-
Notifications
You must be signed in to change notification settings - Fork 228
[Updated] Chrome extension has changed ownership #528
Comments
Hi, Did you sell the ownership to a new developer? |
you fucking idiot |
How many times will this happen to good extensions? Shake my head. |
I wish you could make the announcement sooner ,thank god I remove the extension .from what I've seen from the other extensions from the new dev ,many people complaint about their browser got inject with adware and such . |
And by looking at the updated extension, it has indeed been hijacked. Here's the new manifest.json Everyone should report the extension to google for abuse. |
What was the reason of this "change" of ownership... |
How is it possible that you were unaware of this "change of ownership"?? I assume by "change of ownership" you mean that you sold it to someone? If thats true, then why was there no notice beforehand? If none of the above is correct, then I apologize for sounding accusatory, but something doesn't seem right here. |
@theorist-complex |
Well, this sucks. There's not really a better alternative out there for YouTube. |
Just curious, how much were you paid to sellout your users? Also, how can we migrate the settings from the chrome extension over to the userscript version? Or are we SOL again? |
@LB-- Which is exactly why I said: "If none of the above is correct, then I apologize for sounding accusatory, but something doesn't seem right here." But frankly, the specific verbiage used - a "change of ownership" is much different than saying that "the account was compromised", or "taken over", or "I lost control of" or"hacked" or, etc, etc... Now, if that is simply a language barrier issue, then the apology is already there - my mistake, my bad - but if it's not, then I don't think my questions are too much to ask. |
@q1k Care to elaborate on Stylish? I'm using the latest version, should I be worried? |
For those looking at the source, any estimation of the impact of this on users who accepted the permissions for the hijacked version? What on earth is it doing exactly with the permission to "manage extensions"? |
It seems to have been infected with a modified version of this, https://crx.dam.io/source/crxviewer.html?crx=https://crx.dam.io/files/gobbnicjoijcfndfmmfjnfgldgcnjibl/4.1.9.0.zip |
To sort of answer my own question, then; this seems to be the only use of the |
Oh, is that all... @ParticleCore It's imperative that you provide a complete explanation ASAP. As it stands, your wording seems vague and evasive, which suggests that you knowingly transferred ownership to a hostile entity, against your users' interests. If this is not the case, you should make this clear immediately. |
I am going to post an update of this situation later today, I sincerely apologize for what happened. For any user that might still want to keep using the extension you can use the userscript version with the help of the Tampermonkey extension or a similar userscript manager, the result is literally the same. For the users that haven't had the chance to backup their settings you can always install the extension temporarily, export your settings and then remove it once your settings have been exported with success to import them into the userscript version. These recent changes only affect the Chrome extension version. |
@pepablock Read here, this change was only on Chrome, not Firefox. But one could say the change is coming there too. You can use an alternative for Chrome called Stylus, and just not update it on Firefox (it still works fine on FF 54). Here's what natalieg wrote on the forum after people complained about "anonymous" data collection being enabled by default.
That data collection is not so anonymous either, they save the first 3 bytes of the ip (ie. of let's say 12.34.56.78, they will save 12.34.56.--- which is not very anonymous, besides, they could be lying about this, they could just save the whole thing, and even sell the data to third party). So I have disabled updating stylish on chrome, and I'm not updating it on firefox either (if/when that comes). I'll stop here, this topic is about youtube+ (or particle for youtube if you will), so let's not turn it into something else. |
@ParticleCore Thanks for at least keeping the userscript "alive". Though that really should've been communicated better. Then again I don't know what kind of narrow-minded idiot the new "owner" is, but according to the privileges, just another ad-junk crap company not wanting you to communicate the userscript alternative too openly. |
@q1k Thank you for the info, much appreciated! |
I am replying to let users know that the main topic has been updated. |
You are an idiot. that is all |
Hmmm So if I understand correctly, you only sold the current as-is chrome extension? I use the userscript version so I'm fine, but I had to let a friend know to delete it asap and run an MBAM scan. Also, there are a few other extensions owned by the same 'roberthawkinsg'. Those were updated recently and they too, have recent 1 star reviews stating adware/malware/excessive permissions. |
