Sign in / up

back to article Chrome, Firefox pull very unstylish Stylish invasive browser plugin

Firefox and Chrome have removed a browser extension from their stores following revelations it was phoning home with users' web-surfing histories. The "Stylish" plug-in gained popularity because it let users configure sites' appearance, rather than accepting the designers' decisions. However – stop us if you've heard this one …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Thanks! Time to warn others

    Reporting on the Internet Of Cesspit is becoming a full-time job at the Reg.

    Now that the net has turned into constant B7 Surveillance-State-Federation.

    Enough material from facebook, win10, IoT smart-tech alone to last forever.

    26 0 Reply
  2. Paratrooping Parrot
    Mushroom

    Problem when software changes hands

    It is annoying when a popular software changes hands, sometimes the new owner totally ruin the software to make it bloatware and phone home with all sorts of data. One example I remember was Quickpic on Android. I can understand that the original owner has probably been promised loads of cash and peace of mind if they would let the new owners take over everything.

    17 0 Reply
    1. Zog_but_not_the_first
      Reply Icon
      Windows

      Re: Problem when software changes hands

      Stop complaining and keep using the "cloud".

      7 6 Reply
    2. Waseem Alkurdi
      Reply Icon
      Pint

      Re: Problem when software changes hands

      Quickpic on Android.

      Came here just to say that! Have a pint (alcohol-free).

      It was taken over by Cheetah Mobile, a skeleton company for some Chinese outfit that owns the crapaward-winning piece of crapware called Clean Master (shortened to CM to confuse users of CyanogenMod).

      Might want to add the tragedic downfall of ES File Manager. Bought by the same or a related outfit (due to the appearance of Clean Manager INSIDE it!

      What was once the best all-rounder file manager is now a pathetic trojan for ads and crapware.

      21 0 Reply
      1. AndyS
        Reply Icon

        Re: Problem when software changes hands

        ES File Explorer is a bit of a "special" case. The free edition is utter crap, laden with adware and dark pattern user interface nonsense.

        The paid version is actually very good, and strips all of that out.

        It's a prime example of "you get what you pay for," and I actually understand the approach to an extent, but the distance they've gone to degrade the user experience in the free version is so off-putting that I can't see them getting many sales of the paid version any more. It's a real shame.

        I had the paid version before it all went south, so continue using it, but my wife has (had) the free version installed and it made my eyes bleed every time I tried to use it.

        Since it is by far the best file manager I've tried (with excellent support for network drives and chromecast, very good native image viewer, and other features which I've not found elsewhere), I've continued using the paid version.

        8 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Problem when software changes hands

          Rather than give these shysters money to continue abusing the rest of their userbase, I prefer the saddo method, i.e. download a pre-abuse version of the APK from Uptodown; re-sign it using test keys so that Google Play doesn't try and update it; sideload it; flag the AV to ignore it as a threat.

          (Real saddos, of course, will ask what I am doing having Google Play on my device in the first place.)

          2 0 Reply
    3. John Brown (no body) Silver badge
      Reply Icon

      Re: Problem when software changes hands

      "It is annoying when a popular software changes hands, sometimes the new owner totally ruin the software to make it bloatware and phone home with all sorts of data. "

      When *any* business changes hands from the original owner who grew it, the new owners usually want their ROI as fast as possible. The original owner is probably in profit and doing well when they sell it, but the new owners, by definition, are saddled with debt. They almost always immediately start to cut costs and corners or do stuff to maximise income from all possible source.

      4 0 Reply
    4. Mage Silver badge
      Reply Icon

      Re: Problem when software changes hands

      Visio, Skype, WhatsApp, Instagram, GoodReads, IMDB, YouTube, Borland... Maybe Github?

      All the software Oracle got from buying Sun.

      Xenix, Suse ...

      It's a very long list.

      2 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Developers becoming jerks.

    Enough said!

    By the way, don't try to bring here the old argument saying developers must put food on their table etc. It's BS. Accepting those arguments equals to excuse organized crime who also must work hard to pay the rent.

    28 4 Reply
    1. a_yank_lurker
      Reply Icon

      Re: Developers becoming jerks.

      It's more likely marketing PHBs abusing users and getting caught. Someone had to tell the code wranglers to do this. Most code wranglers have enough to do without adding more work. Also, the core wranglers may have told indirectly to do it or walk the plank.

      10 4 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Developers becoming jerks.

        That may be, but don't kid yourself. Developers are about as ethical as politicians. It's practically impossible to have a programming career if you give a single fuck about ethics.

        8 40 Reply
        1. Stacy
          Reply Icon

          Re: You missed one...

          Not sure about that... At least in my country... I've turned down better paying jobs to stay where I am because I believe in the company and it's ethics - these have been demonstrated repeatedly over the last 12 years that I have worked there.

          On top of that, I feel that where I am I have the right to refuse to implement something that I feel goes against those ethics. It has happened, and generally results in a conversation about why I feel that strongly about it. In 12 years it's only happened a couple of times, and has always turned out well at the end.

          I appreciate not all companies are like this, and that paying the bills is important. But, for my country at least, there are more jobs than developers if you find yourself being asked to do bad things you should either look at trying to change the culture of where you work, or look for employment that doesn't make you need to shower 10 times a day. If you have the options to look elsewhere and don't then it's definitely also the developer...

          21 0 Reply
        2. Dave K
          Reply Icon

          Re: Developers becoming jerks.

          Developers are (in general) no more corrupt than anyone else. Look at any walk of life and you'll find plenty of honest people, and a handful of dishonest ones who will always think of "making money" above all else.

