I don't use the Fast Dial extension and don't know what's going on. I only stumbled on this because a user asked for tech support for it on Bugzilla for some reason. Nonetheless, if you check their reviews there are 250 or so new reviews decrying this new version 2.15 as a horrible mess, all posted *TODAY*. I think it's a combination of bugs and spam. A new version 2.16 is currently pending review and the description points users to their site to install it to supposedly fix several bugs. I think the best course of action here is to sandbox version 2.15 and have someone review 2.16 and make it public if it's acceptable. I think once we get into the hundreds of users range, within hours of release, some action on AMO's part to deal with this is warranted. I'm curious if the reviewer of this version noticed any problems, though clearly they can't be expected to bugtest everything 100%.
There's quite a few reviews calling this version outright malware.
Severity: major → blocker
Giving it a test out in a WinXP VM w/ 3.0.5 I don't see any glaring explosions. It adds some spam links to the bookmarks menu and changes the default search plugin. The 3rd default entry in the Fast Dial grid is userlogos.org which comes up as "Access Denied", and their description does not that they're overloaded. Other (unverified) complaints I'm reading in reviews are: bad import of settings from old version oversized tab bar (looks like a TMP conflict) rearanged Fast Dial page settings due to new defaults being permanently added new toolbars (no clue what this is) broken toolbars from other extensions (i.e. Web Developer) no URL in address bar strange popups uninstalling/disabling IE Tab not opening on new tab as intended big slowdowns corrupt profiles and there's even at least one user complaining of *crashes* There's more, but the above is just from skimming through the bulk of them, well the ones in English at least.
Looks like the broken address bar problem is an IE Tab conflict. I think the comments complaining that they want it uninstalled mean that Fast Dial's description or page or something blamed their problems on them and told their users to uninstall IE Tab as the solution. Can't investigate further because their site is currently hosed. It looks like version 2.16 does fix both the IE Tab and Tab Mix Plus conflicts that cause the broken address and tab bars. So at least this version is better, if not fixing all their woes. It still adds the spam bookmarks and changes the default search plugin to their (broken) one. I'd argue this is enough to not approve 2.16 for public consumption either.
Summary: By popular demand, sandbox Fast Dial 2.15 and review pending update → By popular demand of 250+ reviews in one day, sandbox Fast Dial 2.15 and review pending update (many extension conflicts, bugs, spam bookmarks, changed search plugin, etc.)
Wow, count is more like 400 reviews screaming about this...
Summary: By popular demand of 250+ reviews in one day, sandbox Fast Dial 2.15 and review pending update (many extension conflicts, bugs, spam bookmarks, changed search plugin, etc.) → By popular demand of 400+ reviews in one day, sandbox Fast Dial 2.15 and review pending update (many extension conflicts, bugs, spam bookmarks, changed search plugin, etc.)
Got a case in #firefox just now, SUMO is now on the lookout for these issues also.
Thanks to whomever reviewed the pending update, version 2.16. Updating should allow users to at least fix the big bugs here, if they haven't already uninstalled the extension altogether. That's a step up, but the real question is: should 2.15/2.16 be allowed on AMO at all seeing as they hijack the default search engine without asking? I would think we should require at bare minimum a prompt on installation.
Summary: By popular demand of 400+ reviews in one day, sandbox Fast Dial 2.15 and review pending update (many extension conflicts, bugs, spam bookmarks, changed search plugin, etc.) → 500+ negative reviews say Fast Dial 2.15 is unacceptable (many extension conflicts, bugs, spam bookmarks, changed search plugin, etc.)
So, does 2.16 have the same objectionable contents or is this bug now just asking if 2.15 should be allowed on AMO?
(In reply to comment #10) > So, does 2.16 have the same objectionable contents or is this bug now just > asking if 2.15 should be allowed on AMO? It's better in the glaring bugs department but still does things I don't think we should allow for an extension on AMO. The search hijack being the top. There seems to already be another emergency update in the works which I hope does more. I think I found the source of those complaining that Fast Dial is adware giving them popup ads. Quoting from their front page via Google cache (seeing as they're down again): > Submitted by mafi0z on Wed, 01/07/2009 - 22:57 > With the recent release of FD 2.15 there has been a huge traffic > spike for UserLogos. This caused thousands of users to be redirected > to the iFastNet website, which was full of ad-ware and pop-ups. Many > believed this to be caused by Fast Dial, while it is Not. UserLogos > redirects users to iFastNet during high traffic to protect the > servers from crashing. Of course it still could technically be called adware because it adds a few spam bookmarks and a new default search plugin. I think this part has been fixed as I see a new error page when trying to go to their site. I also don't know what's on the search page it uses, again, because they're not capable of handling this new load they've created. I think the best route would be to get both 2.15/2.16 off of AMO at some point. The search hijack alone really confuses some users and should not be allowed. I don't know what they plan to do in 2.17.
I've contacted the developer as well to determine what's happening. I find this odd since they were recently on the recommended list and were doing great.
