Popular Chrome Extension Sold To New Dev Who Immediately Turns It Into Adware

An anonymous reader writes: A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware. The latest case is the Particle for YouTube Chrome extension, a simple tool that allows users to change the UI and behavior of some of YouTube's standard features. Because Google was planning major changes to YouTube's UI, the extension's original author decided to retire it and create a new one. This is when the a mysterious company approached the original author and offered to buy the extension from him for a price of his choosing. The original dev says he gave them a high price, but the company agreed to pay right away, but only after the dev signed an non-disclosure agreement preventing him from talking about the company or the transaction. Soon after the sale, the company issued an update that included code for injecting rogue ads on websites such as Google, Yahoo, Bing, Amazon, eBay, and Booking.com. Users also found other Chrome extensions that were also bought by the same company and had also been turned into adware, such as "Typewriter Sounds" and "Twitch Mini Player." According to some other Chrome extension devs, there are many companies willing to pay large sums of money for taking over legitimate Chrome extensions.

Sounds like Slashdot

Popular website gets sold to new owners, who proceed to add even more ads to the website while decreasing the quality of stories that are posted.

Re:Sounds like Slashdot

[courteaudotbiz]

I would add that for the past 3 -4 months, the top banner is so invasive as to cover a third of the content, even when I scroll down. Ads on /. are getting annoying to the point that the site looks more like a giant advert than a geek site.

Re:Sounds like Slashdot

[Known+Nutter]

https://pi-hole.net/

Run it in a VM if necessary.

Re:Sounds like Slashdot

[Jason+Levine]

The top ad is annoying, but the side ad (and possibly JavaScript to keep it and the list of replies I have in the window) messes up scrolling for me. I need to right-click and have Chrome remove the content on every page load just to read Slashdot.

Re:Sounds like Slashdot

[I'm+New+Around+Here]

When the banner ad showed up, I mentioned that my adblocker didn't work on it. Someone suggested uBlock Origin, which is what I now use. No ads anywhere.

Looking at the uBlock icon above, it is blocking 11 items on this page. A couple days ago, one site had over 100 items blocked, with a few more new things being blocked every few seconds. I closed the tab soon after I finished reading the news item, and the count was about 170.

Re:Sounds like Slashdot

[johanw]

You mean you don't use an adblocker? Then you deserve what you get.

Re:Sounds like Slashdot

[K.+S.+Kyosuke]

Those guys will get what they deserve

A wall of almost-English text from APK about how his solution is superior?

Re:Sounds like Slashdot

Here are the uBlock filters I have for Slashdot:

slashdot.org##article:not([data-fhtype])
slashdot.org##iframe

Re:Sounds like Slashdot

[rpavlicek]

Privoxy (https://www.privoxy.org/) works pretty well too -- especially for /.

Re:Sounds like Slashdot

[bettodavis]

Sadly, more and more sites have adblocker detectors, and pester you about whitelisting them or plainly refuse to show their content.

Re:Sounds like Slashdot

[Trailer+Trash]

You mean you don't use an adblocker?

No, I don't, because I know that /. is supported by nothing but ad revenue, and if I want it to continue the owners have to make money to pay for their costs and hopefully make a little profit. It would be extremely selfish of me to deprive them of their revenue source while making use of their resources.

Then you deserve what you get.

If everybody uses ad-blockers, what we're all going to get is one giant paywall.

Re:Sounds like Slashdot

[CrashNBrn]

I've noticed a fair chunk of Javascript lately, is used to open|create websockets, and when a piece of that fails, due to inline-script block or similar, it causes the ad-block counters to run off the charts. Except when the websocket wasn't blocked? Firefox climed to 8GB of Ram in less than 30 mins.

Re:Sounds like Slashdot

[caseih]

In my experiences, sites that do that don't really have anything of value for me to see anyway, so I just go away. If I think I really want to see the page, I'll disable javascript and 90% of the time the content loads fine. Often when I do that I wouldn't have missed much if I'd just closed the tab and gone on my way.

Re:Sounds like Slashdot

[caseih]

That's why I also run ghostery (no I don't have it log in to their cloud). Slashdot has on average about 8 unnecessary javascript trackers on any given page.

