Main Area and Open Discussion > General Software Discussion

When an arguably free service turns ad supported

<< < (2/2)

app103:
In case you missed this about a month ago...

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates

One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome's extensions, which are updated by the extension owners. This means that it's up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.
 
 To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension.

We ought to clarify here that Google isn't explicitly responsible for such unwanted adware, but vendors are exploiting Google's extension system to create a subpar—and possibly dangerous—browsing experience. Ars has contacted Google for comment, but we haven't heard back yet. We'll update this article if we do.

Update: Google got back to us, and stated that Chrome's extension policy is due to change in June 2014. The new policy will require extensions to serve a single purpose.

A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the "Add to Feedly" extension. One morning, Agarwal got an e-mail offering "4 figures" for the sale of his Chrome extension. The extension was only about an hour's worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account. A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links. Chrome's extension auto-update mechanism silently pushed out the update to all 30,000 Add to Feedly users, and the ad revenue likely started rolling in. While Agarwal had no idea what the buyer's intention was when the deal was made, he later learned that he ended up selling his users to the wolves. The buyer was not after the Chrome extension, they were just looking for an easy attack vector in the extension's user base.
--- End quote ---

http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/

TaoPhoenix:
Let's add a new entry to this list!

I thought I liked StartPage as a "private" search engine. But just now, when loading up the "advanced" search version, I see some fishy stuff while the page loads.  Does someone have a tool that "captures" all the sources that load into a page? It flashes pretty fast, but I'll summarize it.

connecting/reading/transferring
(best guess)
intext.nav-links.com
i_rvzrjs_info.tlscdn.com
superfish.com
gir.driveopti.net

And more. Who is all that?! And why are they on the "private search engine"?!
:mad:

Update:
A rogue extension seems to have gotten into my browser! So that's a different topic and it might render my comment void.

wraith808:
In case you missed this about a month ago...

-app103 (March 01, 2014, 02:36 AM)
--- End quote ---

Nope... didn't miss it.  Indeed, I posted it.  This is *totally* different.  The extension hasn't changed hands.  It's actually quite solvent.  It's just a change in direction.  Which is to some extent, even worse IMO.

http://www.wisestamp.com/

And the bad thing is- no one is talking about it or complaining about it in such a high profile extension!  And it's not like they couldn't have warned me... they send adverts to me about specials and changes all the time.  Why not this?  I even did a search through my e-mail to see if I just missed it.  Gave them a chance by trying to contact them... and they're silent.

I even checked the privacy policy and the terms of service to see if there was any mention of this change:

http://www.wisestamp.com/privacy-policy

http://www.wisestamp.com/terms

Don't see anything there either.

The only thing they *may* be trying to stand on is this part:
You acknowledge and agree that: (a) WiseStamp may remove any User Generated Content and/or discontinue your use of the Platform in its sole discretion with or without any reason; (b) WiseStamp may integrate commercials and advertisements, whether within or beside the Site and/or the Platform. All the information contained in such commercials and advertisements belongs solely to the advertisers and WiseStamp makes no warranties or representations as to such advertisements, whether or not WiseStamp has control over such advertisements. WiseStamp, advertisers, publishers and/or other third-parties may be entitled to certain shares of the earnings for such commercials and advertisements. You agree, acknowledge and consent that you have no rights to receive any compensation whatsoever with respect to any revenue share or other monetary amounts pertaining to commercials and advertisements on the Platform.

--- End quote ---

But I totally understood they could have ads within their platform.  But the whole browser is not their platform.  There were ads in my signature for the service.  Even though I could remove those, I never did- it was just a simple unadorned link so I didn't really see the harm- and they gave you the ability to remove it.  There were ads in the settings dialog- and that was fine too.  They were unobtrusive, and I didn't go in the settings often in any case.  But injecting ads into another unrelated page?

wraith808:
Addenda: Igor Ljubuncic at the Dedoimedo  :-* blog has post regarding some of Mozilla's latest 'monetization' antics that I think apply equally well to some of the transparency and honesty issues raised by Wraith here.

<snip />

Read the whole article here.
-40hz (March 01, 2014, 01:53 AM)
--- End quote ---

Thanks for this!  It's great!  And sad...

Navigation

[0] Message Index

[*] Previous page