@Eisys That is correct, this only affects the Chrome extension Particle for Youtube, nothing else. Iridium is clear and will reach the Webstore as a brand new extension, which was always the plan because I never meant to "replace" YouTube+. That also means the userscripts and AMO versions will be brand new once Iridium goes live. Regarding the owner, I was made aware of that only after I read the recent extension reviews, which was not disclosed until the extension was transferred. |
@ParticleCore Okay, so you have tacitly admitted that you did sell the extension to a hostile party without regard for the safety or privacy of your trusting users. This is inexcusable. You have now demonstrated that you are untrustworthy, and none of the other forms in which you are making this project available (userscript, Iridium, etc) can be trusted either. The only answer for users who desire safety and privacy is for this project to be forked. This repo must be blacklisted, and this author must be forever distrusted. (Of course, since you conveniently hide your identity behind "ParticleCore", this will not be as easy as it could be.) For anyone who's interested, I have forked the repo and opened an issue to discuss the project's future, if there can be one. Interested users and/or developers are welcome. https://github.com/alphapapa/Particle/issues/1 |
Er, uhh... ...wow. I was about ready to invoke Hanlon's razor or something towards the generally hostile attitude in this thread, as I just couldn't understand where it was coming from. And I suppose the razor still applies in some way, but... uh... This is awful. You're a nincompoop, this 'roberthawkinsg' guy is capitalizing on trust like a goddamn Trojan Horse, and the Chrome store lets it all happen! To be honest, when I first saw the permissions request, I was puzzled, but could have accepted it anyways because I knew this project had a github and I knew there was a detailed version history where I would be able to find out exactly what crazy, new and unusual circumstances required the permissions. But lesson be learned: trust can't come so cheap. |
Not only why would they want to hide, but more importantly: Why were they even interested in buying a dead-end product that as you yourself said wasn't even going to support the new Youtube layout very soon? Obviously it was worth money to them, and as it wasn't profitable to you, and it wouldn't be able to be monetized due to upcoming changes to Youtube... I think it was pretty obvious why they wanted to pay you for it. |
and of course your research about them came up clean. They make every silly dev they trick sign an NDA to not tarnish their name they built up so that they can trick more silly devs |
Did you have a written/signed/etc contract with them for the transfer, and did they breach the terms? If so, I'm curious if you'd still be required to withhold the company's name. Gladly it has been removed from the webstore, but the buyer's reputation needs to be tarnished and found out. It's understandable if you cannot, as you don't want to put yourself in a worse situation than you are already in. Though, IMHO it does seem fairly clear that a company wanting to buy a dead-ending extension likely does not have good intentions. Still yet, the outrage-happy internet is probably still going to come after you for this and it's unnecessary. Good luck with Iridium and the new extension. |
Just a warning: I am leaving this open for discussion related to the topic. Any further insults will lead to this issue being locked. This is not a place for this kind of behavior. |
@bscottx I am sorry, but I think you can assume the answer for that by my inability to comment further on it. I appreciate the understanding, it has not been easy being in this position not knowing what I can or cannot say. |
I really appreciate that you feel a strong obligation to maintain these projects, but if you feel it is no longer worth your time and it is having this kind of effect on your health, please step away and take a break. Your work is appreciated but you shouldn't burn yourself out on this, and you absolutely shouldn't pull all-nighters for less than minimum wage. If you step down, the forks will step up, so there's no need to feel like you are the only one who can do this - that's the good thing about open source. I wish you the best. |
I switched from the Chrome extension into userscript version long ago — when you announced that Google removed the Chrome version and you didn't get an explanation for it, so I may not be feeling what others are experiencing. Unlike those that hate you for selling your extension to another person/company, I have totally no problem at all. You're free to sell your product to an adware maker or whatever else coming your way because it's your product afterall and you said that you really need the money (so I assume that the situation is quite bad and you truly need the money for something important).
