Adblock Plus for MicroB - great, but... · 2007-12-28 00:20 by Wladimir Palant
Today I looked at my logs and noticed lots of unusual referrer spam. For example, I saw people coming to adblockplus.org from wikipedia.org — not a particular article but the main site. Adblock Plus is not that famous yet so I investigated a little.
xxx.xxx.xxx.x – - [10/Dec/2007:11:14:59 +0100] “GET /favicon.ico HTTP/1.1” 200 708 “http://www.wikipedia.org/” “Mozilla/5.0 (X11; U; Linux armv6l; en-GB; rv:1.9a6pre) Gecko/20071128 Firefox/3.0a1 Tablet browser 0.2.2 RX-34+RX-44_2008SE_2.2007.48-9”
That’s a typical log entry. Now I read the news about Adblock Plus being available for MicroB and it wasn’t difficult to make a connection. So I downloaded this Adblock Plus version and soon it was obvious that it is inserting an Adblock Plus button into all web pages the user visits — using my favicon as the image on the button. Which makes me the lucky guy who can track every move MicroB users do on the Internet (at least if I decide to send HTTP headers preventing caching).
Well, what should I say… Generally, I am happy with Adblock Plus being brought to more users and more platforms. But I thought that somebody making such extensive changes (it seems that MicroB doesn’t support XUL) would at least consult me. Yet I never heard about MicroB before, looking briefly over the news article I was mistakenly assuming that it referred to MidBrowser (the makers of this browser actually asked me to support it in Adblock Plus). And I certainly would be against using the same name for this extension — e.g. because I am trying hard to provide proper support to my users and Adblock Plus for MicroB is so fundamentally different. And because I don’t like being associated with security holes like this one. It is much too easy to suspect that this is a backdoor and I am the one who planted it.
Dear Afonso Costa, whoever you are. I am waiting eagerly for you to respond. I hope that you will at least fix the security hole as soon as possible (or maybe even sooner). And I hope that you will be more careful with what you release in future. And if you are really serious about maintaining an Adblock Plus port for MicroB — please consider renaming your extension and providing support for it. People will come to my forums otherwise, and they will get no help there (and you will never learn about bugs).
Commenting is closed for this article.