Closed Bug 360920 Opened 18 years ago Closed 18 years ago

Please remove Conduit crap

Categories

(addons.mozilla.org Graveyard :: Administration, defect)

Product:
addons.mozilla.org Graveyard
Component:
Administration
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: jfaryeeman+mozilla, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8

1st
There software (toolbars) are adware and spyware and they lie about it in their privacy policy.
http://www.conduit.com/customtemplmngr.aspx?ctl=clientprivacy&ToolbarId=CT449610
http://www.freepatentsonline.com/6704031.html

2nd
Spamming the website, by mozilla.org, to achieve their goals.
Their "toolbars" are clones of each other and don't provide anything useful, their only purpose its to spam this website and its users.
They shouldn't be allowed to do that.

3rd
this quote from one of their toolbar ****.
"Comes with a powerful pop-up blocker and 'Privacy-Protector' with browsing history, cache & cookie cleaner and is 100% safe and spyware free."
It's hilarious!

4th
another quote
"DOES NOT launch pop-up or pop-under advertisements. Our business model is based on displaying sponsored links on search results pages (advertisers pay per click, not per appearance)."

and this

"DOES NOT "hijack" your searches."

5th
I know many people that are reluctant to access this website because of this.
It's becoming a place associated with spyware and adware and malware.
Please get rid of it.


Reproducible: Always

Steps to Reproduce:
1.https://addons.mozilla.org/firefox/3644/
2.https://addons.mozilla.org/firefox/3872/
3.https://addons.mozilla.org/firefox/3730/
4.https://addons.mozilla.org/firefox/3681/
5.https://addons.mozilla.org/firefox/3436/


Actual Results:  
A place full of spyware, adware, malware, crapware.

Expected Results:  
A place full of useful software. Free from adware or spyware.
Severity: normal → major
Component: Policy → Add-ons
> There software (toolbars) are adware and spyware and they lie about it in their
> privacy policy.

Can you elaborate on what these toolbars do that is counter to their privacy policy?  That is a serious issue if true, and specifics about what behaviour the add-on has that is in violation of the stated privacy policy will be very helpful in determining a course of action (necessary, really).

Conduit is not submitting these add-ons to AMO, in the vast majority of cases; a wide variety of authors use the Conduit system to create toolbars.  While I agree that there are problems that result from the sheer number (and in some cases nature) of them that are being submitted, I don't think that removing all of the Conduit-based add-ons from the site is the right course of action.

Marking as WONTFIX, but please do reopen with details of how the privacy policy is violated, if that is in fact the case.
Ahem, bugzilla is hard.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WONTFIX
These toolbars also change version numbers every other day so that they can show up on AMO's new and updated lists. Some have version numbers such as 1.0.2.35 with the last 2 digits being changed every couple days to keep them atop the list.
*** This bug has been confirmed by popular vote. ***
Ever confirmed: true
My main worry is about the constant spamming by conduit users rather that the privacy policy.  I like to check frequently to see if there are any useful new extensions available but always have to wade through so many of these useless toolbars. 

There also seems to be a concerted campaign by these people to post positive comments about each other's products; for example one 5 rated comment about the BBC bar had 10/10 users finding it helpful within minute of the comment being posted.  Surely people who abuse the system in this way should be banned from your site.
I used to use Firefox back at 0.9, then moved back to Opera for quite some time. After hearing of the awesomeness of 2.0 I decided to give Firefox another shot, mostly for my love of the idea of Extensions. Having no prior frame of reference, I quickly found out that these DIY Toolbars from Conduit were much more than advertised and in fact were the type of **** thing that made me move away from IE long, long ago. 

In short, toolbars that barely do what they say (meaning the feature the end user is looking for) and always try to do more (like launch all of your MS Office products or give you weather updates and unadvertised bloatware that Firefox users don't want or need.)

Add onto this all the behavior mentioned by people above and in ENDLESS unhappy comments across the extensions and I wonder why Mozilla tolerates this shady behavior by a company. Even more, I'm saddened at the precedence this sets for future endeavors along this line if this sort of behavior is allowed to run rampant.

Do developers honestly think that in a years time there won't be at least a handful of other companies getting users to do this? Perhaps with automated releases on Mozilla. It could dwarf the actual extensions very quickly and definately won't be good for an 'alternative' browser.