But there's one thing that I disagree with your decision, and that is to not inform your users beforehand. You could've made an update to your extension and show a page explaining that in a few days this extension will be sold to another party that could potentially cause harm to the users. That's all you need to give so the users can make proper decision. I know you said that you've researched the buyer before, but let's be blunt here, whenever a company/someone buy a browser extension it could only mean two thing. Either they want to make money from your product or they want to kill your product because they don't want another competitor. This is not a perfect world where the buyer would suddenly take charge of your product and making it into something better. I hope that you learnt from this and won't make similar decision in the future. |
I had this installed then it vanished, I then installed the userscript version, but I discovered it didnt vanish at all but instead it changed name and chrome had auto disabled it. I am pretty angry, its sad that what turns out to be a good project always tends to get ruined by a need for money. |
Well, you did what you had to I suppose. Dev life is hard. Best of luck for the future, but please don't do something like this again. |
@ParticleCore Honestly, thanks to your blind incompetence I won't be recommending Particle/Iridium or anything else you develop ever again. Since you've "sold-out" once already, what's stopping you from doing it again in the future because you're in need of money? As such in my eyes you've lost ALL trust with this blunder. There was several obvious red flags including; the party accepting the high price, the desire to obtain a "dead" extension with a healthy fanbase and the use of a non-disclosure agreement. But hey, I guess money blinds all judgement. I really hope it was worth it... I'm sure the users infected with the adware would disagree. |
@BooBerry You misunderstand me, I never cared about popularity, ratings or anything of the sort. This is my hobby that I do with pleasure and decided to share it publicly. If it happens to generate income then even better. As such was the case I had a good opportunity and went with it. Did not go as well as I wanted. Hindsight is 20/20, but during the exchange what is obvious for everyone after it already happened did not cross my mind while it was taking place. Make no mistake, if I am offered another deal I will take it again, but this time I will post the emails publicly for the duration of the exchange (with sensitive information redacted, such as names and emails) so that this won't catch users by surprise again. Also don't try to pin adware on me as if I was the one who deliberately did it with full knowledge of the actions, that's just a blatant lie. The owner of the extension during those changes was not me, so blame the right person for the right reasons, call me sell-out all you want but never blame me for what happened after I was no longer responsible for the extension. I lost the users trust? When did I ever asked for it? I had users threatening my life because I wouldn't help them make a custom userscript, I had users threatening to down-rate the extensions if I wouldn't implement features they demanded, some even went ahead and just did it (#522 (comment)). This is just my hobby, nothing more. If you do not like it then there are other options available (although the most popular are heavy on data mining, so that's a trade-off) or, if you want, you can do what I did, build your own to your own liking, just the way you want it to be. I know it sucks, I hated that this happened this way, but I am not here for you, I am here because I enjoy doing this project, not serving others. If it happens to satisfy what others seek then great, if not then nothing is lost. If it happens to generate income then great, if not then that's life. |
As per the previous information I decided to leave this open for another day, but I will be closing it tonight because I believe there is nothing more to add to this subject. The topic will not be locked, just the issue will be closed. |
@ParticleCore Can't say that I'm exactly happy the way this was handled, but I understand mistakes happen. Money is a real thing and it IS a driving force in our lives. Having the money available to work on the things you want to work on is a blessing. So again, while I think this could have definitely been handled better on your end, I wish you luck and hope that you continue to grow, learn, prosper, and have the ability to prioritize the work in your life that gives you a sense of pride and contentment. |
A bit late to the party but I'd just like to say I'm grateful that somebody is maintaining this script even if the extension has been hijacked. All that matters in the end is that I don't have to use YouTube's horrible flat material layout design now or (hopefully) going forward. I've really no interest in questioning the dev's handling/mishandling of the situation or speculating about their intent, all I really care about is that this project doesn't get squashed by Google/YouTube. Particle/YouTube+/Iridium is essential to my YouTube viewing experience thanks to their clueless design team and I would rather have donation popups etc than see this project die off. |
Hate to try to bump a closed issue but though it's EOL it was useful. A re-upload to the chrome webstore under a new-new name would be great. |
At best, you're guilty of very poor judgement here. You're not an Internet newbie. You know about adware and malware and that the people who make it are underhanded and deceptive. You were tempted by some amount of money. Maybe that blinded you to the risks, but that's still your doing.
Those idiots threatening you are irrelevant to this. You made an implicit agreement with your users when you went to the trouble to make a fancy name and logo and package and upload your extension to the Chrome store. You have their trust whether you asked for it or not, and you have a responsibility to protect them from being exploited through your software (which is auto-updated in their browsers). You abdicated this responsibility when you sold-out. If you were naive instead of malicious, so be it, but you still messed up, big time. I maintain several software packages here on GitHub with quite a few users. It's not nearly on the scale of a browser extension, but I take the trust of my users very seriously, because I also trust and depend on other developers of software I use. I view maintaining software as stewardship, and since I benefit from the stewardship and generosity of others, I have a duty to do the same.
Well, I guess it's not just your hobby anymore, since you have profited a tidy sum from it, at the expense of the safety of your trusting users. (Again, that may not have been your intent, but the end result is the same.)
