Closed Bug 1089404 Opened 10 years ago Closed 10 years ago

Please revert policy on spyware/adware. I'm trying to start petition to revert this.

Categories

(addons.mozilla.org :: Security, defect)

Product:
addons.mozilla.org
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: noitidart, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141023111813 Steps to reproduce: I have struggled to keep my computer clean. Therefore I only use Firefox and avidly avoided download anything from Google. Actual results: https://addons.mozilla.org/en-US/firefox/addon/bt-btpersonas/ This addon here has seriously screwed things up. I just built a new computer after years of saving etc. And I would download addons left and right to spark creativity for my future addon development. I used to. But when I got this addon it messed up something I spent years saving and making, my computer. And this happend via Firefox/Mozilla i felt so backstabbed. Please revert the policy to not allow spyware/adware. Sure this addon has 22k users but that is only because once you install this addon it cannot be uninstalled no matter what and it will trigger as if multiples are users when they are not. Expected results: I'm trying to start a petition for Mozilla to revert it's policy to not allow spyware. Please. This doesn't even make known before download that it will install this stuff. This is very bad. This is stooping to low levels of Google Play Store. Please please revert this policy. I prided myself on Mozilla add-ons being so clean you can mindlessly download and test stuff. This led to creativity and I created add-ons that won contests. Please revert this horrible policy of allowing spyware/adware. We want quality, not some underhanded thing that messes up people computers. I struggle hard to keep my computer clean, and thus I have never downloaded anything from Google. Those things never unisntall and their extensions screw up everything. Please bring back the faith/trust we had in Mozilla by disallowing spyware/adware.
Group: client-services-security
Can you please explain how you installed the add-on (from AMO or elsewhere), and what exactly are the problems you experienced? What makes you think this add-on poses a security or privacy risk?
Hi.. my name is Patrick Murphy, CEO of Brand Thunder. We take these comments very seriously so I wanted to get a response out here as soon as I saw your note. My team can assure you that there is nothing malicious with our product. We have a very strong reputation and outstanding list of partners that include the MLB (entire league), NFL, NBA, NHL, Bob and Ziggy Marley and over 190 college athletics, none of which would partner with us and make use their official theme creator if we were offering malware. Check out some of our clients: (www.brandthunder.com/clients/) As a fully functioning business since 2007, Brand Thunder has kept the browser themes you love and use, free for users. Brand Thunder needs to earn money to continue to provide these themes and we do so by providing enhancements to the browser. We explain in detail our WebSearch+ add-on (www.brandthunder.com/websearch) and how this enables us to keep the browser themes you love free. WebSearch+ is built into the browser theme to benefit you with savings, targeted ads and shopping discounts that benefit a local charity when purchases are made. It also helps us pay for the development of these free themes. You have full control over the experience and ads through your browser settings and preferences, even though Brand Thunder is completely dependent on this advertising to support the business. Bottom line, you can disable any or all of these benefits. To uninstall our product, we simply follow the standard Firefox uninstall protocol (removing Brand Thunder from your extension) but we have also but a page specifically to help users... (www.brandthunder.com/uninstall). There are no secrets here and we are 100% transparent to each user. Please, if you have any feedback or suggestions, do not hesitate to email me at patrick@brandthunder.com or even call my cell (6147679069). best, Patrick
(In reply to Jorge Villalobos [:jorgev] from comment #1) > Can you please explain how you installed the add-on (from AMO or elsewhere), > and what exactly are the problems you experienced? What makes you think this > add-on poses a security or privacy risk? Thanks Jorge for the reply sorry for the late reply. I installed the add-on because I was trying to help a user. Stuff like this makes the most loyoal firefox fanboi's want to stop helping and seriously question what have they been contributing to all this time. I thought Firefox was the opposite of google be evil policy. All the users that got hit with crapware from Google Chrome extensions have come back to Firefox. I know I was infected because I made a brand new computer and have 0 malware I don't download stuff mindlessly. I use this computer just for VMWare of MacOS and Linux for my firefox addons. After installing this add-on I got malware. Uninstalling the add-on leaves immense traces of it. Even malware. Please help to revert the policy. Here are some other add-ons that were hijacked by people wanting to just make money off of their users. We should also add to firefox addon policy that on uninstall all traces of add-on should be removed. Like left over prefences etc. As when I uninstall software from my computer i expect every last trace of it gone. And that's how I make all my firefox addons (well lately as i learned what all traces my addons are leaving, i have to go back and fix a lot of stuff)
