AMO WebExtensions.

Discussion of general topics about Mozilla Firefox
Post Reply
User avatar
Frank Lion
Posts: 21173
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom
Contact:

AMO WebExtensions.

Post by Frank Lion »

I see this AMO WebExtension stuff is going well -
47 of the 60 add-ons on the first two pages are spam add-ons right now, only 13 are legitimate extensions for Firefox.
https://www.ghacks.net/2017/12/13/mozil ... festation/
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
User avatar
LIMPET235
Moderator
Posts: 39932
Joined: October 19th, 2007, 1:53 am
Location: The South Coast of N.S.W. Oz.

Re: AMO WebExtensions.

Post by LIMPET235 »

Yep.
It's all "clear sailing" from now on.
Image

I like this comment though...
Safeguards are in place that prioritize extensions that are uploaded, but the fact remains that extensions are made
available on AMO for a period of time before they are checked by a human.
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.

(Always choose the "Custom" Install.)
User avatar
Omega X
Posts: 8225
Joined: October 18th, 2007, 2:38 pm
Location: A Parallel Dimension...

Re: AMO WebExtensions.

Post by Omega X »

Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.
Brummelchen
Posts: 4480
Joined: March 19th, 2005, 10:51 am

Re: AMO WebExtensions.

Post by Brummelchen »

a lot of illegal offers/downloads (films/series), online casino/gambling. phishing and hacking crap. modified extensions - same name, but ads in it.
but that is not all - a lot of crappy extensions, just another name for old coffee, copy&pasted code.
this automated review and signing really needs improvement. the illegal film stuff can hunt mozilla down.
User avatar
Aris
Posts: 3248
Joined: February 27th, 2011, 10:14 am

Re: AMO WebExtensions.

Post by Aris »

A while ago add-on developers got punished by a crappy false positives throwing add-ons validator on add-on upload. They got punished a second time by very long review times sometimes. In worst case a third punishment was declining add-on release to the public, if something was wrong or the reviewer did not understand either the code or what the add-on was for. (This happened twice with my add-ons in the last six years: one reviewer called used ids/classes being too "general", one reviewer refused to give a full review, because the add-on would not target many users -> not logic in that, I know).

I'm glad to see they finally threw all this overboard after a large amount of devs left add-on development for good just to make today's spammers happy.
It seems like there is no more code checking for suspicious stuff inside add-on validator (this shitty tool isn't even able to permit multiple add-on uploads using same add-on name). Apparently add-on reviewers don't check WEs and crappy/broken/faulty/scam add-osn can be released to the public automatically. WOW, just wow.
User avatar
therube
Posts: 21698
Joined: March 10th, 2004, 9:59 pm
Location: Maryland USA

Re: AMO WebExtensions.

Post by therube »

But you're all missing the point.
Now when you install an extension, there is a disclaimer, "this addon is allowed to", so "we're covered".
And they're signed - for our protection.
Plus extensions are now far less useful, far less powerful, so there is no way they can be nefarious.

:happy:!
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
User avatar
the-edmeister
Posts: 32249
Joined: February 25th, 2003, 12:51 am
Location: Chicago, IL, USA

Re: AMO WebExtensions.

Post by the-edmeister »

Omega X wrote:Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.
They are directly at fault! Mozilla Addons crew dropped their guard and allowed this to happen by ending manual screening of new WebExtensions too soon AND then not keeping an eye on that was "coming in the door". Anyone with half a brain would have at least been monitoring an increase in volume in new addon submissions and that wondered enough about the screwy and similar names of so many submissions, and then "slammed the door" until they figured out what was going on.

And what about automated screening? Has that ended, too? A simple tweak to the algorithm for just the check for duplicate extension names should have flagged the vast majority of that crap based upon the excess of punctuation marks, nonsensical words used, and similarity of names. Not that AMO hasn't been down that road before ...
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
User avatar
Frank Lion
Posts: 21173
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom
Contact:

Re: AMO WebExtensions.

Post by Frank Lion »

Omega X wrote:Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.
You didn't skim read this stuff, did you?

I mean, you do know this about real live extensions being offered to the public for installation on their systems and not about bot spam on comment/review threads, right?


As for human reviews of extensions or lack of, here's a quiz -

#1. Have you noticed a huge reduction in the number of extensions lately?
#2. Guess what skills you need to analyse code as an AMO reviewer?
#3. Guess what percentage of AMO reviewers are/were also extension/theme developers themselves?
#4. If #1="true" then what happens to the total number of active extension developers and in turn to the total number of active AMO reviewers?

This AMO stuff is a pity, Jorge is OK as are the reviewers (mainly fellow devs anyway) and as a 'golden boy' my stuff always flies through review in hours. But, looking at the situation objectively, yeah, it's one almighty **** up.

As to who's to blame, well that's easy. It's bound to be entirely the fault of that rancid stoat, fligtar. The fact that he claims to no longer work for Mozilla cuts no ice with me, trust me on this, it's all his fault.



See? without any smilies you just don't know, do you?
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
User avatar
Omega X
Posts: 8225
Joined: October 18th, 2007, 2:38 pm
Location: A Parallel Dimension...

Re: AMO WebExtensions.

Post by Omega X »

I really don't care. I'm really tired of caring about Mozilla and its constituents. I'm more than happy to let them fall on their face. What I do know is that this type of attack is automated and is attacking more than just AMO.
User avatar
Frank Lion
Posts: 21173
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom
Contact:

Re: AMO WebExtensions.

Post by Frank Lion »

https://blog.mozilla.org/addons/2018/01 ... zilla-org/

Hmm, sounds like AMO are getting a bit short of add-on reviewers. I wonder why that would be?
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
Post Reply