Yes, this really is quite bizarre. There actually looks like another 100 or so mostly negative reviews added in there since last update, but I'm giving up on updating the bug title. I don't see how they can really recover from this, and even though bug reports in reviews are generally frowned upon, I don't think AMO should be expected to clean up a mess like that. Many users seem to be switching to Speed Dial anyway. However, it might be a good idea to have an editor go through and delete a few reviews here and there to tone down the liberal usage of the F-word. :)
We're going to be looking at the add-on as well as the people that posted comments just to be sure of what's happening.
The author has contacted me and explained what happened. I've also included him in this bug and asked him to reply here. His explanation is as follows: "New version of Fast Dial has a lot of changes, including changed naming of stored images. So I decided in new version to clear old images and have all users thumbnails automatically re-generated on startup. Many users have upgraded to a new version and thumbnails started refreshing. As many users used logos from UserLogos site, this generated a very high traffic on UserLogos site, which triggered hosting provider's anti-DDOS protection system, which does redirect user to a page with ads. So instead of logos many people got ads. Then, for people to search for logos more easily I added UserLogos search plugin and made it selected by default on upgrade, so that people know about it. As people tried to search something, they accessed UserLogos and got redirected to ads page due to anti-DDOS protection. Then I added 3 bookmarks with logos into the beginning of users bookmarks: Gmail, UserLogos and aGoodCause - which is Fast Dial partner. These bookmarks are added only once in a lifetime: on a fresh install or when FD is upgraded from a version number below 2.15. Then, there were 3 bugs in this version: 1) I added a new tab bar icon displayed next to the "All tabs button" on the right side of the tab bar. This caused a conflict with Tab Mix Plus extension, which resulted in double-height tab bar. 2) In previous version Fast Dial used to intercept "about:blank" urls, and load Fast Dial page. In order to avoid conflict with new versions of Tab Mix Plus (double blank-tab opening), I made Fast Dial load only in newly opened tabs and if chrome://fastdial/content/fastdial.html url is entered. As Tab Mix Plus overrides BrowserOpenTab with its own function, TMP users had to specify TMP to open chrome://fastdial/content/fastdial.html in new tabs, to get FD displayed in new tabs. 3) Address bar bug - was caused by a conflict with IE Tab extension. The next day I issued version 2.16, which fixed these 3 bugs. Then I paid the hosting company for the upgrade of my hosting plan. The UserLogos site started giving normal error page. The next day in the morning I opened UserLogos site and discovered that it started redirecting to ads page again, so I contacted hosting provider support claiming to stop this redirection. They fulfilled the request, so UserLogos doesn't redirect anymore, though gives errors caused by lots of visitors." I've also asked him to explain why the search provided was changed which I expect will be answered here.
> Okay, that helps to explain alot. The other issue pointed out was that Fast Dial changed the default search provider from Google to something else. Is there a reason that needs to be changed when installing Fast Dial? I just thought people should know that UserLogos has its own search plugin. I didn't mean to insult them.
Guys, I have removed spam links, removed selection of search engine, fixed several bugs, including: - Opening new tab with TMP contains FD page without additional setup - High CPU load on upgrade from versions below 2.15. There was an error in code, restricting maximum 3 thumbnails refreshed simultaneously (others are queued), thus in fact restriction wasn't working. Version 2.18 is available from here: http://telega.phpnet.us/download/fastdial.2.18.xpi Could you review it? Thanks, telega
Telega: Thanks for making a good effort to correct the problems of this past release. I just took a quick look at 2.18 and the changes in that along with 2.16 look to have resolved my concerns. I would recommend that it go through the review process and be made public. I actually sympathize with your predicament here. In reading your explanation quoted in comment 15, I don't believe you really intended any of this. It's all quite logical, even though some of it probably could have been avoided. The ad stuff was bad and the overload should have been anticipated, but it wasn't done out of malice. The only thing I would consider to be a particularly bad move on your part is the change of the default search engine, which simply didn't take into account user expectations. I don't think you need to remove it outright; just don't set it to default. As to many of the other bugs, let this be a lesson to (attempt to) test in real world environments rather than just clean installs. Most users use (too many) other extensions and most of the big problems here could have been avoided by testing major changes in a profile with a shotgun install of most of the top add-ons. I think that after 2.18 (or later) is made public that 2.15 and 2.16 should be sandboxed as previously requested. Users will of course still be able to log in and install them, but this would make it clear that this issue was considered and there is a clear difference in 2.18.
Version 2.22b is public as of today. This looks good to me. Rey? Also filed bug 473090, but that one probably isn't Telega's fault. ;)
Version 2.16 was sandboxed in bug 473090. The main problematic version 2.15 is still public.
Yep looks good. Lots of positive ratings again. Thanks for the update telega.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
https://addons.mozilla.org/en-US/firefox/addons/versions/5721#version-2.22b is the latest; Verified FIXED (comment 18, comment 21, and comment 22, as well, helped).
Status: RESOLVED → VERIFIED
Since this has been fixed, no longer commonly reported. Thanks everyone!
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.