Re:Sounds like Slashdot

[tquasar]

I haven't seen ads since the stoned ages. I don't mean The Flintstones.

Re: Sounds like Slashdot

the internet is eating its tail.

Good, because it has sucked balls for the last 5 years or so.

Re:Sounds like Slashdot

[CrashNBrn]

Aye, but uMatrix with just a handful of default rules blocks 99%+ of what Ghostery & uBlock do.

* * * block
* * css allow
* * frame block
* * image allow
* 1st-party * allow
* 1st-party frame allow

#Allow rules so stuff works, AND
#If /. still used google or amazon ads, then I would still see some ads here.

slashdot.org * cookie block
slashdot.org * css inherit
slashdot.org * image inherit
slashdot.org fsdn.com * allow
slashdot.org rpxnow.com * allow
slashdot.org slashcdn.com * allow
slashdot.org slashdot.org cookie allow
slashdot.org slashdotmedia.com * allow
slashdot.org doubleclick.net * allow
slashdot.org doubleclick.net frame allow
slashdot.org google.com * allow
slashdot.org google.com frame allow
slashdot.org googleads.g.doubleclick.net frame allow
slashdot.org googleadservices.com * allow
slashdot.org s3-us-west-2.amazonaws.com * allow

Re:Sounds like Slashdot

[chuckugly]

Either way they get no ad revenue from me, one way they drive me to an alternative, one way they don't.

Re:Sounds like Slashdot

[Darinbob]

Ads on slashdot? Never see them. Let my fire up my adblock/noscript free browser instance and see what Slashdot really looks like. Just a few seconds here...
Nope. Not seeing it. There's a small two line long advert at the top in beige and no images., it's no thicker than the normal headline+post details. There is all the stuff on the left but it's not hiding any text, and the majority vanished once I logged in.

Re: Sounds like Slashdot

There are certainly people who won't tolerate any ads, but most people understand they're a source of revenue for sites to pay the bills. However, I think most people wouldn't complain about a JPEG or an animated GIF that didn't load Javascript and wasn't pushing out or hiding malicious content. The problem is the ridiculous amount of scripts and trackers, many of which do push out malicious content to users. I personally have encountered malicious ads on this site, redirecting me to install bogus software updates.

I think most of us would accept subscriptions that provided extra features and removed ads, which is exactly what Slashdot once had. Although Slashdot has never been a top notch source of journalism, it was a good place for nerds to discuss technology and other nerdy stuff. Although Malda and many of his friends and colleagues earned a salary from the site, they were also nerds who actually cared about the site. People like Taco, Hemos, and CowboyNeal started this as a hobby, which just happened to take off. Unfortunately, Slashdot is no longer someone's hobby. Although it's long been an asset for a company to own, since the days of Andover.net, that's all it is now.

I remember when Slashdot went from one banner ad at the top of the page to larger ads on story pages between the summary and comments. Malda was apologetic about adding larger ads, despite them generally being applicable to the Slashdot audience and not being intrusive at all by today's standards. Users understood this was necessary for them to pay the bills, and there wasn't a lot of backlash. That's totally different from unapologetically loading up the site with loads of trackers and ads, then insulting users who complain about it.

Re:Sounds like Slashdot

[Immerman]

If they get no ad revenue from you, why should they care if they drive you away or not? You're just a freeloader adding to their overhead costs. (I say without having bothered to look at your posting history - maybe you're actually a valuable contributor whose posts help keep the ad-watching audience interested. But given the ever-declining comment quality here, that's not the way to bet for any particular freeloader.)

Re:Sounds like Slashdot

[chuckugly]

Yeah it's up to them whether the minuscule cost of me visiting X without seeing ads is worth the fact that if I'm not citing or linking X to my friends and so on, I will in fact be linking, recommending, and citing Y instead. I say let the market decide which is worth more. *shrug*

Re:Sounds like Slashdot

[John+Bodin]

I just realized that at work where I don't log into /. I have never seen one of those 1/3 screen adds appear, only here at home where I am logged in. No there is no ad blockers at work, hell their IT is lax with some security methods or lack there of.

