of these to make a "true" reproducible build from
| scratch.
|
| > to build a browser extension
|
| It shares 99% of code with a desktop application; you can
| compile it to wasm while preserving most features. The
| extension wraps the wasm.
|
| For reference, when making a single clean build, the
| `target/` dir reaches 700MB.
| akira2501 wrote:
| > that assumes the person running it has 0 clue about your
| extension.
|
| I would tend to assume that a person given responsibility for
| reviewing this software, supposedly to protect end users,
| would not be this clueless.
|
| What value is the "Firefox Store" actually offering then?
| ethbr1 wrote:
| > _What value is the "Firefox Store" actually offering
| then?_
|
| That anyone dumber than such a reviewer cannot sneak
| malicious extensions in.
|
| Which, sadly, is probably a non-trivial number of
| submissions.
| akira2501 wrote:
| > That anyone dumber than such a reviewer cannot sneak
| malicious extensions in.
|
| Although people smarter than such a reviewer are free to?
| What kind of standard is that?
|
| > Which, sadly, is probably a non-trivial number of
| submissions.
|
| Then they're not, as an organization, actually capable of
| doing what they're promising here. There are more ways to
| get this wrong than to get it right, and borrowing the
| Google strategy of just not caring about your end users
| seems completely inappropriate for a non-profit like
| Mozilla.
| ethbr1 wrote:
| > _What kind of standard is that?_
|
| That's the standard of all currated stores.
|
| We can argue about whether Mozilla's reviewer skillset is
| too low, but there's always going to be someone smarter
| than a reviewer, when reviewing is a cost center that
| companies want to spend the minimum amount of money on.
| wnevets wrote:
| > I would tend to assume that a person given responsibility
| for reviewing this software, supposedly to protect end
| users, would not be this clueless.
|
| would you do that job 8+ hours a day for little pay?
| adrian17 wrote:
| > We cannot reproduce your source
|
| This is the biggest issue we had, and we had to add a decent
| bit of complexity to our builds to support reproducible builds
| in the exact way they want. But the silly part is that our
| extension involves building a wasm file from Rust, and after
| some back and forth it turned out that they don't require it to
| be reproducible (despite being core of our extension and
| containing 99% of our logic), which honestly feels like it
| defeats the point - who cares if JS reproduces if you can hide
| any arbitrary possibly-malicious code in wasm.
|
| For a while we were seriously considering putting our prebuilt
| wasm in the source package or on npm, just to make the
| "reproducible build" on AMO side simpler, despite this making
| it even further from how it's actually built.
| jeffchien wrote:
| The reproducible build requirement seems to be a major blocker
| for many addons, including one I use for Twitch:
| https://github.com/FrankerFaceZ/FrankerFaceZ/issues/1495#iss...
| stainablesteel wrote:
| this seems like the kind of place where user-based reviews
| would be more efficient, better, and more open
|
| having the makers of a browser do this is bound to create both
| efficiency and political problems for extensions. im
| remembering dissenter now
| saulrh wrote:
| Every time I hear about the review processes for browser
| extensions I'm shocked that the it involves humans having to
| read your README and manually plumb together the build process.
| Sometimes I hear that reviewers are even reusing VMs when doing
| reviews, or even not using VMs at all. I'd have expected the
| review form to have a textbox where you paste your git link and
| a well-documented automated pipeline that stands up a specified
| VM with a specified amount of RAM and disk, clones the git,
| descends into it, and executes `docker build -t
| ./docker/review/Dockerfile`. I'm surprised that the reviewers
| themselves haven't outright demanded such tooling from their
| larger organization, just as a matter of job satisfaction - I
| can't imagine all the abuse they get from angry app owners.
| 01HNNWZ0MV43FF wrote:
| Browser extensions really seem like they're slowly failing
| and just not supported. Kinda like PWAs.
|
| I want to write a chat program, but it has to work on phones,
| and the DevEx for native phone frameworks compared to desktop
| apps looks like hell, and PWAs seem to be barely supported.
|
| It's easier than ever to make a CLI or desktop app, but
| phones seem like the worst of all Microsoft dev history -
| Learn these arcane lifecycle vocab words that make no sense,
| like using Win32 directly, but also it changes every year or
| two like when MS invents a new GUI framework, but also if you
| can't get into The Store, nobody but your power user friends
| will be able to run your app anyway. What is this shit?
