This headline has been editorialized, contrary to HN guidelines, and it's also inaccurate. The actual headline of the story is "Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons".
The story is about a phishing campaign directed at extension developers, not about the extension "store" (which is not really a store and doesn't sell anything), being "flooded" with malware.
Partially off topic, but youtube ads for me are currently 70% out and out scams - deepfaked tv personalities telling you about some government scheme where every person gets £20,000 cash.
What do you mean by a closed ecosystem in this context? Because I wouldn’t considered YT ads a closed ecosystem compared to MAO. They are both a publishing platforms, one is just paid. The problem with spam or malware is that there is monetary return for your investment in it. Paying to distribute spam or malware is reasonable strategy if there is a decent ROI. Your local businesses flooding your mailbox with spam through USPS are all paying for it.
In publishing, I’d consider something like The Economist or NTY to be a “closed ecosystem”. Many of those places (like CNBC, Fox, WaPo, etc) have auto generated spam articles every day whether it’s a company's earnings or a press release regurgitation. Sometimes that garbage can be accidentally harmful. At least we’re not at the point that CNBC push crypto miners in their blogs. We’re not far off though
Its googles advertising network - there are and should be guard rails in place. They should audit the content. They should do KYC. They should do many many things.
"it's better to beg for forgiveness than ask for permission (and keep the money either way)" is probably up on the wall instead of "do no evil"
That would make it a moderated ecosystem, not a closed one.
AFAIK, Section 230 protection extends to online advertisement as these companies claim the ads are user generated content. There were many law suits against Google and Meta about being responsible for the content and ads their algorithms push and how it radicalized people or harmed people. I recall Google and Meta won all those cases.
Plus, in the 1960s there was a famous Supreme Court case against NYT for publishing a pro-civil rights ads that contained wrong claims against some like cop or politician in the south. They argues that NYT was libel for the malicious attack. The Supreme Court ruled in NYT favor because even if the ad buyers were malicious, they need to prove that NYT was also intentionally malicious in their intent
It's been like that since before "AI" (before ChatGPT's big marketing break-out)
Google's revenue is largely from promoting scams and tricking old people into clicking ads that look like normal search results. They're a total scumbag company, it's a sign of how broken consumer protection is that they've gotten away with it for years with no meaningful legal consequences.
[EDIT] Downvotes are warranted, I missed the large part of their revenue that comes from extorting companies into paying for ads for their own brand name so competitors and scams don't top searches for them.
It’s getting so much worse though. This post is from 2020[1], and it’s much worse now as google has removed the bold “Ads” word into a “sponsored” heading that is different across desktop and mobile and for the most part appears to be part of the list header rather than attached to any particular ad.
Bing is 10 times worse. They intermix search results with ads, and the only indication is a small light-gray/white “WEB” or “AD” tag that has a css blur and pixilation effect. It’s so subtle it’s insane.
YES. I get constant Deepfake Oprah and Joe Rogan ads on YouTube. They know about it. They just don't care. Google can easily demonetize channels, block videos, anytime you talk about something controversial (Covid-19 vaccines, Jan 6, election denial, etc...)
A few years back when people were talking about Q-Anon / Pedophile celebrities thousands of YouTube channels were taken down simultaneously of anyone, ANYONE, who was talking about it. "Mouthy Buddha" on YouTube had just 2 videos on the subject and had his channel taken down and was never allowed back on. They all migrated over to BitChute at the time. The YouTube press release claimed about 10,000 videos and their channels removed.
So Google does have ways of scanning content and banning the scam ads, they just don't want to.
With browser extensions becoming new attack vectors, we need some reliable way to determine if they're running suspicious or malicious code in them before they're able to deploy. It seems like not even Google can properly vet their extension before they're added to the extensions store.
The only way I've found to try and detect these as an end user is by using an extension called Under New Management [1], which attempts to alert you if a browser extension has changed ownership, at which point you can pretty much assume they've been compromised.
Other than that, I know of no way to attempt to detect these malicious and problematic extensions. If anyone has any suggestions, please share them.
Firefox is down bad right now. I have used it steadily for 20 something years now, and the cracks are really apparent now. It's also likely that Google will be forced to stop giving Mozilla money for Firefox, leaving little hope for continued development.
Could you name another browser with enough backing to be able to keep up?
Besides Google Chrome (controlled and backed by the surveillance overlords) and Safari (Kept alive by Apple cultists) I see very few free alternatives that can stand on their own.
The other options are various niche browsers that leech on one of these three that might have a few changes here and there but lacks the real capability to stand on their own legs.
What I mean with capacity to stand on their own legs is that the group behind it should;
* Be able to be a part in development of web-standards
* Be able to keep up with ever changing web-standards
* Be able to suggest and develop new web-standards if needed
* Be able to maintain a modern web-browser
This needs a relevant user-base, active developers and standard-committee members as well as infrastructure and cash-flow to maintain it for expected stuff like add-ons and various other bits needed (on-line checks, certificate handling, etc) that is expected from a modern browser.