Re: Sounds like Slashdot

[that+this+is+not+und]

We had Katz for awhile. I hope he wasn't getting paid though.

Re: Sounds like Slashdot

[that+this+is+not+und]

When you close a browser tab on Slashdot there is even a spinner widget of some sort at the screen bottom now, so the scripting even responds to the user manually closing a tab. That's a little eerie because I specifically close a tab to not iteract with a page anymore. It's not as bad as pages that throw pleading popups when you try to close, of course.

Re:Sounds like Slashdot

[Lotana]

Thank you so much for sharing! Sent a donation their way.

Re:Sounds like Slashdot

[I'm+New+Around+Here]

No need, except for the fact that the one I used didn't get rid of the banner ad. It made it go away only until I refreshed the page, or went to another story. Then the ad banner was back. So someone recommended uBlock, and that's what I switched to.

You can consider my post an ad if you want. I don't care.

Re:Sounds like Slashdot

[UnixUnix]

Indeed many sites throw a screen-sized remove-adblock message at you covering up content. Most can be handled though, e.g. in Chrome go into Inspect [ Ctrl-Shift-I , "Elements"], easily identify the offending element (auto highlights), right click - Delete element, and reload page. Takes a few seconds. The armies of evil will have to attack us with something more complex.

Re:Sounds like Slashdot

[mindwhip]

When I started reading /. (which is about a year before I first created this account) I was happy to exclude it in adblock as the advertising was mostly on target and not intrusive. About 6 months ago I reversed this situation so for this user at least the increase in advertising will mean LESS revenue.

Good job.

Re:Sounds like Slashdot

[I'm+New+Around+Here]

I was using the standard AdBlock when /. started that banner. I think I tried Adblock Plus as well, since I use that on some systems.

I could get the ad and the banner element to go away, but it returned after restarting the browser. I actually posted a message here on /. about it, saying I would stop visiting if I couldn't resolve that, and someone suggested uBlock Origin. Once installed, I told it to remove the banner ad, and I haven't seen it since.

Now that I think back, there was a side column ad, either here on /. or on another site, that behaved similarly. Could be removed, but just returned again. That also was fixed by uBlock.

Thanks for the response. Have a fun week.

Re:Sounds like Slashdot

[strikethree]

If everybody uses ad-blockers, what we're all going to get is one giant paywall.

That is fine.

The price is too high (losing control of my hardware/software), so that means no commerce at all.

That is fine with me. I do not need them but they do need my money or some way to monetize me. They will die and I will live. Am I supposed to cry?

Perhaps if they lowered their price we would do business of some sort but they want it all and will not compromise. Fine. Die.

Re:Sounds like Slashdot

[strikethree]

When the banner ad showed up, I mentioned that my adblocker didn't work on it. Someone suggested uBlock Origin, which is what I now use. No ads anywhere.

I just use noscript. I am not allergic to advertising or anything and would love to support Slashdot and similar sites by not blocking their ads... so I do not block their ads.

But I will burn in hell before I allow anyone to run a script on my computer.

Since I do not allow scripts and the advertisers are not satisfied without using scripts to control my "experience", I do not see any ads.

On another note, I visited Slashdot the other day on a browser without noscript... Holy SHIT! The site is unreadable. It reminds me of a 48 year old whore with makeup caked on and smothered in perfume. Just wow. I am surprised this site is still alive. Is everyone else running noscript too or are you all willing to suffer the abuse to read this site?

Re:Sounds like Slashdot

[Jason+Levine]

I don't mind ads if they are unobtrusive. Want to put in a banner ad and a sidebar ad? Fine. I consider the minor annoyance worth it if it brings the site enough revenue to continue to function. However, if the ad floods the entire top half of the screen and/or interferes with scrolling in an effort to keep the ad on screen, then that's too much.

I'm actually considering getting an ad blocker and only setting it for ads that cause issues like these.

Re:Sounds like Slashdot

[I'm+New+Around+Here]

I just looked at slashdot with Internet Explorer, and you're right. It's crazy with shit. I wouldn't mind seeing the weekly poll under my usual Chrome view of the site, or "This day in history". But if it is in a frame with a ton of ads, it's gone.