(In reply to patrick from comment #2) > Hi.. my name is Patrick Murphy, CEO of Brand Thunder. We take these > comments very seriously so I wanted to get a response out here as soon as I > saw your note. > > My team can assure you that there is nothing malicious with our product. We > have a very strong reputation and outstanding list of partners that include > the MLB (entire league), NFL, NBA, NHL, Bob and Ziggy Marley and over 190 > college athletics, none of which would partner with us and make use their > official theme creator if we were offering malware. Check out some of our > clients: (www.brandthunder.com/clients/) > > As a fully functioning business since 2007, Brand Thunder has kept the > browser themes you love and use, free for users. Brand Thunder needs to earn > money to continue to provide these themes and we do so by providing > enhancements to the browser. We explain in detail our WebSearch+ add-on > (www.brandthunder.com/websearch) and how this enables us to keep the browser > themes you love free. > > WebSearch+ is built into the browser theme to benefit you with savings, > targeted ads and shopping discounts that benefit a local charity when > purchases are made. It also helps us pay for the development of these free > themes. You have full control over the experience and ads through your > browser settings and preferences, even though Brand Thunder is completely > dependent on this advertising to support the business. Bottom line, you can > disable any or all of these benefits. > > To uninstall our product, we simply follow the standard Firefox uninstall > protocol (removing Brand Thunder from your extension) but we have also but a > page specifically to help users... (www.brandthunder.com/uninstall). > > There are no secrets here and we are 100% transparent to each user. Please, > if you have any feedback or suggestions, do not hesitate to email me at > patrick@brandthunder.com or even call my cell (6147679069). > > best, > Patrick Just because you are open about it doesn't mean Mozilla should allow it: ---- Brand Thunder may deliver third-party Advertisements in the form of coupons, price-comparisons, display media, affiliate links and other links through means including but not limited to the content of any web page accessed, plug-ins, add-ons, or the browser itself. Advertisements may be injected to overlay the page or inserted directly into the page content. ---- Yes I don't want that crap. When I download an add-on I expect it to do what the add-ons main intent is. This is fine print. Unless your main-intent is advertising. But you are adding advertising onto the side. The add-on used to what it's main-intent was, then you took over the add-on and added it was not meant to do. Malware etc. It's not your fault, its Mozilla's for allowing this Google like behavior. I understand Mozilla needs money but come on not like this. I donate to Mozilla regularly. (sure its just 10 here 10 there, maybe like 50 max a year). This is just such a backstab by Mozilla. I didn't even know they made this policy change but that's my fault I guess.
(In reply to Jorge Villalobos [:jorgev] from comment #1) > Can you please explain how you installed the add-on (from AMO or elsewhere), > and what exactly are the problems you experienced? What makes you think this > add-on poses a security or privacy risk? Here is another addon: https://addons.mozilla.org/en-US/firefox/addon/fabtabs/
I opened Firefox it said: "Committed to you, your privacy and an open Web" Well my privacy had it's guts just spilled but some add-ons. That's not really committed to me. :( And this message is for those users that don't even donate. I don't pay to get screwed like this. :(
(In reply to noitidart from comment #3) > After installing this add-on I got malware. What do you mean by malware? > Uninstalling the add-on leaves immense traces of it. Even malware. Again, what do you mean here? > We should also add to firefox addon policy that on uninstall all traces of > add-on should be removed. That's already a policy. > Like left over prefences etc. Leftover preferences are harmless, so we don't require removal. If you uninstall Firefox, all profile data remains, which is useful if you reinstall and then have all your stuff where you had it before. We treat add-ons in the same way. (In reply to noitidart from comment #4) > ---- > Brand Thunder may deliver third-party Advertisements in the form of coupons, > price-comparisons, display media, affiliate links and other links through > means including but not limited to the content of any web page accessed, > plug-ins, add-ons, or the browser itself. Advertisements may be injected to > overlay the page or inserted directly into the page content. > ---- > > Yes I don't want that ****. When I download an add-on I expect it to do what > the add-ons main intent is. This is fine print. Unless your main-intent is > advertising. But you are adding advertising onto the side. The add-on used > to what it's main-intent was, then you took over the add-on and added it was > not meant to do. Malware etc. We don't have or plan to have any policy against advertising or