Mozilla recently removed every version of uBlock Origin Lite from their add-on store except for the oldest version.
Mozilla says a manual review flagged these issues:
Consent, specifically Nonexistent: For add-ons that collect or transmit user data, the user must be informed…
Your add-on contains minified, concatenated or otherwise machine-generated code. You need to provide the original sources…
uBlock Origin’s developer gorhill refutes this with linked evidence.
Contrary to what these emails suggest, the source code files highlighted in the email:
- Have nothing to do with data collection, there is no such thing anywhere in uBOL
- There is no minified code in uBOL, and certainly none in the supposed faulty files
Even for people who did not prefer this add-on, the removal could have a chilling effect on uBlock Origin itself.
Incidentally, all the files reported as having issues are exactly the same files being used in uBO for years, and have been used in uBOL as well for over a year with no modification. Given this, it’s worrisome what could happen to uBO in the future.
And gorhill notes uBO Lite had a purpose on Firefox, especially on mobile devices:
[T]here were people who preferred the Lite approach of uBOL, which was designed from the ground up to be an efficient suspendable extension, thus a good match for Firefox for Android.
New releases of uBO Lite do not have a Firefox extension; the last version of this coincides with gorhill’s message. The Firefox addon page for uBO Lite is also gone.
I agree that they should have replied, and that replying probably would have even fixed the mistake, but I also can’t find it in me to fault them in this situation. Getting those emails would have been both frustrating and insulting, and one of their messages on the linked GitHub page goes into the various stresses the situation puts them through.
I don’t agree that there’s enough evidence here to decide Mozilla’s actions were hostile/malicious - maybe if they were given a chance to fix things and still didn’t, but everyone makes mistakes. Incompetent, sure, malicious, not enough evidence.
Yea I don’t think Mozilla did it maliciously. I think either some dumbass analyst fucked up, or they ran it through AI, and the AI is dogshit and fucked up. Those are my guesses.
AI seems like a possibility. I find it slightly easier to believe that someone in management was stupid enough to replace human reviewers with bots than that someone in a position to decide what gets accepted had never heard of UBO and didn’t realize that it’s an important one.
Either way they really ought to explain themselves.
Well Gorhill would need to respond…which he said he won’t do so rip.
Whether or not Mozilla chooses to issue some kind of meaningful statement about what happened beyond the boilerplate “oops, it was an error” is not up to Gorhill.
Who knows? The file that got incorrectly marked as collecting or transmitting data was named “googlesyndication_adsbygoogle.js”. I’m sure that’s a very reasonable guess for what a file with that name would do… in most add-ons. But like, obviously not in this one. My best guess is the reviewers have some type of tool that’s intended to help them find issues, it flagged the referenced files, and the reviewer either couldn’t or didn’t properly verify the files were actually issues.
Yea I think it’s an honest mistake. I don’t see this as “hostile” to Gorhill. I have no idea why he thinks this. It’s really weird.