Missed opportunity

[Dan+East]

Crap. Something told me I should have written some stupid, pointless yet viral Chrome extension a year ago.

Re:Missed opportunity

[Maury+Markowitz]

Gotta hand it to them, this is lemonade from lemons no?

Re: Missed opportunity

[that+this+is+not+und]

Is it too late? I suppose you need to make it interesting enough that people will install it.

Brilliant

[Tempest_2084]

As devious and underhanded as this might be, it's actually pretty smart.

Re:Brilliant

[mysidia]

Now we just need Google to update the Chrome extension policy to require
The Developer MUST notify Google prior to any sale or acquiring, disposing, or changing beneficial ownership regarding any app software And disclose to all users the sale 30 days prior to any further software updates, details of the acquirer, and any other business the acquirer has regarding Chrome-related extensions, Otherwise, the author and publisher of any updated version agree to each pay Google the sum of $10 Million dollars, in the event the original developer or acquirer is negligent in their duty to notify.

Re:Brilliant

[Lobachevsky]

That's not realistic. If Microsoft makes an extension, they can't notify Google every time some little old lady buys or sells some shares from her retirement account. Similarly, if your chrome extension is owned by some Ireland holding company, and it is in turn owned by some Cayman holding company, and it is in turn owned by some, etc., there's no way to know or get reports that every entity that holds any stake has to report when it sells. And you don't even have to own the entity to get its profits. Your holding company in China can have a mere contract with your Cayman holding company for assignment of all profits *without* ownership. You can have another contract with some McKinsey consultant that she has administrative access *without* ownership. Many celebrities contract out their twitter and facebook accounts to professional management teams. Are they the owners of the twitter/facebook account? Like most laws, such a policy trying to "fix" the problem will only affect honest, good people, and have ZERO effect on the dishonest people it's trying to deal with since the dishonest bunch are more than happy to create a Russian nesting doll of legal entities and a labyrinth of contracts and profit assignments that would make a veteran CPA cry into a fetal position.

Re:Brilliant

[thegreatbob]

It would probably be sufficient to just nuke existing ratings when changing hands. Should discourage them from *immediately* going fully hostile.

Re:Brilliant

[barc0001]

And the day after, 0 extensions are developed for Chrome. Or to paraphrase Sterling Archer:

"Do you want to kill Chrome extension development completely? Because this is how you kill Chrome extension development completely"

Re:Brilliant

[mysidia]

If Microsoft makes an extension, they can't notify Google every time some little old lady buys or sells some shares from her retirement account.

Such immaterial transactions are not a change of beneficial ownership.

and it is in turn owned by some Cayman holding company, and it is in turn owned by some, etc., there's no way to know or get reports that every entity that holds any stake has to report when it sells.

It is in fact doable, and many companies already have such terms you have to sign for certain partnerships.
APP MAY NOT allowed to be BE specified, ALTERED OR ADMINISTERED by a 3rd party is just another contractual restriction.
Or they can simply allow the whole suspicious "Cayman holding company" structure to be used by owners of apps in the first place.

Re:Brilliant

[jellomizer]

I would call it clever, but not smart. Normally after abuse of a system which is left open for reasons of trying to be nice. Will tightly close down to more of the Apple Store Model, where these things are checked more thoroughly and rejected.
 

Re:Brilliant

[Wrath0fb0b]

My client and his LLC did not sell, dispose of, or change beneficial ownership of his plugin. They did enter into a an arrangement in which a outside contractor performed some technical work in exchange for profit-sharing guarantee in which the LLC pays them a fraction of net revenue for a specified period.

Yours Truly,
The first (but not the last) lawyer to poke a hole in your laughable terms.

[ Or, snark aside, there's plenty of ways for a plugin writer to change from good-guy to bad-guy without doing anything out of the ordinary business-wise. And I intentionally chose the contractor route because tons of companies contract out app/plugin development work, and so you can't even in theory ban the use of outside contractors to write code (let alone enforce it in practice). ]

Re:Brilliant

[Cajun+Hell]

Now we just need Google to update the Chrome extension policy...

No.

