Popular Chrome Extension Sold To New Dev Who Immediately Turns It Into Adware

An anonymous reader writes: A company is going around buying abandoned Chrome extensions from their original developers and converting these add-ons into adware. The latest case is the Particle for YouTube Chrome extension, a simple tool that allows users to change the UI and behavior of some of YouTube's standard features. Because Google was planning major changes to YouTube's UI, the extension's original author decided to retire it and create a new one. This is when the a mysterious company approached the original author and offered to buy the extension from him for a price of his choosing. The original dev says he gave them a high price, but the company agreed to pay right away, but only after the dev signed an non-disclosure agreement preventing him from talking about the company or the transaction. Soon after the sale, the company issued an update that included code for injecting rogue ads on websites such as Google, Yahoo, Bing, Amazon, eBay, and Booking.com. Users also found other Chrome extensions that were also bought by the same company and had also been turned into adware, such as "Typewriter Sounds" and "Twitch Mini Player." According to some other Chrome extension devs, there are many companies willing to pay large sums of money for taking over legitimate Chrome extensions.

Sounds like Slashdot

Popular website gets sold to new owners, who proceed to add even more ads to the website while decreasing the quality of stories that are posted.

Re:Sounds like Slashdot

[courteaudotbiz]

I would add that for the past 3 -4 months, the top banner is so invasive as to cover a third of the content, even when I scroll down. Ads on /. are getting annoying to the point that the site looks more like a giant advert than a geek site.

Re:Sounds like Slashdot

[Known+Nutter]

https://pi-hole.net/

Run it in a VM if necessary.

Re:Sounds like Slashdot

[I'm+New+Around+Here]

When the banner ad showed up, I mentioned that my adblocker didn't work on it. Someone suggested uBlock Origin, which is what I now use. No ads anywhere.

Looking at the uBlock icon above, it is blocking 11 items on this page. A couple days ago, one site had over 100 items blocked, with a few more new things being blocked every few seconds. I closed the tab soon after I finished reading the news item, and the count was about 170.

Re:Sounds like Slashdot

[johanw]

You mean you don't use an adblocker? Then you deserve what you get.

Re:Sounds like Slashdot

[K.+S.+Kyosuke]

Those guys will get what they deserve

A wall of almost-English text from APK about how his solution is superior?

Re:Sounds like Slashdot

[Trailer+Trash]

You mean you don't use an adblocker?

No, I don't, because I know that /. is supported by nothing but ad revenue, and if I want it to continue the owners have to make money to pay for their costs and hopefully make a little profit. It would be extremely selfish of me to deprive them of their revenue source while making use of their resources.

Then you deserve what you get.

If everybody uses ad-blockers, what we're all going to get is one giant paywall.

Missed opportunity

[Dan+East]

Crap. Something told me I should have written some stupid, pointless yet viral Chrome extension a year ago.

Souls must go for a shitload of money

[mykepredko]

With the NDA, the adware will be blamed on the original developer (who's name would be on the Chrome App Store). I imagine that this could result in some cursing in various forums as well as hurtful ratings on the App Store. The biggest issue that I can see is when the developer is looking for a job; a simple Google search will identify the developer as scum-sucking vermin (or something worse) - with no way of (legally) explaining the situation to the prospective employer.

So, I would think that the payment must be enough for the developer to live comfortably for the rest of their lives under a new name.

Re:Souls must go for a shitload of money

[barc0001]

> If the NDA is really that strict then it likely won't be enforceable if they took him to court

And therein lies the problem. Sure it's not enforceable but how many developers - especially ones looking for a job like in OPs example - have a bunch of cash they want to burn through to defend themselves in court over it?

Even an unenforceable NDA has a chilling effect if you can't pay to negate it in court.

Re:People trust extensions.

[rogoshen1]

i just use a *hosts file.

* if you mention hosts file in a slashdot thread, or in a dark room, say "apk" 3 times in front of a mirror, you'll summon... HIM -- and you'll get a very detailed explanation (whether you want it or not.) on how a hosts file can keep you safe from all sorts of shenanigans.

Re:Brilliant

[Lobachevsky]

That's not realistic. If Microsoft makes an extension, they can't notify Google every time some little old lady buys or sells some shares from her retirement account. Similarly, if your chrome extension is owned by some Ireland holding company, and it is in turn owned by some Cayman holding company, and it is in turn owned by some, etc., there's no way to know or get reports that every entity that holds any stake has to report when it sells. And you don't even have to own the entity to get its profits. Your holding company in China can have a mere contract with your Cayman holding company for assignment of all profits *without* ownership. You can have another contract with some McKinsey consultant that she has administrative access *without* ownership. Many celebrities contract out their twitter and facebook accounts to professional management teams. Are they the owners of the twitter/facebook account? Like most laws, such a policy trying to "fix" the problem will only affect honest, good people, and have ZERO effect on the dishonest people it's trying to deal with since the dishonest bunch are more than happy to create a Russian nesting doll of legal entities and a labyrinth of contracts and profit assignments that would make a veteran CPA cry into a fetal position.