| heraldgeezer wrote:
| >Browser extensions really seem like they're slowly failing
| and just not supported. Kinda like PWAs.
|
| Ya, totally!
|
| lmao
|
| ublock origin has 8mil users on Firefox alone.
| manquer wrote:
| I don't think OP means for the lack of need or
| popularity, more so because vendors and platforms do not
| want them to be.
| joshdavham wrote:
| That's interesting to hear. Do you also offer your extension on
| the chrome store? How did the review process differ? I ask
| because I've only published on the chrome store in the past.
| arp242 wrote:
| The problem with these types of things is that the people who
| are qualified to do good reviews are also the sort of people
| who can typically get a far more interesting job building
| stuff, rather than just reviewing code. It's work that does
| require a certain level of skill, but at the same time is also
| quite boring.
|
| And that more interesting job will probably pay better as well.
| amiga386 wrote:
| There's nothing more frustrating than being gatekept by
| incompetent, lying idiots. Sad day for users but the right choice
| by Hill.
|
| Mozilla wanted in on the $CURRENT_THING of being a "platform"
| where devs bow and scrape and they claim to be the great
| custodian of stuff, protector of users. Don't do this if you
| can't be competent at it. Devs _can_ leave, and they will if you
| fuck up often enough.
| internet2000 wrote:
| The sooner people realize Mozilla is not your friend, the better.
| They've been compromised by the Google money. Want an alternative
| to Chromium? Go support Servo or Ladybird, Firefox can't be
| saved.
| TZubiri wrote:
| Seems a bit extremist. I get being mad at microsoft for trying
| to charge for their software (gasp). I also get being mad at
| Chrome for trying to monetize their software (gasp) with ads.
| But now if you somehow get upset at Mozilla, it's more likely
| that you are the problem.
| lez wrote:
| According to your argument, if Gorhill gets upset at Mozilla,
| then Gorhill is the problem? Who is the extremist here?
| nosioptar wrote:
| Neither of those work with ublock. I'd sooner disconnect from
| the net than not use ublock. (Same reason i don't use
| qutebrowser.)
|
| I like SeaMonkey, it works with a legacy version of ublock.
| It's like using firefox back when it didnt suck.
| conor- wrote:
| Blink is to Servo what Chromium is to Firefox.
|
| Supporting Servo on its own doesn't really move the needle a
| whole lot if it's missing all of the rest of the bits that make
| a comprehensive browser.
|
| Firefox is already using Servo (at least in the form of
| Quantum) under the hood and is still the best option available
| to prevent more of a complete Blink monoculture than already
| exists with every other major browser being Blink-based or some
| reskin/fork of Chromium
| nix0n wrote:
| If Raymond Hill endorsed a Firefox fork, I would switch to it
| immediately.
| pessimizer wrote:
| Yes, uBlock should incorporate Firefox, rather than Firefox
| incorporating adblocking.
| g-b-r wrote:
| A first effect of Mozilla's new "focus on AI"...
| TZubiri wrote:
| First came NetScape and all was good. Then came Internet
| Explorer, but apparently bundling a web browser with an operating
| system was bad, ok. Then came Google's Chrome trying to profit
| from a web browser with ads, and that was deemed 'bad' again.
| Then it was not sufficient for the browser manufacturers to push
| no ads, but the consumer demands that the browser block ads from
| websites. Now the browser developer and the third party ad
| blocker have some fight over who gets to serve clients that not
| only don't pay, but don't want advertisers to foot the bill
| either.
|
| I have no sympathy for users that don't want to pay for software,
| or for developers that cater to that demographic. Enjoy fighting
| for crumbs.
|
| Sent from Microsoft Edge.
| pessimizer wrote:
| Nobody is forcing you to put your website on the open internet,
| you're doing it because you're making a value judgement about
| how much money you can make by not closing or paywalling your
| system. Nobody cares what your business model is (that's your
| business and your decision barring illegality), and if it's not
| working for you, you should change it or shut down. Why should
| anyone have any sympathy for you?
| totetsu wrote:
| Tangentially has anyone else noticed chrome extensions management
| page now saying unlock origin will soon be disables and to please
| find a replacement?
| grahamj wrote:
| Yep. Fuck Google, I won't use a desktop browser without it.