If the software in question ran outside of your browser, you would have immediately seen how silly this whole situation is, and how inadequate your proposed change is. So, ask yourself: what if the new version of a thing had adware, but that this was Python, or Thunar, or mpv or Apache or ...

We are fundamentally mis-handling how we get browser extensions. Google should have no say and no power in this, unless people just happen to think they are great repository maintainers.

We should be getting browser extensions from Debian or someone like that.

Re:Brilliant

[mysidia]

And who would enforce this type of regulation in the first place besides the ambulance chasing lawyers.

The point is just to instill some fear in the majority extension developers against trying to sell out to some fly-by-night operation, because
the average app developer could be facing significant risk of liability.

The concept is not to capture 100% of cases, But to reduce how "enticing" 3rd party buyout offers are likely to appear.

Re:Brilliant

[beastofburdon]

I've got a better one than that. When the extension updates and the publisher has changed since the last one, give a warning dialogue telling them who the original publisher was and who the new one is. This wouldn't work in all cases, like when they sell the whole company, but it would work for a large percentage. You could also require them to tell Google about the owner change, which would make my first idea work better.

The obvious question

[geekmux]

Is there a Chrome extension to track shitty adware Chrome extensions?

"Users also found other Chrome extensions that were also bought by the same company..."

Or perhaps there's a way we can simply put in a filter and block this particular company...

Re:The obvious question

[JackieBrown]

There is but the company from the article bought it. ;)

Indecent Proposal

[the_skywise]

And this is the 21st century version of this movie...

I wonder if Robert Redford would do a remake.

And as a dev, would I do it for a million dollars? Hmmm...

Souls must go for a shitload of money

[mykepredko]

With the NDA, the adware will be blamed on the original developer (who's name would be on the Chrome App Store). I imagine that this could result in some cursing in various forums as well as hurtful ratings on the App Store. The biggest issue that I can see is when the developer is looking for a job; a simple Google search will identify the developer as scum-sucking vermin (or something worse) - with no way of (legally) explaining the situation to the prospective employer.

So, I would think that the payment must be enough for the developer to live comfortably for the rest of their lives under a new name.

Re:Souls must go for a shitload of money

[bluefoxlucid]

With the NDA, we should probably not mention precisely what type of extension was sold, how the transaction went down, and so forth....

Re:Souls must go for a shitload of money

[Njorthbiatr]

If the NDA is really that strict then it likely won't be enforceable if they took him to court, which would defeat the purpose of the NDA to start with since now their shenanigans are public records which the app developer can share with everyone.

Re:Souls must go for a shitload of money

[barc0001]

> If the NDA is really that strict then it likely won't be enforceable if they took him to court

And therein lies the problem. Sure it's not enforceable but how many developers - especially ones looking for a job like in OPs example - have a bunch of cash they want to burn through to defend themselves in court over it?

Even an unenforceable NDA has a chilling effect if you can't pay to negate it in court.

Re:Souls must go for a shitload of money

[thegarbz]

with no way of (legally) explaining the situation to the prospective employer.

You can't NDA yourself in to a position where you are unable to lay correct claim to property. He is likely legally barred from describing the transaction itself, but that's a far step from being barred for saying e.g. "I sold the business to a 3rd party and had nothing to do with the plugin update."

After all, non-disclosure agreements are non-disclosure agreements. They aren't "lie about ownership" agreements.

Re:Souls must go for a shitload of money

[mykepredko]

RTFA and look at the Particle extension (https://chrome.google.com/webstore/detail/particle/bpmpggcmojdddlmihdbobccijhkkjpan?hl=en). Still the original author.

I'm pretty sure the NDA says the author IS barred from saying "I sold the business to a 3rd party and had nothing to do with the plugin update." The individual/company buying the extension want to take advantage of the goodwill the author originally came up with.

Hopefully, for Aiden, he got enough money to make it worth it.

Re:Souls must go for a shitload of money

[Gavagai80]

Hopefully, for Aiden, he got enough money to make it worth it.

And hopefully, for the rest of the world, he gets sued into oblivion or goes to jail for it. If you agree to not disclose the fact that you sold something, that should be an agreement to continue to take legal responsibility for the actions of those you secretly sold to.

