this post was submitted on 30 Sep 2024
353 points (94.0% liked)

Firefox

17666 readers
785 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml
353
Mozilla removes uBlock Origin Lite from Addon store. Developer stops developing Lite for Firefox; "it's worrisome what could happen to uBO in the future." (lemm.ee)
submitted 1 day ago by LWD@lemm.ee to c/firefox@lemmy.ml
89 comments fedilink hide all child comments
 

Mozilla recently removed every version of uBlock Origin Lite from their add-on store except for the oldest version.

Mozilla says a manual review flagged these issues:

Consent, specifically Nonexistent: For add-ons that collect or transmit user data, the user must be informed...

Your add-on contains minified, concatenated or otherwise machine-generated code. You need to provide the original sources...

uBlock Origin's developer gorhill refutes this with linked evidence.

Contrary to what these emails suggest, the source code files highlighted in the email:

  • Have nothing to do with data collection, there is no such thing anywhere in uBOL
  • There is no minified code in uBOL, and certainly none in the supposed faulty files

Even for people who did not prefer this add-on, the removal could have a chilling effect on uBlock Origin itself.

Incidentally, all the files reported as having issues are exactly the same files being used in uBO for years, and have been used in uBOL as well for over a year with no modification. Given this, it's worrisome what could happen to uBO in the future.

And gorhill notes uBO Lite had a purpose on Firefox, especially on mobile devices:

[T]here were people who preferred the Lite approach of uBOL, which was designed from the ground up to be an efficient suspendable extension, thus a good match for Firefox for Android.

New releases of uBO Lite do not have a Firefox extension; the last version of this coincides with gorhill's message. The Firefox addon page for uBO Lite is also gone.

top 50 comments
sorted by: hot top controversial new old
[–] d0ntpan1c@lemmy.blahaj.zone 29 points 22 hours ago (3 children)

Y'all realize a random employee performing the add-on store review process isn't representing Mozilla's or the Firefox teams entire position yeah? This kind of stuff happens all the time with all stores that have review processes.

Firefox Addons store prob needs to improve its process, gorhill is justified in being mad, and I understand if he needs a punching bag between this and google, but, as someone who also develops extensions.... These things happen. It's just a part of building browser extensions.

load more comments (3 replies)
[–] Supervisor194@lemmy.world 182 points 1 day ago (6 children)

I'm convinced that 80% of all these threads and the responses within them are astroturfing by Google to cause everyone to despair that Mozilla is no better than Google and that there will never be anything that could be developed to compete with Google if Mozilla went under.

There's just too goddamn many of them and they're all filled with the same negative comments. It's just like the "no way bro, I love paying for YouTube why you gotta have everything for free bro?" bullshit from a few months ago.

[–] Corgana@startrek.website 14 points 20 hours ago

Dude SAME. I find it extremely hard to believe that Google would astroturf Lemmy but it really does feel like all of a sudden in the past ~month a bunch of vague or minor complaints being repeated over and over in every thread.

[–] abbenm@lemmy.ml 30 points 1 day ago* (last edited 1 day ago) (2 children)

I've noticed the same thing you have, but I suspect it has a different explanation. I think it's more an echo chamber thing. People have said variations of this for a while now in HN comment threads, on reddit and here. And there's a snowball effect from more people saying it.

But there's been a throughline of bizarrely apathetic and insubstantial low effort comments. That's the one thing that has tied them together, which is why I think they are echo-chambery. Just for one example: one guy just never read a 990 before (a standard nonprofit form), and read Mozilla's and thought it was a conspiracy, and wrote an anti-Mozilla blog post. And then someone linked to that on Lemmy and said it was shady finances. Tons of upvotes.

But I'm convinced that no one reads through these links, including the people posting them. Because it takes two seconds to realize they are nonsense. But it doesn't stop them from getting upvoted.

So my theory is echo chamber.

load more comments (2 replies)
[–] FeelzGoodMan420@eviltoast.org 1 points 22 hours ago

Yep. It's infuriating. These Firefox communities are trash.

load more comments (2 replies)
[–] Vincent@feddit.nl 135 points 1 day ago* (last edited 1 day ago) (2 children)

Appears to be a mistake, but needs gorhill to appeal to make the reviewer aware of the mistake and to be able to fix it, which he doesn't feel like doing because he thinks it's unlikely to have been a mistake.

Update: now reversed, but gorhill removed it himself just to not have to deal with the review process and the possibility of human error anymore.

load more comments (2 replies)
[–] AngryishHumanoid@reddthat.com 27 points 1 day ago (2 children)

Mozilla says the addon has problems, the developer says it doesn't. Are there any 3rd parties that can weigh in on this?

[–] LWD@lemm.ee 48 points 1 day ago* (last edited 1 day ago) (1 children)

Mozilla doesn't show their work (the reasoning behind the removal) but gorhill does.

Being on the fence is an interesting position to take, but I would be genuinely shocked if one of the most reputable creators of one of the most reputable extensions of all time is lying to its user base about the locations and contents of the files in the open source extension that can be audited by literally anybody just by browsing to that directory on their computer, because in addition to being open source on GitHub, it's the same source on your PC.