I appreciate your honesty. It sounds like you haven't learned your lesson after all. Now I know with certainty to avoid your software. Hopefully you will figure it out before something worse happens and more people get hurt. Next time, who knows, people might lose data, get infected with ransomware, have their credit cards stolen, etc. Really, if you're unwilling to take these risks seriously, I encourage you to stop developing or stop packaging your software. Let someone else do it, someone who takes these issues seriously. |
@brad-x That is something I simply cannot do, it would be illegal. The only option is to use the userscript version, if you want. |
BTW, if this whole ordeal hasn't made it clear enough, you should be really careful what you sign. If it would violate your contract for you to upload this software under a different name, that makes me wonder whether you signed away all rights to your software, period. The license on this repo was already unclear; can it even be forked? Can this repo even remain online? What a mess. And what a shame, it was really nice software. |
Ultimately, if people are threatening you personally, they're taking this WAY too seriously. Business is business. I will take mine elsewhere. Just like when I used to be a manager and would fire an employee I will tell you "Good luck on your next job. Don't make the same mistake." |
Well, I checked my addon list today and had noticed this message over particlecore:
Found this thread.. made 16 days earlier. I guess I'm glad I switched to the userscript version some time ago, which I disabled updates for. Shame; damn shame. Why's every single youtube addon seem to just.. get destroyed in one way or another? |
Oh, thanks for the heads-up. So is this why I'm getting pop-under ad windows on unrelated websites all the time lately? ;D Good thing you've got compensated. Don't let those insults get to you - that's a very poor way to thank you for your work so far. I'd rather say: THANKS so much for the wonderful time YouTube+ allowed us to have. Without it YouTube is just a useless heap of garbage and without YouTube... wait... I'd have way more spare time each day? Huh... anyways, switched to the userscript version. Very curious if I'll still get pop-under ads =) <3 m8 |
Guy sells you to adware and you thank him... Seems legit. I'd rather not have the extension at all than use anything made by this idiot again. |
If the purpose of this issue is for others to further more lies, like claiming that I sold users to adware after I have clearly explained the entire situation as best as I can, then there is no use in leaving it open any longer. I also warned about making more insults #528 (comment) and as a result of @Caraxi contribution this issue will be locked. |
As of today the Chrome extension ownership has been changed and I am unable to make any further changes or updates to it. For now the temporary solution for anyone that wants it is to use the userscript version with a userscript manager extension, such as Tampermonkey. Remember to first backup your settings before changing.
I will try to post an update when I have more information.
Update
After trying to find out what happened since the other user came to me with #527 I can only assume that the intentions were not made by mistake and as a result I will now do what was suppose to have been done before all of this started.
The extension has been sold, but only the Chrome extension. Everything else remains intact and on life support.
I was approached with a business proposal to either run ads on the extension or sell it. My first reply was that no matter what conclusion the business could lead to, the users would have to be informed prior to the change and unrelated feature changes would have to be opt-in by default, and I quote:
Due to certain conditions I agreed on I cannot share more of the conversation out of fear of violating these conditions.
I did research the entity that contacted me and found no warning signs, which is why I decided to trust it at the end.
I was assured that their services are Google compliant and, to a certain extent, they are, from what I have seen in their code, but the current changes are way, way ad aggressive. The extension also warns users of the new changes, but not how I wanted. Asking for new permissions is not the same thing as explaining why those are being requested and what changes the extension would contain. Also turning off the support tab was not a good sign.
I was also caught somewhat off guard because I wanted to make this announcement at least one day prior to the changes, but that's also something that didn't went according to what I expected. The changes that were suppose to be made never went through; the extension description is still unchanged and are still linking to this repository, the extension options are also still linking here and the donation button is still linking to my account. It was all suppose to be changed accordingly at a certain time.
As of now there is nothing I can do, the Chrome extension version is no longer mine. I know very well how the users feel betrayed without an hint before all of this, but I was under a condition that would not allow me to go into detail about the transaction, that is until after what went through today.
I have sold the extension because of two big reasons, both some of you that have been following this extension close know of:
1 - The current extension will die. With the new YouTube layout coming up, the extension will simply not work, it already does not if users try the new YouTube layout. I am already working on an entirely new version just for the new layout, but this one is just at a basic bug fix support stage.
2 - The income is very important during the period that my life is currently on. I do appreciate all the donations that have been made and keep being made since the birth of this project, but with just around $8 average per month (if I recall correctly) there's just not enough, not even to pay the ISP. However, I only went through with the proposal because I asked for quite a high price that I was willing to sell, assuming that it would be rejected. As it happens it was not.
With that said, I most sincerely apologize. This was suppose to be way more transparent, I think the few that know me know that I never had any trouble speaking my mind when I wanted or being honest when needed, but as it happens this whole situation went off rails without me realizing it in time. Once it started there was nothing I could have done to stop it other than trying to find out what was going on and why.
The Chrome users can still use the original version, the userscript is untouched and will continue receiving bug support. To install the userscript version you will need a userscript manager, like Tampermonkey, and then click on one of the available hosts located here: https://github.com/ParticleCore/Particle/wiki/Download#userscript and your userscript manager will do the rest for you.
The text was updated successfully, but these errors were encountered: