Attention NoScript users · 2009-05-01 22:54 by Wladimir Palant
You get an impression for the business model here. Of course, this approach brings NoScript in conflict with another popular extension — Adblock Plus. For years, NoScript has been using a trick to prevent Adblock Plus from working on its domains. Fixing this issue was never particularly high on my list of priorities (though I finally came around and fixed it after the recent events) so at some point I suggested that EasyList should be extended by a filter to block ads specifically on NoScript’s domains. This finally happened two weeks ago.
What followed was a small war — the website would add various tricks to prevent Adblock Plus with EasyList from blocking ads, EasyList kept adjusting filters. Then, a week ago a new NoScript version was released. A few days later I noticed first bug reports — apparently, Adblock Plus “glitches” were observed with this NoScript version, especially around NoScript’s domains (but not only those). When I investigated this issue I couldn’t believe my eyes. NoScript was extended by a piece of obfuscated (!) code to specifically target Adblock Plus and disable parts of its functionality. The issues caused by this manipulation were declared as “compatibility issues” in the NoScript forum, even now I still didn’t see any official admission of crippling Adblock Plus. Clearly, NoScript is moving from the gray area of adware into dark black area of scareware, making money at user’s expense at any cost.
Confronted with the facts and with the AMO policy NoScript author agreed to revert the changes. However, he put a different “solution” in place — the new NoScript version released yesterday adds a “filter subscription” to Adblock Plus meant to whitelist NoScript’s domains. A note about this “feature” has been added to extension description on AMO (I insisted), not without misrepresenting the cause of course. Supposedly, this is because of a “targeted attack from EasyList which broke functionality.” Which fails to mention that EasyList was just doing what it was created for (block ads) and the broken functionality is the result of attempts to avoid ads from being blocked (originally the filters didn’t break anything). So the real reason is not broken functionality, it is the ads on these sites.
Of course, adding a note to the description that almost nobody will read anyway wasn’t the only change I wanted to see. Adblock Plus allows other extensions to add filter subscriptions but that wasn’t supposed to happen without user’s consent. In case of NoScript, asking the user whether this filter subscription should be added was clearly required. But that would probably make too many people notice that something fishy is going on and decline. Note also that this filter subscription cannot be removed (will be re-added on next Firefox start), only disabled. Also, it stays there even after NoScript is uninstalled. Should I now make it harder for all extensions to integrate with Adblock Plus just because NoScript is misbehaving? I doubt that this will help much, any installed extension has the privileges to do anything and trying to stop it from misbehaving after installation is a lost cause.
While the current state of affairs (NoScript’s manipulation of Adblock Plus is visible to the user if he knows where to look, it is documented and even reversible) is better than what we had before I still think that extensions manipulating other extensions to prevent them from doing their job is not where we want to be. NoScript might be somewhat extreme but the “business offer” emails I occasionally see in my inbox make me think that we will see more of this. Companies start to recognize the potential of Firefox extensions and push extension authors into monetizing their extensions by questionable means — at the expense of the users.
Update (2009-05-02): Apparently, thanks to some pushing from AMO yet another NoScript version was released. This one supposedly no longer adds a filter subscription to Adblock Plus and also removes the one added by the previous versions. Also, a change to AMO policy is under discussion. Big thanks to everybody who made that happen!
Update 2 (2009-05-04): Sorry, I have to close the comments. I made the effort of reading each single comment but that’s getting too much for me. Especially now it seems that most commenters come from other articles misrepresenting the whole issue and don’t even bother to read my blog post.
Update 3 (2009-05-04): NoScript author made an official statement on the events.
Commenting is closed for this article.