Slashdot Mirror

← Back to Stories (view on slashdot.org)

NoScript Adds Subscriptions To Adblock Plus

Posted by Soulskill on from the countermeasures-and-counter-countermeasures dept.

hahiss writes "Apparently, NoScript has taken to adding its own whitelist updates to Adblock Plus — so that the ads on the NoScript page show up — without notifying users. (It is described on the NoScript addon page, however.) This was a part of the last update to NoScript. Wladimir Palant, the main developer of Adblock Plus, describes the situation in an informative blog post." Update — 5/02 at 12:30 GMT by SS: Reader spyrochaete notes that "InformAction, makers of the NoScript extension for Firefox, have removed the recently introduced AdBlock exceptions which unblocked the revenue-producing ads on the NoScript homepage with little or no warning to the user. According to the changelog, InformAction pushed out an update specifically addressing this controversial decision 'permanently and with no questions asked.'"

10 of 408 comments (clear)

  1. Indicative of more serious problem? by Redacted · · Score: 5, Interesting

    This highlights a security problem: if addons can affect/patch each other, how can you ensure the integrity of the browser?

    Example: a malicious addon is released, and it takes some time before the malicious behaviour is discovered, and people delete the addon. But has it injected malicious code into other addons on the system? Now you have to remove all addons to be sure.

    Is this outlandish or possible? Has Mozilla implemented any security against such an attack?

    1. Re:Indicative of more serious problem? by mattwarden · · Score: 3, Interesting

      Thank you! Finally someone points out the real problem. If this was a story about a Windows app, it wouldn't have taken NEARLY as long for someone to point out that the real issue is lack of security with the platform.

  2. Re:Its GPL licenced, someone should fork it. by bob+whoops · · Score: 5, Interesting

    Why does noscript need to be updated that often, if ever? What happens in these updates anyway? I honestly cannot tell the difference in functionality in noscript now and when I first downloaded it a few years ago. Someone should fork it, strip out the crap, and then never update it again (except security fixes, etc.)

  3. Re:I would complain by PopeRatzo · · Score: 5, Interesting

    The author of the article says this is a problem he predicted would happen if we didn't "give extension developers a way to make money".

    Now it's our job to "give" developers a way to make money?

    It amuses me when someone decides to use the "free" model of software development, making an application and then not charging for it, and then gets offended because he's not making money.

    Dude, if you're smart enough to come up with a useful app, I bet you can figure out a way to monetize it.

    I hear the same thing from artists who post all their work for free and then complain about being poor. Job 1 is survival, no matter how creative you are. You have to keep body and soul together if you're going to make a contribution. Same with guys who fix all their friends' computers and then get mad because they're fixing all their friends' computers. All passive-aggressive wearing "Don't Ask Me To Fix Your Computer" t-shirts. Grow some minerals and say "I'll have to charge you". You'd be surprised how reasonable people are when you're not a dick.

    --
    You are welcome on my lawn.
  4. Re:Links are helpful by el+americano · · Score: 5, Interesting

    I always thought the incremental updates to NoScript were too frequent to be entirely for the benefit of its users.

    1) Involuntary web page visits after an update
    2) serve ads
    3) no step 3
    4) profit

    He probably looks for any typo that he can fix to get the next update out on time. At some point he needs to just call it adware, and I think we'd all agree that point has been reached. I'm now going find a way to avoid going to his page after an update, that way it won't matter if his ads were blocked or not.

    --
    Those are my principles. If you don't like them I have others. -Groucho Marx
  5. Re:Really Smart by MattHawk · · Score: 5, Interesting

    It's not actually illegal. It is, however, apparently against the Mozilla Addon ToU (https://addons.mozilla.org/en-US/firefox/pages/policy) - that was the original terms under which the ABP author asked the NS author to remove the code in NS that intentionally harmed ABP's operation.

  6. Re:Sleazy and disgraceful by scdeimos · · Score: 4, Interesting

    This behaviour is disgraceful, and Noscript should be blocked by Mozilla (is this possible?...

    Yes, read the Addons.Mozilla.Org policy page. All versions of add-ons are supposed to start out in the the Sandbox for review before they can go into the Public area. They can just as easily be kicked-back into the Sandbox if it's later shown that there's something wrong with them.

    I heartily recommend that you file a complaint with the AMO editors, amo-editors_atsymbol_mozilla.org, since NoScript is clearly violating the following rule:

    Do the add-on and add-on author both treat the user respectfully?
    Your software should not intrude on the user unnecessarily, try to trick the user, or conceal any of its activities from the user.

    How the obfuscated code in NoScript's content/noscript/MRD.js file got through the Sandbox review process is a question I'd like to see answered - perhaps only the initial add-on versions are reviewed and then updates get fast-tracked. AMO reviewers are all unpaid volunteers and are probably overwhelmed by the number of submissions, so this wouldn't surprise me.

  7. Re:Links are helpful by el+americano · · Score: 4, Interesting

    but the Mozilla Add-on Policy requires them to inform you in some detail of what is being changed by an update. Since you're in a browser, a web page seems the logical way to do it.

    Maybe you shouldn't update them all at the same time?

    --
    Those are my principles. If you don't like them I have others. -Groucho Marx
  8. Re:Really Smart by Xibby · · Score: 4, Interesting

    Personally, I don't see the big deal in blocking advertising. Most good sites aren't too in your face about it and it helps keep them running. I haven't run ABP in years because of it and I've found some of the ads to be useful.

    Following the same logic (sites need revenue from ads to stay operational) I too did not use the Adblock Plus add in.

    Until one day when I was served the most annoying ad ever. I was attempting to read an lengthy article while listening to my favorite internet stream at the time, when my ears were assaulted with a sound that made GSM interference sound pleasant.

    On the page with the lengthy article I was planning to read, I was presented with a "punch the monkey" type flash ad. Only this ad was hit some evil ninja villain. The Flash ad was the source of the horrendous noise. The Flash programmer had set the the thing to loop infinitely and disable all of the flash plug-ins controls. Every time I refreshed the web page the same ad was served up again.

    That's when I changed my position. I loaded up NoScript and Adblock Plus, and this annoyance was no more. I've never looked back. I was pushed too far, and it won't happen again. Ever.

    --
    I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
  9. Re:Personally, I couldn't care less. by Zumbs · · Score: 3, Interesting

    According to TFA (check out the comments of Wladimir), the codebase of NoScript is a mess, and the author recommends that one starts from scratch in stead of forking out. JavaScript also does have its uses, most notably it allows for a lot of stuff to be handled clientside, speeding up the user experience and reducing the load on the servers of the website. The FF addon closest to NoScript is NoFlash, but it only blocks flash applications.

    --
    The truth may be out there, but lies are inside your head