Re:Souls must go for a shitload of money

[mykepredko]

Agreed.

Re:Souls must go for a shitload of money

[Khyber]

"Even an unenforceable NDA has a chilling effect if you can't pay to negate it in court."

Go to court. See that little thing on the filing papers where it says "Waive all fees as I cannot afford attorneys or other filing fees, etc."

Check that little box, prove you can't afford an attorney to the judge, and get the NDA fucked anyways.

Re:Souls must go for a shitload of money

[crunchygranola]

Of course he got paid a hefty sum in return for that NDA. Are you suggesting that it is a good strategy to deceive the court? You can bet that any attorneys for the scamware company will be eager to call that to judge's attention.

Re:Souls must go for a shitload of money

[barc0001]

That is one of the stupidest ideas I've heard all year. Your advice is to represent yourself in a contract dispute - which is something 99.999% of the planet is NOT equipped to do. Might as well not waste everyone's time including your own and just get to the penalties phase. That way you can avoid paying court costs.

Re:Souls must go for a shitload of money

[thegarbz]

I'm pretty sure the NDA says the author IS barred from saying "I sold the business to a 3rd party and had nothing to do with the plugin update."

I'm sure it does say that. However that would make it not legally enforceable. As I said you can't NDA away your ability to lay claim to property. I can't make you sign an NDA that says you're not allowed to tell anyone you no longer own your house after you sell it. There are many things you can try and sign away that legally you can't actually do.

Re:Souls must go for a shitload of money

[thegarbz]

Sure it's not enforceable but how many developers - especially ones looking for a job like in OPs example - have a bunch of cash they want to burn through to defend themselves in court over it?

Even an unenforceable NDA has a chilling effect if you can't pay to negate it in court.

This isn't David vs Goliath. The small scam company is even less likely to want to engage in a frivolous lawsuit than the developer wanting to defend it. And given that the story has already come out with exactly the kind of details that you suggest are being sequestered ... well the number is at least 1.

Re:Souls must go for a shitload of money

[mykepredko]

barc0001's comment is the best on this thread.

Maybe they can't, but how many people can afford to defeat their challenge to the legality of of what you signed in court?

Re:Souls must go for a shitload of money

[ChoGGi]

Well, he already did exactly that (at least on Github)
https://github.com/ParticleCor...

Re:Souls must go for a shitload of money

[angel'o'sphere]

So you are not selling your Apps under an 'artists name'?

Re: Only LUDDITES hate apps.

[sinij]

I don't think you understand how trolling works. Your response only encourages more nonsense like OP.

Re:How to neuter NDAs.

[thegreatbob]

Give it to them in writing. Or sing it in a song? Draw some pictures?

Future NDA clause: I hereby certify that I have never acted out the ___________ in a game of charades....

Re:Chrome extentions are the new toolbars.

[thegreatbob]

Pale moon... not sure what you're talking about there. Home page defaults to 'start.palemoon.com' (redirects to palemoon.start.me) ... it's easy to change it. It even still has the ability to start with a truly blank page.

Re:People trust extensions.

[rogoshen1]

i just use a *hosts file.

* if you mention hosts file in a slashdot thread, or in a dark room, say "apk" 3 times in front of a mirror, you'll summon... HIM -- and you'll get a very detailed explanation (whether you want it or not.) on how a hosts file can keep you safe from all sorts of shenanigans.

Re:People trust extensions.

[thegreatbob]

Only thing I throw on top of that is a link re-writer for eliminating search engine tracking links. That and DownThemAll.

Re:People trust extensions.

[thegreatbob]

It should also be fairly clear that I do not use Chrome. Minimalism and caution when dealing with plugins is relevant to any browser.

Google: morons

[emil]

We have known this has been happening for over a year.

Still, this is approved, accepted and endorsed behavior, while AdNauseam is not.

Do no evil - not.

Re:Google: morons

[Gavagai80]

Blocking an attempt to commit widespread fraud is not evil. You're lucky to not go to jail for running AdNauseam, since it is literally draining people's bank accounts on false pretenses. (And actually sending that money to google... but they block it anyway because they don't want to be dishonest.)

Re: Only LUDDITES hate apps.

