Gadi Evron wrote: > On 2/16/10 6:29 PM, Reed Loden wrote: >> On Tue, 16 Feb 2010 11:47:48 +0200 >> Gadi Evron<[email protected]> wrote: >> >>> Just to make sure we have the same terminology, as a friend of mine >>> disagrees: >>> 1. It adds content to web pages I visit (so far just Google) by >>> suggesting tweaked searches, possibly (unconfirmed) by sending data >>> about my searches, which would make it spyware. >>> 2. When I click these suggested better searches for what I was looking, >>> it sends me off to a different search engine, which I define as adware.
If the data sent off is integral to providing the ads then it's still "adware" in my book, but the line there is a little grey. > By letter of the law or not, this *Feels* wrong. So I am hopeful Mozilla > will do something about it. However, I can't really blame them if they > can't. > > I am unsure that an AUP *anywhere* currently covers that "apps" can > provide only with features users agree to, or that they should need to > notify of a major change in functionality. > > It's certainly a very interesting question. > > The good old comp.virus FAQ defines a Trojan horse as functionality > which if the user knew what it did, he or she wouldn't be happy about > it. In reverse, this fits quite well. AMO has a "No surprises" policy. This was an unwelcome surprise. http://blog.mozilla.com/addons/2009/05/01/no-surprises/ https://addons.mozilla.org/en-US/developers/docs/policies/reviews#section-defaults There's no ban on ad-supported extensions, but unless the main announced purpose is to serve ads then it had better be clear it does so. And if it needs to share data with a 3rd party server (whether for ads or for the normal functioning of the add-on) then it has to have a privacy policy and explain what it's doing. And making such changes on an upgrade is supposed to require user opt-in. > Let's see what happens. The new version of FlashGot has been taken off the site and we're working with the author on making an upgrade that meets the site's guidelines. -Daniel Veditz Mozilla Security Team _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
