Re: [Bug-gnuzilla] Free Software Add-on for IceCat

[Ivan Zaigralin]

I wouldn't call ABP malicious. Rather, it comes with malicious
defaults, but a benign configuration is one check-box away.
I am willing to concur with Sam Geeraerts: it's not a big deal
if it stays.

On 10/22/2012 12:00 PM, Loic J. Duros wrote:
> Hi:
> 
> As mentioned before, the primary criterion is software freedom. Of course, we
> also care about privacy, and in fact it is one of my main focuses for the next
> release on IceCat.
> 
> I think that as long as the extension provides a checkbox to stop allowing 
> these
> whitelisted ads, the user still gets a choice, and because it is released 
> under
> the MPL2.0, users can also just fork the addon and make their own, without 
> this
> particular functionality or any other.
> 
> Of course we can list the two variants along with the original. As I stated
> earlier, I'm building a new interface for the addon list. Unfortunately, the 
> GNU
> webmasters and sysadmins don't want to set up an MVC on the main server, and 
> so
> I'm building a dynamic addon page entirely in (free) JavaScript for this
> purpose. In the backend (which I'm afraid will have to run from another 
> server,
> such as my own) it will automatically generate lists of free addons, and 
> perform
> a rudimentary file check for license notices, and provide updated data. I 
> guess 
> we could blacklist those free addons that are perceived as malicious. I'm not
> sure it's the case for ABP since I don't use it, but I'll take a closer look 
> at it.
> 
> Thanks,
> 
> 
> 
> On 10/21/2012 11:26 AM, Ivan Zaigralin wrote:
>> What you are saying makes sense, and I definitely think this
>> is a borderline case. Still, I think APB is distributed with
>> a malicious feature turned on by default. There are forks which
>> have the malicious feature removed, such as Adblock Lite and
>> Trueblock Plus. At the very least, they should be listed
>> alongside ABP. But then why have ABP at all? It is strictly
>> inferior to its forks, so there is now a redundancy issue.
>>
>> Than being said, your explanation made me reconsider my position
>> and I won't advocate removal anymore.
>>
>> On 10/21/2012 05:55 AM, Sam Geeraerts wrote:
>>> Ivan Zaigralin wrote:
>>>> Adblock Lite is MPL. It has the Adblock Plus' current feature set
>>>> with the old (pre-2) interface. The main difference is the absence
>>>> of Allow Some Ads option, which is enabled by default in Adblock
>>>> Plus. In an ironic twist of fate, Palant sold out to advertisers :)
>>>> While the code of ABP is still free, IMHO, it should be removed
>>>> because its default settings are designed to abuse the user, and
>>>> replacements are available.
>>> The criterion for inclusion in the Gnuzilla list is software freedom. If
>>> extensions are barred for other reasons, then the purpose of the list 
>>> becomes
>>> less clear. There are also extensions in the list that facilitate the use of
>>> Google and other websites/services that have raised privacy concerns. With 
>>> the
>>> current policy they could only be excluded if you'd argue that they 
>>> encourage
>>> the use of websites that require running non-free Javascript.
>>>
>>> That being said, the Gnuzilla project does pay attention to user privacy. 
>>> Loic
>>> could choose to add that as a second criterion for the list (with the
>>> aforementioned risk). Another option is to add warnings to the list. That 
>>> still
>>> requires that every extension be checked for privacy issues, because it
>>> shouldn't be that no privacy warning could also mean that it hasn't been
>>> checked. So it would take more work to get (certain types of) extensions on 
>>> the
>>> list, making people less inclined to submit them. And like with SaaS, it's 
>>> not
>>> always clear cut whether something crossed the line. I'm not opposed to the 
>>> idea
>>> per se, though. :)
>>>
>>> Anyway, I'm not sure ABP's default settings are even a privacy issue. And 
>>> if I
>>> recall correctly, it does explicitly give users the choice to disable the
>>> whitelist when it's installed.
>>>
>>>
>>
>>
>>
>>
>> --
>> http://gnuzilla.gnu.org
> 
> 
> 
> --
> http://gnuzilla.gnu.org
>

signature.asc
Description: OpenPGP digital signature