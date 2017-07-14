Popular Chrome Extension Sold To New Dev Who Immediately Turns It Into Adware (bleepingcomputer.com) 52
An anonymous reader writes: A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware. The latest case is the Particle for YouTube Chrome extension, a simple tool that allows users to change the UI and behavior of some of YouTube's standard features. Because Google was planning major changes to YouTube's UI, the extension's original author decided to retire it and create a new one. This is when the a mysterious company approached the original author and offered to buy the extension from him for a price of his choosing. The original dev says he gave them a high price, but the company agreed to pay right away, but only after the dev signed an non-disclosure agreement preventing him from talking about the company or the transaction. Soon after the sale, the company issued an update that included code for injecting rogue ads on websites such as Google, Yahoo, Bing, Amazon, eBay, and Booking.com. Users also found other Chrome extensions that were also bought by the same company and had also been turned into adware, such as "Typewriter Sounds" and "Twitch Mini Player." According to some other Chrome extension devs, there are many companies willing to pay large sums of money for taking over legitimate Chrome extensions.
Run it in a VM if necessary.
The top ad is annoying, but the side ad (and possibly JavaScript to keep it and the list of replies I have in the window) messes up scrolling for me. I need to right-click and have Chrome remove the content on every page load just to read Slashdot.
When the banner ad showed up, I mentioned that my adblocker didn't work on it. Someone suggested uBlock Origin, which is what I now use. No ads anywhere.
Looking at the uBlock icon above, it is blocking 11 items on this page. A couple days ago, one site had over 100 items blocked, with a few more new things being blocked every few seconds. I closed the tab soon after I finished reading the news item, and the count was about 170.
Missed opportunity (Score:4, Insightful)
Crap. Something told me I should have written some stupid, pointless yet viral Chrome extension a year ago.
Gotta hand it to them, this is lemonade from lemons no?
Future NDA clause: I hereby certify that I have never acted out the ___________ in a game of charades....
"communicated, or caused to be communicated" would cover it.
Give it to them in writing. Or sing it in a song? Draw some pictures?
Future NDA clause: I hereby certify that I have never acted out the ___________ in a game of charades....
I can get around that.
When I was a kid, every Sunday was game night. We either played board games like Monopoly or Life, or card games, or one game that I later found out was called Charades. We called it Cookie Barrel, because the slips of paper we acted out were in a giant cookie jar that looked like a wood barrel, and it had a 'sign' on the side that said "Cookie Barrel".
Kinda like this one: http://www.laurelleaffarm.com/... [laurelleaffarm.com]
Google: morons (Score:2)
We have known this has been happening for over a year [tumblr.com].
Still, this is approved, accepted and endorsed behavior, while AdNauseam is not [adnauseam.io].
Do no evil - not.
Brilliant (Score:4, Insightful)
Now we just need Google to update the Chrome extension policy to require
Re: (Score:3)
That's not realistic. If Microsoft makes an extension, they can't notify Google every time some little old lady buys or sells some shares from her retirement account. Similarly, if your chrome extension is owned by some Ireland holding company, and it is in turn owned by some Cayman holding company, and it is in turn owned by some, etc., there's no way to know or get reports that every entity that holds any stake has to report when it sells. And you don't even have to own the entity to get its profits. Y
If Microsoft makes an extension, they can't notify Google every time some little old lady buys or sells some shares from her retirement account.
Such immaterial transactions are not a change of beneficial ownership.
and it is in turn owned by some Cayman holding company, and it is in turn owned by some, etc., there's no way to know or get reports that every entity that holds any stake has to report when it sells.
And the day after, 0 extensions are developed for Chrome. Or to paraphrase Sterling Archer:
"Do you want to kill Chrome extension development completely? Because this is how you kill Chrome extension development completely"
The obvious question (Score:2)
Is there a Chrome extension to track shitty adware Chrome extensions?
"Users also found other Chrome extensions that were also bought by the same company..."
Or perhaps there's a way we can simply put in a filter and block this particular company...
Unless the two posts are by the same AC. (Probably BeauHD and msmash trying to drive up the comment count to pretend to stay relevant.)
Indecent Proposal (Score:2)
I wonder if Robert Redford would do a remake.
And as a dev, would I do it for a million dollars? Hmmm...
Souls must go for a shitload of money (Score:5, Insightful)
With the NDA, the adware will be blamed on the original developer (who's name would be on the Chrome App Store). I imagine that this could result in some cursing in various forums as well as hurtful ratings on the App Store. The biggest issue that I can see is when the developer is looking for a job; a simple Google search will identify the developer as scum-sucking vermin (or something worse) - with no way of (legally) explaining the situation to the prospective employer.
So, I would think that the payment must be enough for the developer to live comfortably for the rest of their lives under a new name.
With the NDA, we should probably not mention precisely what type of extension was sold, how the transaction went down, and so forth....
If the NDA is really that strict then it likely won't be enforceable if they took him to court, which would defeat the purpose of the NDA to start with since now their shenanigans are public records which the app developer can share with everyone.
> If the NDA is really that strict then it likely won't be enforceable if they took him to court
And therein lies the problem. Sure it's not enforceable but how many developers - especially ones looking for a job like in OPs example - have a bunch of cash they want to burn through to defend themselves in court over it?
Even an unenforceable NDA has a chilling effect if you can't pay to negate it in court.
with no way of (legally) explaining the situation to the prospective employer.
You can't NDA yourself in to a position where you are unable to lay correct claim to property. He is likely legally barred from describing the transaction itself, but that's a far step from being barred for saying e.g. "I sold the business to a 3rd party and had nothing to do with the plugin update."
After all, non-disclosure agreements are non-disclosure agreements. They aren't "lie about ownership" agreements.
find out who this spammer is (Score:2)
Did he say to end it there? I considered it a suggestion what to do for the entree. Ya know, the "get to know you" phase of the days to follow. Torture is much more personal and rewarding when you get to know your victim and what breaks not only their body but also their mind and soul.
Re:People trust extensions. (Score:5, Funny)
i just use a *hosts file.
* if you mention hosts file in a slashdot thread, or in a dark room, say "apk" 3 times in front of a mirror, you'll summon... HIM -- and you'll get a very detailed explanation (whether you want it or not.) on how a hosts file can keep you safe from all sorts of shenanigans.
WHERES MY FREE APP! 1 STAR RATING! (Score:1)
Irony (Score:2)
Adverts (Score:2)
Says the website giving me all kinds of shitty ads, since selling out, despite paying years ago for the "Disable Advertising" button.
I Ghostery'd the fucker years ago, but just checked and - yep - ads over all the fucking Slashdot pages.