[Nutria]

Unless the two posts are by the same AC. (Probably BeauHD and msmash trying to drive up the comment count to pretend to stay relevant.)

Adverts

[ledow]

Says the website giving me all kinds of shitty ads, since selling out, despite paying years ago for the "Disable Advertising" button.

I Ghostery'd the fucker years ago, but just checked and - yep - ads over all the fucking Slashdot pages.

I get this periodically for my little FF extension

[rsilvergun]

and it didn't take me long to figure out what the guys offering to 'buy' it were planning. They've been doing this for at least the 4 years I've been writing an extension.

Re:find out who this spammer is

[Opportunist]

Did he say to end it there? I considered it a suggestion what to do for the entree. Ya know, the "get to know you" phase of the days to follow. Torture is much more personal and rewarding when you get to know your victim and what breaks not only their body but also their mind and soul.

Re:How to neuter NDAs.

[BradleyUffner]

"communicated, or caused to be communicated" would cover it.

Re:How to neuter NDAs.

[I'm+New+Around+Here]

Give it to them in writing. Or sing it in a song? Draw some pictures?

Future NDA clause: I hereby certify that I have never acted out the ___________ in a game of charades....

I can get around that.

When I was a kid, every Sunday was game night. We either played board games like Monopoly or Life, or card games, or one game that I later found out was called Charades. We called it Cookie Barrel, because the slips of paper we acted out were in a giant cookie jar that looked like a wood barrel, and it had a 'sign' on the side that said "Cookie Barrel".

Kinda like this one: http://www.laurelleaffarm.com/...

So, unless the NDA specifically says I am not allowed to play Cookie Barrel concerning the sale, I can sign the paper with no worries.

Re:WHERES MY FREE APP! 1 STAR RATING!

[I'm+New+Around+Here]

The parents punish the children for their hunger. I'm happy to feed all the poor children, if we take them from their parents who decide to have kids when they don't have the money to support them. Follow that up with spay-n-neuter of the parents, and the situation will be under control very soon.

Got hit by this last week

[ThomasSpaziani]

Out of nowhere, any site I went to and clicked anywhere on the page would open popups and other webpages.. I narrowed it down to my video downloader extension. Seems these guys are on a crusade to buy up a lot of them.

Re:Got hit by this last week

Same here, almost. I had been using youtube plus, and I had hand-audited the code and made modifications to remove any google analytics that was embedded. Then it updated, but luckily when I saw the extension get renamed and then it wanted further permissions to view data on ALL sites not just youtube, I knew something was up. I had seen postings about this sort of practice before with popular extensions getting bought out by scummy companies to abuse the install base.

So I just promptly clicked the remove button and didn't think anything of it, since the new youtube UI was coming soon and it did pretty much what I wanted from the extension originally (larger videos in the browser tab but not fullscreen). Day or so later I see this article posted... hah. Dodged a bullet there.

A more realistic approach

[davidwr]

Now we just need Google to update the Chrome extension policy to require
The Developer MUST notify Google prior to any sale or acquiring, disposing, or changing beneficial ownership regarding any app software

Better: Whether a program changes hands or not, impose a requirement that new versions which are "substantially different" from previous versions with respect to feature-removal or the addition of revenue- or marketing-components will require a big bold warning and will not be eligible for any kind of automated updates from prior versions.

Furthermore, reviews based on previous versions will be segregated from reviews of new versions. In such cases, developers will be encouraged to keep the "old" version available for download.

What if he is a victim of a hack?

[140Mandak262Jamuna]

The original developer signed an NDA and could not talk about it.

Let us say his computer gets hacked and some unknown thirdparty finds all the dirty laundry. And this hacker blabs all over the media about the deal. Now the original developer is not responsible for the behavior of the hacker right? She/He is also a victim of the hacker. If the original developer is able to show that she/he was not negligent then she/he is off the hook.

I am not suggesting the original hacker to leak all information and blame it on Russian hackers ... before making sure he/she can make the blame stick.

Auto Update

[sexconker]

This is why you turn auto update OFF for apps and plugins.
Let shit notify you that updates are available. But don't let shit automatically apply them.