I highly recommend banning this stuff across the board. 
I have heard that these toolbars have messed up the searchbar in Firefox with all searches going to their search page...even if you search in Google it goes to their search page. I would definitely classify that as being malware and these toolbars should be deleted from AMO as soon as possible. 
Surely the solution to satisfy everyone would be to split toolbars into a separate  category of add-ons alongside extensions, themes and plug-ins.  Then it would be possible to find real new extensions without having to look through endless supposedly "new" versions of these toolbars, but the spammers couldn't complain about being censored.
I came across this "bug" when downloading an "extension" called Wikipedia Toolbar.  What I got was a toolbar called "My Wiki Toolbar".  What I wanted was the extension Wikipedia found here: https://addons.mozilla.org/firefox/351/.  
The summary is accurate, the description lacking. This bug should be FIXED, not WONTFIXed.

There are at least two obvious problems anybody can see with the conduit toolbars.
1. They populate every single category AMO offers. Say, for example category "security and privacy". (The irony!) The some 5 first hits are conduit toolbars that have nothing whatsoever to do with security and much less with privacy.
2. They don't only populate all categories but constantly stay at top of all the categories. They're obviously abusing the AMO reasoning in which order to display the extensions in the categories.
> Marking as WONTFIX, but please do reopen with details of how the privacy policy
> is violated, if that is in fact the case.

While they may not be violating their own policy (that's to hope!) , I think they would violate some policy addons.mozilla.org has or should have. Technical correctness shouldn't be the only thing you check before accepting a submission.

I'm not against useless extensions per se (some can even be very funny to have), but these ones do not seem not harmless either. Being ubiquitous on addons.mozilla.org, they'll strongly undermine the trust users have come to place in the website over time. 

If they were to remain everywhere like this, literally spamming categories and the new extensions list, I'm not far to think addons.mozilla.org should be removed from the default install whitelist, as there is no reason anymore to trust it more than some random personal site.
I am the Product Manager of Conduit and would like to reply to these accusations.

> There software (toolbars) are adware and spyware and they lie about it in their
> privacy policy.
> http://www.conduit.com/customtemplmngr.aspx?ctl=clientprivacy&ToolbarId=CT449610
> http://www.freepatentsonline.com/6704031.html
Conduit toolbars are not spyware and we disclose exactly what the toolbar does (it does send anonymous statistics about the usage of toolbar components, when used).
Conduit offers a platform for creating toolbars for both IE and Firefox. If a publisher wishes to add promotional content into their toolbar they can do it. The users will ultimately decide whether it's acceptable or not.
We DO NOT lie regarding these issues or any other issues in our privacy policy. This is a severe accusation and you should prove it or stop claiming it.
That second link that you posted has nothing to do with us, I don't know where you found it. 

> Spamming the website, by mozilla.org, to achieve their goals.
> Their "toolbars" are clones of each other and don't provide anything useful,
> their only purpose its to spam this website and its users.
> They shouldn't be allowed to do that.
As I mentioned, Conduit is a hosting service that provides tools for building extensions. There are tens of thousands of toolbar variations, serving millions of users in different areas. Naturally, some of them are better than others. Again, it is a SEVERE ACCUSATION to say that our only purpose is to spam the website. Our goal is to provide toolbar hosting service and we generate our revenue from searches that consenting users perform in the toolbars they install.
In cases where publishers will violate the agreement between us and them, we will suspend them by ourselves.

> "DOES NOT launch pop-up or pop-under advertisements. Our business model is
> based on displaying sponsored links on search results pages (advertisers pay
> per click, not per appearance)."
That's exactly what we are doing. The only data that is transferred to us is anonymous statistics about the usage of toolbar components that is used for improving the performance of the toolbars, and we DECLARE it in our privacy policy. This information is not shared with any third party and is only accessible to us and partially to the publisher of the toolbar (in the form of analysis reports).

> I know many people that are reluctant to access this website because of this.
> It's becoming a place associated with spyware and adware and malware.
> Please get rid of it.
1. We provide the platform for creating and maintaining toolbars, we do not submit them to AMO – they are submitted by our customers. 
2. If a toolbar is violating our publisher agreement, it is suspended.
3. If a specific author is violating AMO's policies (submitting to many categories or gaming the comment system for example) then AMO should take action against that author. The fact that they used Conduit is merely an implementation issue and is irrelevant to the author's behavior.
4. Nobody is forced to download any toolbar. As long as users are correctly informed then let them decide what's good and what's not. AMO has rating systems in order to expose users to the cream of the extension crop.  
5. If Mozilla made developing extensions very easy so that non developers could easily create their own extensions and submit them the same issues would arise, it has nothing to do with Conduit.