monetization in add-ons. If that's what you call malware, then we can close this bug now. We have some policies about installation, disclosure of features, and setting expectations, which you can read here: https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines. All add-ons must follow those guidelines. I don't see BT breaking any of those rules. > It's not your fault, its Mozilla's for allowing this Google like behavior. I > understand Mozilla needs money but come on not like this. Mozilla doesn't make any money off of this. These are independent add-ons run by independent businesses. Users choose to install these add-ons and are free to remove them if they don't like them. We make sure add-ons aren't forced to users, intentionally deceive users into installing them, or make it impossible to remove them. See the link above for more info. > I donate to Mozilla regularly. (sure its just 10 here 10 there, maybe like > 50 max a year). This is just such a backstab by Mozilla. I didn't even know > they made this policy change but that's my fault I guess. There hasn't been any policy change. Commercial add-ons have always been allowed on AMO and off AMO, with slightly different policies for them. We don't make it our job to block monetization or advertising. Users can make that choice on their own. (In reply to noitidart from comment #6) > I opened Firefox it said: "Committed to you, your privacy and an open Web" > > Well my privacy had it's guts just spilled but some add-ons. That's not > really committed to me. :( And this message is for those users that don't > even donate. I don't pay to get screwed like this. :( The add-on discloses what it does in its Privacy Policy. Users have the information to make a choice, and it is up to them to make it. Since it seems like this bug is only about not allowing ads in add-ons, and we don't intend to forbid this practice, I'm closing this bug. Please comment if there's something I'm missing here.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Thanks for long reply. I was hoping the people that knew the details would chime into this topic but they haven't. So I'm not qualified to discuss it.
By not qualified what i mean is i dont know what to say :P
(In reply to noitidart from comment #8) > Thanks for long reply. I was hoping the people that knew the details would > chime into this topic but they haven't. So I'm not qualified to discuss it. Everyone should be free to discuss our policies about add-ons. However, coming up with reasonable policies requires balancing the expectations of many different types of users and developers.
Hey Jorge I can't find any supporters who like to talk. But basically allowing people to ship these things is like Lenovo shipping Superfish. I'm not that great at getting points across but does this example kind of make sense of where I'm coming from? Lenovo CTO came out and said they messed up by allowing Superfish, please dont allow these ad things :( Unless the addon is like that addon where its in the title "show ads and get paid for it" so that is super duper clear. Other things are not clear :( They are superfish like. This is the Lenovo CTO saying stuff maybe it helps explain me: http://www.pcworld.com/article/2886690/lenovo-cto-admits-company-messed-up-and-will-publish-superfish-removal-tool-on-friday.html#tk.nl_pcwbest
Lenovo did plenty of things wrong. Users weren't given the choice of installing Superfish. It was silently installed and most users wouldn't have noticed that it was active. It intercepted secure connections, possibly including banking and online shopping sites. And the implementation was so bad that it opened one of the worst security holes imaginable, making all of those users vulnerable to all sorts of MITM attacks. We require on AMO that add-ons that include such features to make them explicitly opt-in. This gives user choice. We code-review those features to make sure they are safe to use. Some things might accidentally pass review when they shouldn't, but we take action as soon as we discover them. We certainly wouldn't allow an ad feature such as the one Superfish did for Lenovo. In short, I don't consider the massive screw up Lenovo did to be a valid justification for forbidding all forms of advertising or add-on monetization.
"In short, I don't consider the massive screw up Lenovo did.." haha :P Thanks for the discussion by the way :D Oh I didn't know Lenovo did all that. Oh I didn't know we made them have to be opt-in. I'm not sure if I see this out there though, like when I download the addon to help out and got a bunch of ads and stuff I was like whaaa. Well not totally forbid it. Like that addon that makes it totally clear that they'll show ads and you get paid for it. If they make it clear enough so the average user, who downloads without reading more then title and description, knows that they will be giving up their information. Like the Ghostery addon was bought by some ad company, I don't know but I heard now they may be collecting your data, its probably written somewhere in fine print so they say that its ok. Fine print don't even make it clear to the above average downloader who look out before they download. But not arguing just trying to see if there's anyone out there than can make sense of my concerns. :P
You need to log in before you can comment on or make changes to this bug.