Re:Auto Update

[CrashNBrn]

This is just one of the many reasons why you don't use Chrome as your primary browser. Firefox has had Mozilla-signed extensions for year(s) now to protect the non-developers.

Re:Auto Update

[CrashNBrn]

No it's not. To release an updated extension it needs to be re-signed by Mozilla. You think they will re-sign an extension that does this? Right.

Re:Auto Update

[CrashNBrn]

Mozilla has a community built around their browser and around the extension add-on repository. Chrome has an "addon-store of abandoned addons".

Re:Auto Update

[CrashNBrn]

Which is why you don't hear about this stupid bullshit occuring over on the Mozilla side of the fence.

Hapens with Android apps too

[johanw]

I suddenly saw that my favorite simple calculator app was bought by some (Austrian I think) company who added some caller ID spyware in it. Fortunately I kept the apk of an older version around. When I reaearched I found out this shit company (Appsbuyout) does this with more apps.

Re:Hapens with Android apps too

[LeftCoastThinker]

This kind of thing is fraud, and it is high time that any developer or company that buys the developer or an app needs to be held to account, criminally (i.e. PMITA prison time) for the practice of selling an app, then updating it later removing features or adding adware/other unwanted shit not in the original app that you bought.

It is like buying a car, and then when you take it in for a oil change the dealer rips out the seats and replaces them with lawn chairs while selling the seats to a third party. It would be a no-brainer in the phsyical world, but due to international borders, abstraction of software, etc. this crap goes largely unpunished.

At the very least, the companies and individuals involved should be blackballed by Google and Apple and banned for life from submitting any apps to the app store or owning any apps/updating any apps listed in the app store. It is in Google/Apple's best interest to protect their users from this kind of crap.

Re:How to neuter NDAs.

[bws111]

If the NDA is used by anyone at least half competent, you won't find out what you are agreeing to not disclose until AFTER you have signed the agreement.

Re:How to neuter NDAs.

[bws111]

It is called a Non DISCLOSURE Agreement for a reason.

Chrome Store links in the summary seem dead now

The links to the Chrome Store mentioned in the summary seem to be dead now.

Not new

[Balthisar]

Here's a story from 2014 about the same thing. I got bit by this bogus behavior around this time, too. I can't remember what the extension was, but whatever it was was something very useful that I probably don't miss now that I can't remember it.

Yup

[XSportSeeker]

Been happening for a while now, which is why I went plugin agnostic with only big names not expected to sellout anytime soon.

Re:WHERES MY FREE APP! 1 STAR RATING!

[avandesande]

When I was a child my father worked in a App factory, he used to bring them home and that's what we ate for dinner!

Re:People trust extensions.

[radarskiy]

Can APK make a host file so strong that not even APK can spam through it?

bring me a lawyer!

[4wdloop]

"The original dev says he gave them a high price, but the company agreed to pay right away, but only after the dev signed an non-disclosure agreement preventing him from talking about the company or the transaction. "

Trouble?

Re: Only LUDDITES hate apps.

[DMFNR]

No you shut the fuck up, the APPS! Guy brightens my day every time I see a post from him.

Fuck LavaSoft AdAware too

Same sort of thing happened to Lavasoft AdAware which was once trusted anti-malware anti-adware software. AVOID IT! https://malwaretips.com/threads/lavasofts-new-scam-artist-owners.3279/ https://en.wikipedia.org/wiki/Lavasoft#Controversies

Re:Fuck LavaSoft AdAware too

Thanks for the headsup, I had it installed on relatives windows box. Gotta head over sometime and uninstall that.

Re:I get this periodically for my little FF extens

[ChoGGi]

Little? I've a FF extension with about six thousand users, and I regularly get these offers as well.

The problem is chrome

[allo]

Chrome does not allow to disable updates, it doesn't even notify you of extension updates.
Then it is clear, why people buy addons to buy userbases. You can push whatever code you want to the users. Be glad, they didn't replace your banking site with some phishing website.

Re:How to neuter NDAs.

[Hognoxious]

I never knew DeVry had a law school.

Re:You use MY hosts file in fact... apk

[rogoshen1]

Harmless joke -- just poking fun at your spamming; don't be so sensitive.