I am worried about Mozilla but I see no reason to declare that the end is nigh just yet.
Firefox is still very much relevant to me, although I use mainly linux-distros and do not normally use webpages as applications (I browse with javascript disabled, unless there are specific needs).
I would love to see some more options out there, but alternatives to Firefox are currently not on the horizon for me.
This is a very silly thing to say given the widespread popularity of Apple products. There’s plenty of valid criticisms of Apple, but it being a “cult” is just not a serious or mature argument.
It’s tangential, but another reason why Safari is popular with some is that it’s refreshingly unbranded by browser standards. It doesn’t try to stand out and realizes it’s just another tool among many on your device. If anybody wants to pry some market share away from Safari, designing a browser that just quietly does its job and blends in without any fuss (no bespoke UI or design language or any of that) would be a good bet.
Firefox could enter a revenue share parternship with Bing, or another search engine. Or they could follow in Brave's (and Google's and Microsoft's) footsteps in creating a search engine in order to own such a lucrative advertising surface.
Firefox does not have any revenue issues at all. If the Mozilla exec team did not have to make themselves rich and sponsor various personal pet projects they could easily afford to develop Firefox basically forever.
Yes, this. If cash is such a problem, exec comp packages have no business being as large as they are. That should be the first thing to get cuts.
Personally speaking I’d be willing to donate if I knew my cash were going towards Firefox and Gecko. I already donate to other FOSS projects where it’s more obvious where the money is going.
Somewhat counterintuitively, Google being forced to stop giving Mozilla money is arguably the best single thing that can happen to the project right now.
I'd rather they wipe out the current executive structure and replace it with someone who will simply invest the money they get from Google and use the proceeds to fund just the browser. Later, when they've had a few years of Google adding to the principal they can afford to do some other things.
This headline has been editorialized, contrary to HN guidelines, and it's also inaccurate. The actual headline of the story is "Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons".
The story is about a phishing campaign directed at extension developers, not about the extension "store" (which is not really a store and doesn't sell anything), being "flooded" with malware.
>This headline has been editorialized, contrary to HN guidelines, and it's also inaccurate.
Thanks for pointing this out -- don't hesitate to flag things like this.
Partially off topic, but youtube ads for me are currently 70% out and out scams - deepfaked tv personalities telling you about some government scheme where every person gets £20,000 cash.
Even the closed ecosystems are infected.
What do you mean by a closed ecosystem in this context? Because I wouldn’t considered YT ads a closed ecosystem compared to MAO. They are both a publishing platforms, one is just paid. The problem with spam or malware is that there is monetary return for your investment in it. Paying to distribute spam or malware is reasonable strategy if there is a decent ROI. Your local businesses flooding your mailbox with spam through USPS are all paying for it.
In publishing, I’d consider something like The Economist or NTY to be a “closed ecosystem”. Many of those places (like CNBC, Fox, WaPo, etc) have auto generated spam articles every day whether it’s a company's earnings or a press release regurgitation. Sometimes that garbage can be accidentally harmful. At least we’re not at the point that CNBC push crypto miners in their blogs. We’re not far off though
Its googles advertising network - there are and should be guard rails in place. They should audit the content. They should do KYC. They should do many many things.
"it's better to beg for forgiveness than ask for permission (and keep the money either way)" is probably up on the wall instead of "do no evil"
https://support.google.com/adspolicy
That would make it a moderated ecosystem, not a closed one.
AFAIK, Section 230 protection extends to online advertisement as these companies claim the ads are user generated content. There were many law suits against Google and Meta about being responsible for the content and ads their algorithms push and how it radicalized people or harmed people. I recall Google and Meta won all those cases.
Plus, in the 1960s there was a famous Supreme Court case against NYT for publishing a pro-civil rights ads that contained wrong claims against some like cop or politician in the south. They argues that NYT was libel for the malicious attack. The Supreme Court ruled in NYT favor because even if the ad buyers were malicious, they need to prove that NYT was also intentionally malicious in their intent
It's been like that since before "AI" (before ChatGPT's big marketing break-out)
Google's revenue is largely from promoting scams and tricking old people into clicking ads that look like normal search results. They're a total scumbag company, it's a sign of how broken consumer protection is that they've gotten away with it for years with no meaningful legal consequences.
[EDIT] Downvotes are warranted, I missed the large part of their revenue that comes from extorting companies into paying for ads for their own brand name so competitors and scams don't top searches for them.
It’s getting so much worse though. This post is from 2020[1], and it’s much worse now as google has removed the bold “Ads” word into a “sponsored” heading that is different across desktop and mobile and for the most part appears to be part of the list header rather than attached to any particular ad.