ETA:

Mozilla also accuses uBlock Origin Lite of not having a privacy policy (a detail I removed from my post for brevity's sake) but gorhill provides a screenshot of it. I guess that could have been faked too. Less difficult to fake: the archives of the privacy policy on Mozilla's site, which took me too long to track down

[–] AngryishHumanoid@reddthat.com 18 points 1 day ago (2 children)

I'm not sure why you think "being on the fence is an interesting position to take", I'm glad there are people out there who have the skills to look at the code and see if it's doing what people claim it is doing or not, I am not one of them. I just want a browser that doesn't treat me like a piggy bank and less ads. I don't know the developers reputation and simply asked for more knowledgeable people to chime in, sorry if that's a problem for you.

load more comments (2 replies)
[–] zkfcfbzr@lemmy.world 39 points 1 day ago* (last edited 1 day ago) (1 children)

My own reading of the situation on the developer's GitHub is unfortunately that the review by Mozilla is indeed completely inaccurate in every way. No way to even read it as a "Each side has their own story" type of thing since they reproduce Mozilla's emails verbatim. They seem just materially incorrect. The source files referenced by the emails are visible on the same GitHub account, along with their complete histories showing no changes at all - the issues referenced don't and never did exist.

The only redeeming thing I can find is that the dev (ambiguously) seems to have never replied to the email from Mozilla about the issues, and so Mozilla was never made aware that there was an issue with the review that needed fixing. They seem to have done this because they perceived the process as hostile and not worth engaging with, which... fair, I guess.

[–] FeelzGoodMan420@eviltoast.org 9 points 1 day ago (3 children)

I understand where the dev is coming from but I think he still should have just replied to Mozilla. This is clearly a mistake on their part. The dev just seems pissed off and decided to not reply out of emotion. His call I guess but I don't agree with that approach.

[–] zkfcfbzr@lemmy.world 16 points 1 day ago* (last edited 1 day ago) (1 children)

I agree that they should have replied, and that replying probably would have even fixed the mistake, but I also can't find it in me to fault them in this situation. Getting those emails would have been both frustrating and insulting, and one of their messages on the linked GitHub page goes into the various stresses the situation puts them through.

I don't agree that there's enough evidence here to decide Mozilla's actions were hostile/malicious - maybe if they were given a chance to fix things and still didn't, but everyone makes mistakes. Incompetent, sure, malicious, not enough evidence.

[–] FeelzGoodMan420@eviltoast.org 3 points 1 day ago (4 children)

Yea I don't think Mozilla did it maliciously. I think either some dumbass analyst fucked up, or they ran it through AI, and the AI is dogshit and fucked up. Those are my guesses.

[–] zkfcfbzr@lemmy.world 6 points 1 day ago (1 children)

Who knows? The file that got incorrectly marked as collecting or transmitting data was named "googlesyndication_adsbygoogle.js". I'm sure that's a very reasonable guess for what a file with that name would do... in most add-ons. But like, obviously not in this one. My best guess is the reviewers have some type of tool that's intended to help them find issues, it flagged the referenced files, and the reviewer either couldn't or didn't properly verify the files were actually issues.

[–] FeelzGoodMan420@eviltoast.org -1 points 1 day ago

Yea I think it's an honest mistake. I don't see this as "hostile" to Gorhill. I have no idea why he thinks this. It's really weird.

load more comments (3 replies)
[–] LWD@lemm.ee 1 points 1 day ago

Gorhill does not seem like the sort of person to respond to problems by giving Up.

This is the developer who responded to the creation of Manifest V3 by pioneering a hack-free V3-compliant addon, and ended up making it genuinely compelling.

[–] Draconic_NEO@lemmy.world -1 points 1 day ago (1 children)

That's Gorhill for you, very pissed off, very emotional, not very emotionally bright.

[–] FeelzGoodMan420@eviltoast.org 4 points 1 day ago

That's like every developer of these tools lol.

[–] voracitude@lemmy.world 20 points 1 day ago* (last edited 1 day ago) (11 children)

Edit: bloody hell, I hadn't looked into Brave that deeply yet, fuck Brendan Eich and fuck Peter Thiel.

Jesus. A day without bad news from Mozilla would be nice. I am beginning to feel a distinct need to switch browsers. ~~and Brave is currently looking like the best balance between compatibility and privacy. I've only been resistant to Brave because it's based on Chromium and~~ I want to support non-Chrome browser engines, but the Firefox forks I've tried like Waterfox and Pale Moon just aren't there yet in terms of usability for me (primarily, wide protocol support for web video playback).

Anyone got any better suggestions, by any chance?

[–] mnmalst@lemmy.zip 25 points 1 day ago (6 children)

https://librewolf.net/

It's very privacy focused but if sites break you can turn of fingerprinting protection and thing like that in the settings with one click.

Great browser

load more comments (6 replies)
[–] alteredracoon@lemm.ee 6 points 1 day ago

Check out zen browser! Built on Firefox and takes inspiration from arc. Built by a solo dev. I’ve really been liking it. https://zen-browser.app/

load more comments (9 replies)
[–] furzegulo@lemmy.dbzer0.com 8 points 1 day ago* (last edited 2 hours ago)

i'm starting to think, that mozilla execs are just google in disguise.

load more comments
view more: next ›