Bottom line: Conduit is a platform for creating extensions that work with IE and Firefox. Determining what content and configuration to include in an extension is entirely up to the author and has nothing to do with Conduit. If you run across an author that is abusing our system please let me know about it and I'll handle it according to our policies.

I am asking you to stop accusing us of being spyware, adware or malware, or prove it.
I filed this bug report against the procedures that allow this state of affairs in the addons.mozilla.org site.

This is a problem between myself and Mozilla Corp or whoever is in charge. I don't care about your (Conduit) business model and how unclear it is.

I care enough about the quality of Mozilla products and the integrity of the people behind them. Enough as to filed this bug report and see changes to correct the problem of product quality and reviewing that as plagued addons.mozilla.org.

The problems:

There isn't a clear policy on quality, security and privacy issues on the site.
There ins't a professional review of the addons/extensions that appear on the site problems being:

addons appearing on all categories at same time;
addons being updated every day without a clear reason why;
addons that lack any kind of usefulness;
broken comment and voting system;
other problem address in here: http://forums.mozillazine.org/viewtopic.php?t=465643&postdays=0&postorder=asc&postsperpage=15&start=135&sid=fdc76922fee33fb0f39bd8fb1857400c
by Robert Marshall.

The update problem makes quite painful to anyone interested in seeing what are new and updated extensions/addons.

There is a clear strategy of spamming by the "creators" of these addons. Why would they do that if there isn't any personal gain. Legitimate authors don't do that; even extensions associated with other companies don't do that.

Now to answer Guy Malachi.

I don't threats!

1st
You say that your product is not spyware

http://www.conduit.com/customtemplmngr.aspx?ctl=clienttoolbarprivacy&ToolbarId=CT449610&version=

so this:

"When used, the toolbar sends unidentifiable usage statistics regarding usage of its features to Conduit's servers (Conduit is the service that powers the toolbar)."

and this is what:

"A unique id is used solely for the purpose of knowing how many people are actively using the toolbar and it is not transferred along with any specific usage information."

and isn't knowing what I search spying

"This is the usage information that is transferred during use of the toolbar:
 
Searching from the toolbar"

Your privacy statements are contradictory and why are so many of them?
 

2nd
"Again, it is a SEVERE ACCUSATION to say that our only purpose is to spam the
website."

I didn't accuse you of spamming. I accuse the creators of the toolbars. They use your "advertisement mechanism". You should look into that. The fact the your product is so generic, it's easy for anyone to confuse your clients and yourself.

3rd

"DOES NOT launch pop-up or pop-under advertisements. Our business model is
based on displaying sponsored links on search results pages (advertisers pay
per click, not per appearance)."

So you are not denying that your product is adware?

How can you do directed advertisement (sponsored links) without knowing what i search. in essence "spying" on me.

4th

"2. If a toolbar is violating our publisher agreement, it is suspended."

So why don't you suspend them.


"3. If a specific author is violating AMO's policies (submitting to many
categories or gaming the comment system for example) then AMO should take
action against that author."

That's is exactly what I'm asking the persons responsible here at Mozilla do.
So why is of concern to you. Are you losing a revenue stream? Have you a agreement with Mozilla Corp?

5th

"If you run across an author that is abusing our system please let me know about it and I'll handle it according to our policies."

I don't to have want anything you.

6th
"I am asking you to stop accusing us of being spyware, adware or malware, or
prove it."

So now you are denying that your product is adware?

My question his this: Why the people responsible for addons.mozilla.org do something to correct this problem? Even if they don't agree that these toolbars are indeed spyware, their creators are certainly spamming and hijacking the site.
There isn't any doubt about that. So, why don't take any action? Why!???
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to comment #13)
Jay, I do not intend to get into a flame war with you here.
Our company's policies and business model are out in the open and we are not hiding anything.

Please see my responses to your claims:

> You say that your product is not spyware
> http://www.conduit.com/customtemplmngr.aspx?ctl=clienttoolbarprivacy&ToolbarId=CT449610&version=
> so this:
> "When used, the toolbar sends unidentifiable usage statistics regarding usage
> of its features to Conduit's servers (Conduit is the service that powers the
> toolbar)."
> and this is what:
> "A unique id is used solely for the purpose of knowing how many people are
> actively using the toolbar and it is not transferred along with any specific
> usage information."
> and isn't knowing what I search spying
Like you quoted from our privacy policy, the id is not transferred along with any specific usage information and you are more than welcome to snoop our toolbar's traffic and see that for yourself.
In addition, we do NOT know what you are searching for in the toolbar (you can see that as well by testing the toolbar).

