tl;dr Add-on developer ansh sold out the extension to new owners. Commited updates 1.8.8 to the Mozilla repository, but nothing on GitHub containing the malware. The malware was a custom implementation of the mellowtel scraper mentioned in the arstechnica article. It had the opt-in functionality disabled and other “bugs” which caused excessive bandwidth usage. Please be aware there is no independent verification whether not more possible harm was caused than the mentioned mellowtel scraping.

By jiffyreader, the from the github link provided:

"Hey all,

Sorry for the delay in answering here. I was waiting for the dust to settle a little bit before clearing things up.

I tried to explain the timeline and sequence of actions in the last messages. Many of you want to know the reasons behind them.

I saw that developers were earning a lot from turning their products into proxies for scraping and were being paid by proxy providers like anyIP or brightdata. Usually they pay more for mobile proxies. So I decided to try a similar idea. I saw that Jiffy Reader had already tried with mellowtel but had stopped after a while. I thought I could monetize it by making a custom integration and bought the plugin. I tried the open source version of mellowtel but changed the code in order to make it native (refer to the Single Purpose policy issue above) and removed some of the limits in the library. In the process I introduced bugs and caused issues to a lot of you which triggered the malware report. The reason why these bugs were not immediately clear and I couldn’t solve them is because they showed up based on some specific requests/websites (google search or pdf download, etc.) and device conditions (pdf viewer open/scrolling a tab with videos) which I didn’t have a way to replicate and solve.

As I remarked before, the plugin didn’t steal any cookies/credit cards/password or personal data and you can check the network output logs or any VPN logs to confirm. You are still free to change passwords/auth sessions but JiffyReader didn’t collect or leak any of this personal information.

Ideally, I wanted to keep the product running/improving it and using this forked version for monetization without affecting users negatively. But in my eagerness to have the version accepted by the review team I changed the code to not display the opt-in and out page immediately and that removed a lot of user control. And I think I introduced some bugs (but from an arstechnica article that @concernedcitizen2 has also linked it looks like the original library had some issues on its own, so it could also be due to that).

For GDPR, I haven’t collected any data from this bandwidth sharing monetization (including IPs which I don’t store). The privacy policy on the website refers to google analytics, to the Crisp web chat and to any contact information the user might pass to us. The public pages that were scraped didn’t have to do anything with the websites a user might be visiting. The same goes for Meucci.js which just monitored xhr/ajax requests INSIDE the session-less frame, not outside, so again it didn’t revolve around any user data. You can look at the mellowtel library since I used a lot of that code

Sorry for the issues and concerns I’ve caused with these actions.

I will be committing all changes to this repo and removing all the flawed forked code. I will also send a new version for the same to FireFox, Edge and Chrome again. Going forward, I will always keep the open-source version in sync with the submitted version.

If anyone wants to reach out, you can do at jiffyreader007@gmail.com. I feel like it’s not good to keep this discussion on this repo and I’ve created a separate Discord in the meanwhile: https://discord.gg/cjwS8vmR3R

I’m really sorry for this and having removed a useful plugins that so many people used. Thanks for your understanding."

Here is the full list of extensions: https://docs.google.com/spreadsheets/u/0/d/e/2PACX-1vT1XgBs25gRlg5e3nYCAff967WMtZZTO-TB3rR9zszaJpTpCVFg8j7FkBxnHb3tw3aHGjKBGSxYyLgV/pubhtml?pli=1

deleted by creator

The Deep Fake Detector probably can’t keep up anymore with the recent AI advances.

It is a definitional and logical conclusion that a concept cannot tolerate its anathema and inverse.

This is a pretty good rewording removing ambiguity.

As for my experience seeing this point brought up, its usually to silence a voice, and then this logical statement is equaled to the moral reasoning and justification in one, instead of reasoning inside that case how a “removal” would be required.

What if the other party in question is of the opinion they didn’t break it, yet the other claims it has been. Who gets to decide it?

You misunderstand the point of this paradox. By default you become intolerant when you start “removing” people. it is explicitly not a justification for whatever action you claim moral superiority on.