| eYrKEC2 wrote:
| The replacement is Brave browser https://brave.com/. Skip the
| crypto. Enjoy the integrated ad blocking.
| yapyap wrote:
| honestly we arent missing much by a manifest v3 ublock origin
| lite extension going away on firefox because firefox is still
| compatible with v2 so realistically we wouldnt have any use for
| it.
|
| nevertheless it still is a sucky situation
| Havoc wrote:
| Those don't seem like unreasonable asks on Moz side
| Sephr wrote:
| Doesn't this behavior from Mozilla staff indicate that using
| Firefox extensions at all is a security issue?
|
| This shows that the reviewers may not be competent enough to
| catch actual malware uploaded to their add-ons site.
| vednig wrote:
| Automated process have so far managed to destroy the experience
| of the world wide web as a whole for developers and users both.
| And AI based tools seem like gas to this fire. Seems very soon
| web will die out of it's quality and only bots will remain.
| NelsonMinar wrote:
| I'd hoped Google sabotaging uBlock Origin would be an opportunity
| for Mozilla to pick up some new users for Firefox. Lol.
| neilv wrote:
| Gorhill's full uBlock Origin might be the only remaining selling
| point for Firefox.
|
| With the outrageous sum of money that the Mozilla top executive
| was recently taking for themself, they could've instead staffed
| an entire team of first-rate people, with the sole mission of
| doing whatever Mr. Gorhill needed.
| qwertox wrote:
| I wish we could add PPAs to browsers just like we can in
| Debian/Ubuntu.
|
| Maybe the EU should look into this, and also allow the users to
| "weaken" their security in order to continue using Manifest
| Version 2.
| Log_out_ wrote:
| If you would group those woes, by type of addon, i guess there is
| "irrelevant " and "a world of pain for those threatening google
| add revenues " .. the hand that feeds.
| Lerc wrote:
| It seems to me that any platform with a review gateway should
| treat failing a review erroneously as a critical failure.
|
| In fact it does literally constitute denial-of-service.
|
| When a failure like this occurs, it needs more than an apology,
| it should have an incident report to show that the failure was
| understood and steps were taken to prevent future failures.
| tatersolid wrote:
| From a security standpoint the opposite is true: false
| negatives are to be avoided at all costs, even when that
| posture increases false positives. There's always a trade-off.
| andrewmcwatters wrote:
| We need an industry movement of just saying no to app stores.
| AndrewKemendo wrote:
| Is it even possible to connect to the public Internet in a way
| that isn't completely compromised by a corporation or state?
|
| TOR is busted at this point
|
| DNS have been MITMed
|
| Almost all hosts are under the control of a few players who are
| compelled by their respective states for ubiquitous and server
| monitoring
|
| Any advertised IP has to have tons of routing info and local
| pointers so local hosting is just as risky if not more
|
| What are the remaining options for a free (as in speech)
| internet?
| lez wrote:
| Nostr.
| AndrewKemendo wrote:
| Thanks I've heard of this but hadn't looked too hard
| ab_testing wrote:
| I think this is bad for the general population. Chrome is already
| planning to disable uBlock origin and many folks I know were
| ready to move browsers to Firefox to keep uBlock functionality.
| Now if uBlock is removed from Firefox extension store as well,
| there is no clear path to execute it from Github on managed
| machines. Sure if you are a developer and have admin rights, you
| can get it to work on Firefox, but a lot of people don't.
| btown wrote:
| Per the article, uBlock Origin is still in the Firefox store at
| https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...
| ; it's the lighter MV3-based uBlock Origin Lite that was
| removed. So the general population can continue to use the full
| Origin.
|
| And because the original non-lite uBlock Origin supports much
| more complicated rulesets, it should be effective even without
| code updates... but it still is concerning that the same
| Mozilla errors that caused Origin Lite to be flagged might
| extend to time-sensitive updates to the original Origin as
| well.
| dowakin wrote:
| Without Gorhill's uBlock Origin, the internet would be a really
| awful place. Thank you, Raymond!
| paul7986 wrote:
| One of Firefox's value is uBlock origin for it's users yet not
| for Mozilla's money train Google and others.
|
| With uBlock, pop up blocker extensions and Mac Minis connected to
| my TVs (wireless mouse as remote) I have totally ad free Internet
| experience; every site there is & from my couch or in my rooms.
___________________________________________________________________
(page generated 2024-10-01 23:01 UTC)