I'm not a nano defender user, never have been. I've come across it several times but never ended up trying it.<p>This however makes me sad. We've got a champion who is maintaining a piece of software that's quite frankly pretty core to privacy and security in today's heavily tracked world.<p>Obviously it's not just gorhill either. It includes the many people who have raised PRs, lowered the ticket burden of uBO, but also the many people who maintain some amazing lists. For that, all of these people have my gratitude.<p>The reason this makes me sad is because this is the second time things like this happen. The second time gorhill's efforts are being shat on by some random person. This was completely reckless action by jspenguin2017. It's one thing to want to make money for your efforts, it's another to want to make money from the man hours spent by the uBO and list's maintainers.<p>If jspenguin2017 truly means what he says in his posts and regrets his action, I hope he considers donating all of the money to gorhill & co.
> Raymond inspected the modifications added by the new developers (which was not published to GitHub), revealing their dubious intentions.<p>and chrome will auto-update the extension for you transparently so you don't miss out on these new amazing features!
Quite honestly I'm of the opinion that Google should strictly audit all transfers of ownership of popular extensions. The options for monetizing extensions are so limited that the only thing that can motivate someone to buy an extension is nefarious purposes.
Anyone know what the uninstall steps should be for those of us who used Nano Defender with uBlock Origin [0]? I've disabled Nano Defender and removed NanoResources.txt [1] from my UBO advanced settings, but I'm not sure if there is anything else I should be worried about. I also disabled the Nano Defender Integration and Nano filters lists, but I don't know whether those are safe to use.<p>[0]: <a href="https://jspenguin2017.github.io/uBlockProtector/#extra-installation-steps-for-ublock-origin" rel="nofollow">https://jspenguin2017.github.io/uBlockProtector/#extra-insta...</a><p>[1]: <a href="https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/NanoFilters/NanoResources.txt" rel="nofollow">https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/Nan...</a>
Nano blocker was awesome.<p>Now I have to delete stuff.<p>At this point, I no longer trust non-open source application and even open source stuff with low followers.
Unfortunately it blocks Twitch ads while others don't. Did the Firefox version suffer the same fate?<p>Since a Twitch update ~1 month ago uMatrix did not have a working solution except for the first few days, but maybe things have changed.
In another fun note, I've actually been rate-limited by Instagram for how many <i>unlikes</i> I've been doing to try and get rid of all the trash likes they've done using my cookie. Absolute garbage fire.<p>And who knows what other stuff they've done with basically being able to be logged into any site you are?
I suppose if there was ill intent, they would have silenced the seller with a NDA. It would be silly to let the seller sink your nefarious plan by letting the world know that ownership has transferred.
> Remember to audit your extensions frequently, and remove any unused extensions.<p>> In the case of Nano Defender, users were not notified before control of the extension was transferred to a third-party. That's not the right way to handle this.<p>The whole browser extension ecosystem seems to be purposefully bloated with such loopholes allowing such backdoors.
I remember seeing a clg presentation, "a browser is a literal nuke you carry on yourself, whatever be the ... or claims as of sandboxing, you're already dead" - loosely quoted.
Other than removing extension and changing password? What else should one do? Is it possible to download malware to PC with extension and run it (Like keylogger)?<p>Is it possible that my outlook account could have been hacked through cookie hijacking?
The only way anyone would have installed this trash in the first place is if their infosec threat model is complete nonsense. You're so worried about ad companies stealing your soul that you turn over full browser control to a bunch of randos? It does not and has not ever made sense.
Noticed this a few times, where race is associated with some bad behaviour as if it made matters any worse. What does it matter if the developers were Turkish?<p>edit: are the downvotes because you believe race matters in this case, or some other problem with the comment?