> Your privacy statements are contradictory and why are so many of them?
The toolbar transmits anonymous data about what components have been used in the toolbar. What you search for from the toolbar is NOT TRANSMITTED to us.
Our privacy statement is not contradictory and it discloses everything that the toolbar does so that users know what they are getting when they install the toolbar.


> I didn't accuse you of spamming. I accuse the creators of the toolbars. They
> use your "advertisement mechanism". You should look into that.
We do not have an "advertisement mechanism" in our system. People can promote the toolbar that they create with us at their own discretion.


> "DOES NOT launch pop-up or pop-under advertisements. Our business model is
> based on displaying sponsored links on search results pages (advertisers pay
> per click, not per appearance)."
> So you are not denying that your product is adware?
> How can you do directed advertisement (sponsored links) without knowing what i
> search. in essence "spying" on me.
Let me make this point clear: WE DO NOT DISPLAY ANY ADS IN THE TOOLBAR. The toolbar contains a search box that users use to search the web. The web search results that they see contain sponsored links (just like any search engine on the Internet). When users click on these sponsored links we get a portion of the revenue (similar to how web masters make money by displaying Adsense ads on their site).


> "2. If a toolbar is violating our publisher agreement, it is suspended."
> So why don't you suspend them.
The toolbars that have violated our publisher agreement have been suspended.


> That's is exactly what I'm asking the persons responsible here at Mozilla do.
> So why is of concern to you. Are you losing a revenue stream? Have you a
> agreement with Mozilla Corp?
We do not have an agreement with the Mozilla Foundation and are concerned about this issue because it harms our name and brand.


> So now you are denying that your product is adware?
Our product is NOT ADWARE so we have been denying it all along.
I am closing this bug again as WONTFIX for these reasons:

- if add-ons are to be removed from the system, they should be removed on their specific merits (or lack their of) and not due to "guilt by association" with other add-ons sharing a common technology foundation (similarly for authors who are bad actors).

- the more legitimate problems that seem to be underlying people's complaints (the effects on search and recently-updated lists, f.e.) are better addressed in specific bugs about the site behaviours, distinct from any he-said-she-said in this bug about toolbars built on Conduit's system.  Many of these bugs are already on file, and we have fixes for several of them in various stages of completion in Remora already.

- it was a tossup versus INVALID, given the nature of the initial bug filing and its rapid degradation into a poor clone of a forum thread.

(The following is commentary on the general state, and replies to it should NOT be posted as comments in this bug.  Feel free to send email; I read all of it, even if I don't have time to reply to everything.)

I do not believe that the current situation on AMO is desirable, and I believe that we need to figure out how to better help users find add-ons that they will enjoy using.  I do believe that we need to take significant care in how we construct policy around what is acceptable for hosting on AMO, given its privileged position in the ecosystem, and I think that the "pitchforks and torches" attitude evidenced in many of the forum threads about this topic supports such a conservative position in terms of policy shift.

People who are gaming the system are not welcome on our site, and I encourage people to submit substantiated reports of such gaming to our attention.  The threshold for imposing punishment (the obvious being delisting from the site entirely) needs to be high, especially at present where we lack effective auditing tools for things like comment moderation, but where the complaint is substantiated and reasonable we'll act on it.  (We have an unrelated such case underway now, as we figure out how to best react to a well-substantiated and unfortunately high-profile case of stat-pumping.)

We're a small team juggling a lot of things, including (especially) a large software development task to get Remora up and out as soon (and as well) as we can.  Using the bug system as a platform for advocacy against (or for) a company's practices doesn't help improve things, whether the AMO operators agree with your opinion or not.  Specific suggestions on policies -- which should be "blind" to the identity of the add-on's author and agnostic with respect to how the add-on was made, at the very least -- or categorization mechanisms that will help the system self-organize better than it does today are welcome, especially in the wiki.

Thanks.
Status: REOPENED → RESOLVED
Closed: 18 years ago18 years ago
Resolution: --- → WONTFIX
What about it?  That file is in the sandbox, not public, precisely because it _isn't_ appropriate for public hosting on the site.  Anyone can put anything in the sandbox, which is why there are the warnings on it.
I just sandboxed that, shaver, it was public previously. I'm not sure why!
Component: Add-ons → Administration
QA Contact: policy → administration
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.