Mozilla recently removed every version of uBlock Origin Lite from their add-on store except for the oldest version.

Mozilla says a manual review flagged these issues:

Consent, specifically Nonexistent: For add-ons that collect or transmit user data, the user must be informed…

Your add-on contains minified, concatenated or otherwise machine-generated code. You need to provide the original sources…

uBlock Origin’s developer gorhill refutes this with linked evidence.

Contrary to what these emails suggest, the source code files highlighted in the email:

  • Have nothing to do with data collection, there is no such thing anywhere in uBOL
  • There is no minified code in uBOL, and certainly none in the supposed faulty files

Even for people who did not prefer this add-on, the removal could have a chilling effect on uBlock Origin itself.

Incidentally, all the files reported as having issues are exactly the same files being used in uBO for years, and have been used in uBOL as well for over a year with no modification. Given this, it’s worrisome what could happen to uBO in the future.

And gorhill notes uBO Lite had a purpose on Firefox, especially on mobile devices:

[T]here were people who preferred the Lite approach of uBOL, which was designed from the ground up to be an efficient suspendable extension, thus a good match for Firefox for Android.

New releases of uBO Lite do not have a Firefox extension; the last version of this coincides with gorhill’s message. The Firefox addon page for uBO Lite is also gone.

  • AngryishHumanoid@reddthat.com
    link
    fedilink
    arrow-up
    32
    arrow-down
    4
    ·
    3 months ago

    Mozilla says the addon has problems, the developer says it doesn’t. Are there any 3rd parties that can weigh in on this?

    • LWD@lemm.eeOP
      link
      fedilink
      arrow-up
      65
      arrow-down
      12
      ·
      edit-2
      3 months ago

      Mozilla doesn’t show their work (the reasoning behind the removal) but gorhill does.

      Being on the fence is an interesting position to take, but I would be genuinely shocked if one of the most reputable creators of one of the most reputable extensions of all time is lying to its user base about the locations and contents of the files in the open source extension that can be audited by literally anybody just by browsing to that directory on their computer, because in addition to being open source on GitHub, it’s the same source on your PC.

      ETA:

      Mozilla also accuses uBlock Origin Lite of not having a privacy policy (a detail I removed from my post for brevity’s sake) but gorhill provides a screenshot of it. I guess that could have been faked too. Less difficult to fake: the archives of the privacy policy on Mozilla’s site, which took me too long to track down

      • AngryishHumanoid@reddthat.com
        link
        fedilink
        arrow-up
        21
        arrow-down
        3
        ·
        3 months ago

        I’m not sure why you think “being on the fence is an interesting position to take”, I’m glad there are people out there who have the skills to look at the code and see if it’s doing what people claim it is doing or not, I am not one of them. I just want a browser that doesn’t treat me like a piggy bank and less ads. I don’t know the developers reputation and simply asked for more knowledgeable people to chime in, sorry if that’s a problem for you.

        • zkfcfbzr@lemmy.world
          link
          fedilink
          English
          arrow-up
          19
          ·
          3 months ago

          For what it’s worth, Firefox is absolutely still the browser that doesn’t treat you like a piggy bank and has options to eliminate ads.

        • abbenm@lemmy.ml
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          3 months ago

          I think because, in this context, it’s because there was an extensive explanation of the problems with Mozilla’s decision on this page.

    • zkfcfbzr@lemmy.world
      link
      fedilink
      English
      arrow-up
      44
      ·
      edit-2
      3 months ago

      My own reading of the situation on the developer’s GitHub is unfortunately that the review by Mozilla is indeed completely inaccurate in every way. No way to even read it as a “Each side has their own story” type of thing since they reproduce Mozilla’s emails verbatim. They seem just materially incorrect. The source files referenced by the emails are visible on the same GitHub account, along with their complete histories showing no changes at all - the issues referenced don’t and never did exist.

      The only redeeming thing I can find is that the dev (ambiguously) seems to have never replied to the email from Mozilla about the issues, and so Mozilla was never made aware that there was an issue with the review that needed fixing. They seem to have done this because they perceived the process as hostile and not worth engaging with, which… fair, I guess.

      • FeelzGoodMan420@eviltoast.org
        link
        fedilink
        English
        arrow-up
        17
        arrow-down
        6
        ·
        3 months ago

        I understand where the dev is coming from but I think he still should have just replied to Mozilla. This is clearly a mistake on their part. The dev just seems pissed off and decided to not reply out of emotion. His call I guess but I don’t agree with that approach.

        • zkfcfbzr@lemmy.world
          link
          fedilink
          English
          arrow-up
          16
          ·
          edit-2
          3 months ago

          I agree that they should have replied, and that replying probably would have even fixed the mistake, but I also can’t find it in me to fault them in this situation. Getting those emails would have been both frustrating and insulting, and one of their messages on the linked GitHub page goes into the various stresses the situation puts them through.

          I don’t agree that there’s enough evidence here to decide Mozilla’s actions were hostile/malicious - maybe if they were given a chance to fix things and still didn’t, but everyone makes mistakes. Incompetent, sure, malicious, not enough evidence.

          • FeelzGoodMan420@eviltoast.org
            link
            fedilink
            English
            arrow-up
            5
            arrow-down
            1
            ·
            3 months ago

            Yea I don’t think Mozilla did it maliciously. I think either some dumbass analyst fucked up, or they ran it through AI, and the AI is dogshit and fucked up. Those are my guesses.

            • zkfcfbzr@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              3 months ago

              Who knows? The file that got incorrectly marked as collecting or transmitting data was named “googlesyndication_adsbygoogle.js”. I’m sure that’s a very reasonable guess for what a file with that name would do… in most add-ons. But like, obviously not in this one. My best guess is the reviewers have some type of tool that’s intended to help them find issues, it flagged the referenced files, and the reviewer either couldn’t or didn’t properly verify the files were actually issues.

              • FeelzGoodMan420@eviltoast.org
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                4
                ·
                3 months ago

                Yea I think it’s an honest mistake. I don’t see this as “hostile” to Gorhill. I have no idea why he thinks this. It’s really weird.

            • kbal@fedia.io
              link
              fedilink
              arrow-up
              4
              ·
              3 months ago

              AI seems like a possibility. I find it slightly easier to believe that someone in management was stupid enough to replace human reviewers with bots than that someone in a position to decide what gets accepted had never heard of UBO and didn’t realize that it’s an important one.

              Either way they really ought to explain themselves.

                • kbal@fedia.io
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  3 months ago

                  Whether or not Mozilla chooses to issue some kind of meaningful statement about what happened beyond the boilerplate “oops, it was an error” is not up to Gorhill.

        • LWD@lemm.eeOP
          link
          fedilink
          arrow-up
          9
          arrow-down
          9
          ·
          3 months ago

          Gorhill does not seem like the sort of person to respond to problems by giving Up.

          This is the developer who responded to the creation of Manifest V3 by pioneering a hack-free V3-compliant addon, and ended up making it genuinely compelling.