Since almost every political decision will affect at least some fraction of society negatively (even if it would ethically be for the greater good), you can carelessly throw this around to eliminate any opponents for this arbitrary tolerance reason. The only way to make sure the “removal” is fair, as a society absolutely needs these tools to function, is to clearly outline the case when it needs to happen and bring the barrier such that those capable of improvement do not get ostracized into further radicalization. And that barrier needs to be significant.

You bring up “fascist”, at which line does it happen? Genocide execution, support, inaction, Swastika wearing, illegal membership, legal membership of ultra radical parties, support of conservative oligarchs? What is greedy? Robbery, theft, tax evasion, corruption, cheating with the girlfriend of a friend? What is bigotry? You get the idea.

What does nuking a potato mean? Unfamiliar with the slang.

As an individual you can’t be expected to do that and there are many good reasons not to do it, as you could suffer from consequences. As part of a society, all of your actions do shape the social environment around you in small ways. But when the interests of you as an individual with those actions of society clash, you do bear the responsibility of what happens in that society. In my opinion this would apply even to those who have worked against unethical actions, because taken for a bigger scope at a nationwide level, it wouldn’t be feasible to exclude those from reparations either way. Even if the “good” would get compensated with a lower tax, they will economically feel it either way, as the “bad” around them are still sanctioned. And then the ethical dilemma is what could be considered “good” or “bad” at all.

Now taken this generalized context back to marginalized groups, if everyone would be obligated to be an activist, it would punish those unable to cope with the additional stressors activism could entail. Then, the question is who is actually marginalized and who is not, the rich 1% is a minority, but definitely not in “need”. There are people labeling themselves as things which they are not. (Some “leftist queer” folk are more rightwing in their deeds, than actual conservatives.) I also believe those who fight for the rights of those that person itself doesn’t belong to, adds nuances, you can quite often see ideological shifts in people depending on their income. Which gives the question on whether a truly fair solution between groups is attainable, and probably an unsolvable optimization problem, so compromises must happen.

Every policy you go for, will eventually have some people discriminated against in some ways or even actively harm them. No matter what your stance on HRT and medical transition is, there will be some people who should not have done it in the first place, or should have to alleviate their gender dissonance. And whatever line you draw in the sand, there will be something wrong with it. Expecting everybody to strictly enforce some kind of policy by activism, is an ethical burden we can’t place on an individual, but which we involunatarily bear by its consequence.

This should be illegal. As a person who was once false flagged manually by network attribution. Of course the anti troll flagging network was itself socially destroyed by time and is frequently cause of scandals while nobody cares for me.

Add certain language patterns and political stances and you have an excellent oppressive tool.

The behavior the study is referring to, is actually result of reddit’s algorithms and human psychology. Often the contrarian view of whatever the post is about will automatically float to the top, no matter the topic, opinionated, factual or debunking, nature.

Probably signing up with Bluesky, even if slightly off-topic. The lack of algorithms means the only way to swim up is to post everyday at prime time in the hope to catch some exposure. Because quality posts with high interactions with likes will not bubble up from the crowd.

I mean the current situation of losses versus territorial change is quite questionable for both sides.

Not a big fan of these victorious memes when it is more than clear that this is just a really bloody war for minor territory movement at this point. The initial moments of gigantic advances are less and less likely with more entrenchment.

Do you know how clean Valorant is to play compared to Counter-Strike? Definitely worth it. Shooters just don’t work anymore without kernel level anti-cheat. The demand is real that even third party add-ons are used to play with them, e. g. Face It for Counter-Strike. It doesn’t stop all cheats and never will, but makes cheating expensive enough to exclude many.

The famous Escape from Tarkov Wiggle video should put it into perspective.

The Linux - FOSS user group of Lemmy is obviously mad, but that is the new reality.

Is the cheating in LoL that bad from somebody who regularly plays at least middle level ranked games? I am very glad to have it for Valorant compared to the mess Counter-Strike is in. Kernel level anti-cheats are a must nowadays to lift the barrier to entry which excludes quite a bunch of cheaters.

These things are ableist. We are reaching the point where AI can solve these much more reliably than a human. As a result the difficulty has to rise and will exclude more and more people which might have problems with “basic” tasks from a neurotypical perspective. Not to speak sometimes there might be multiple solutions depending on language and cultural interpretations.