Bing is 10 times worse. They intermix search results with ads, and the only indication is a small light-gray/white “WEB” or “AD” tag that has a css blur and pixilation effect. It’s so subtle it’s insane.
[1] https://www.theverge.com/tldr/2020/1/23/21078343/google-ad-d...
Link that doesn't completely disable your browsing experience https://archive.ph/BDzTM
YES. I get constant Deepfake Oprah and Joe Rogan ads on YouTube. They know about it. They just don't care. Google can easily demonetize channels, block videos, anytime you talk about something controversial (Covid-19 vaccines, Jan 6, election denial, etc...)
A few years back when people were talking about Q-Anon / Pedophile celebrities thousands of YouTube channels were taken down simultaneously of anyone, ANYONE, who was talking about it. "Mouthy Buddha" on YouTube had just 2 videos on the subject and had his channel taken down and was never allowed back on. They all migrated over to BitChute at the time. The YouTube press release claimed about 10,000 videos and their channels removed.
So Google does have ways of scanning content and banning the scam ads, they just don't want to.
[dead]
With browser extensions becoming new attack vectors, we need some reliable way to determine if they're running suspicious or malicious code in them before they're able to deploy. It seems like not even Google can properly vet their extension before they're added to the extensions store.
The only way I've found to try and detect these as an end user is by using an extension called Under New Management [1], which attempts to alert you if a browser extension has changed ownership, at which point you can pretty much assume they've been compromised.
Other than that, I know of no way to attempt to detect these malicious and problematic extensions. If anyone has any suggestions, please share them.
[1] https://github.com/classvsoftware/under-new-management
Recently, there have been a small number of AUR packages claiming to be browsers with RATs included.
Wonder if the activity is related.
Not sure, I would bet on the OWGs instead.
Firefox is down bad right now. I have used it steadily for 20 something years now, and the cracks are really apparent now. It's also likely that Google will be forced to stop giving Mozilla money for Firefox, leaving little hope for continued development.
This might actually be the end of FF.
Could you name another browser with enough backing to be able to keep up?
Besides Google Chrome (controlled and backed by the surveillance overlords) and Safari (Kept alive by Apple cultists) I see very few free alternatives that can stand on their own. The other options are various niche browsers that leech on one of these three that might have a few changes here and there but lacks the real capability to stand on their own legs.
What I mean with capacity to stand on their own legs is that the group behind it should;
This needs a relevant user-base, active developers and standard-committee members as well as infrastructure and cash-flow to maintain it for expected stuff like add-ons and various other bits needed (on-line checks, certificate handling, etc) that is expected from a modern browser.I am worried about Mozilla but I see no reason to declare that the end is nigh just yet.
Firefox is still very much relevant to me, although I use mainly linux-distros and do not normally use webpages as applications (I browse with javascript disabled, unless there are specific needs). I would love to see some more options out there, but alternatives to Firefox are currently not on the horizon for me.
> Safari (Kept alive by Apple cultists)
This is a very silly thing to say given the widespread popularity of Apple products. There’s plenty of valid criticisms of Apple, but it being a “cult” is just not a serious or mature argument.
> Safari (Kept alive by Apple cultists)
It’s tangential, but another reason why Safari is popular with some is that it’s refreshingly unbranded by browser standards. It doesn’t try to stand out and realizes it’s just another tool among many on your device. If anybody wants to pry some market share away from Safari, designing a browser that just quietly does its job and blends in without any fuss (no bespoke UI or design language or any of that) would be a good bet.
I was hoping someone else would.
I see support for firefox drying up as Mozilla just bleeds out.
Ladybird seems cool, but I also think a fully functional browser needs a revenue stream and dedicated full time paid developers.
I'm hoping and praying for the Ladybird browser to succeed, as I despise the Mozilla organization (Firefox itself is ok, imo).
Firefox could enter a revenue share parternship with Bing, or another search engine. Or they could follow in Brave's (and Google's and Microsoft's) footsteps in creating a search engine in order to own such a lucrative advertising surface.
Firefox does not have any revenue issues at all. If the Mozilla exec team did not have to make themselves rich and sponsor various personal pet projects they could easily afford to develop Firefox basically forever.
Yes, this. If cash is such a problem, exec comp packages have no business being as large as they are. That should be the first thing to get cuts.
Personally speaking I’d be willing to donate if I knew my cash were going towards Firefox and Gecko. I already donate to other FOSS projects where it’s more obvious where the money is going.
I'm surprised DuckDuckGo doesn't offer to sponsor them, but maybe they lack the income to make an offer comparable to Google?
Somewhat counterintuitively, Google being forced to stop giving Mozilla money is arguably the best single thing that can happen to the project right now.
I'd rather they wipe out the current executive structure and replace it with someone who will simply invest the money they get from Google and use the proceeds to fund just the browser. Later, when they've had a few years of Google adding to the principal they can afford to do some other things.