          For example, many car garages will do a great and honest job of fixing your car, but a few will rip you off by charging for fixing things that aren't broken. Plenty of electronics shops will provide sound and honest advice to help you buy the right piece of tech, whereas a few will sell you the nastiest piece of crap they have along with an "extended warranty" and some massively overpriced cables.

          Same with developers. Some will rely on a few none-intrusive ads on their site, maybe a Paypal donation system or a premium version of their product with a few more features. Others turn to nasty slurpage and bundled malware. The latter group deserve criticism and for their products to be shunned, but you can't just tar every developer with the same brush because of the actions of a few...

          21 1 Reply
        3. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Developers becoming jerks.

          My 30 years as a developer might suggest otherwise.

          3 0 Reply
        4. Orv Silver badge
          Reply Icon

          Re: Developers becoming jerks.

          TBH I'm not sure you can call what these companies do "development." How much does it really take to take an existing, completed app and load it up with crapware?

          3 0 Reply
      2. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Developers becoming jerks.

        "It's more likely marketing PHBs abusing users and getting caught. "

        As a techie (now retired) I used to say that part of my job was "to keep management honest".

        I think it was a Dilbert quote - "A good engineer is honest to the point of social dysfunction". It's not one of the online strips.

        8 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: A good engineer is honest to the point of social dysfunction

          Just to be clear, that doesn't mean that because you're an arsehole you're a good engineer.

          15 0 Reply
    2. Voland's right hand Silver badge
      Reply Icon

      Re: Developers becoming jerks.

      Nope.

      It is a standard play at the moment. Buy something popular, reuse the name, ship malware.

      In any case, I am surprised the new "developer" has not taken on Google on "competition" grounds for Chrome. I would not be surprised to see their name pop up on a complaint to Eu or something initiated by the US state attorneys.

      15 2 Reply
      1. John Brown (no body) Silver badge
        Reply Icon

        Re: Developers becoming jerks.

        "I would not be surprised to see their name pop up on a complaint to Eu"

        They might not want to attract the attention of the EU and GDPR if they are slurping data with unique IDs

        2 0 Reply
  4. jb99

    While the software that has been removed is bad, I have issues...

    Ok, the software that has been removed is bad and I don't support it one bit.

    However, I also think that the importance of having open platforms that anyone can publish their software on can't be overstated.

    i'm not sure that a commercial organization should be allowed to determine what I can and can't run on my device. And as a browser supplier, these organizations are increasingly in a position to determine this.

    I don't think this is healthy

    7 1 Reply
    1. annodomini2
      Reply Icon

      Re: While the software that has been removed is bad, I have issues...

      Conceptually it's a Chicken and Egg problem, with the "Free Speech" mantra, but in reality most people are too ill informed to understand if something is malicious. Hence the approach that is taken.

      Therefore expertise is required, my issue with it is that opinion of expertise could be abused.

      3 1 Reply
    2. tony72
      Reply Icon

      Re: While the software that has been removed is bad, I have issues...

      i'm not sure that a commercial organization should be allowed to determine what I can and can't run on my device. And as a browser supplier, these organizations are increasingly in a position to determine this.

      That seems like a bit of a strange attitude TBH. Your virus checker provider is a commercial organization that determines what you can and can't run on your device, and you're perfectly happy for them to do that (I assume, but feel free to set me straight otherwise). Mozilla/Google removing extensions judged to be malicious from their app stores and official delivery mechanisms is them acting in an equivalent role.

      If you're determined to run malware-filled software, you're free to obtain the extensions from outside of the official app stores and sideload them. Google et al aren't controlling what you run on your machine, they are controlling what they distribute through their channels, and I personally don't see the problem with that.

      7 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: While the software that has been removed is bad, I have issues...

        Who uses antivirus software nowadays?

        Not me, that's who.

        1 0 Reply
      2. onefang
        Reply Icon

        Re: While the software that has been removed is bad, I have issues...

        "Your virus checker provider is a commercial organization that determines what you can and can't run on your device,"

        No, my virus checkers advise me about what they think I should or should not run on my device. The two I run on my Android complain about a different open source app each. I've double checked those two apps, and I'm happy to ignore the advice and run them anyway. False positives and false negatives are a thing, which is why I run two virus checkers in the first place, and check their results.

        1 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: While the software that has been removed is bad, I have issues...

          The problem only exists because the browser extension API makes it possible for the sake of flexibility. Network access combined with content/data/metadata access is a huge malware risk. Thorough auditing is required for extensions which do both. Most extensions, including Stylish, do not NEED both. Strictly enforced separation should be the default for unvetted extensions.

          1 0 Reply
    3. John Brown (no body) Silver badge
      Reply Icon

      Re: While the software that has been removed is bad, I have issues...

      "i'm not sure that a commercial organization should be allowed to determine what I can and can't run on my device. And as a browser supplier, these organizations are increasingly in a position to determine this."

      Someone has to decide where to draw the malware line. How complaints are dealt with is the real measure of whether it's working well or not. eg transparent complaints procedure, specific reasons for rejection, appeals procedure and re-listing if appeal upheld or the reasons for the de-listing have been fixed.

      Additionally, as a "store" listing the extensions, it's their reputation on the line if they are serving up malware unchecked.

      2 0 Reply
  5. Packet

    Don't Firefox and Chrome check the extensions behaviour?

    Serious question (not a rant):

    Don't Firefox and Chrome check the behaviour of the extensions prior to publishing?

    .

    3 0 Reply
    1. Graham 32
      Reply Icon

      Re: Don't Firefox and Chrome check the extensions behaviour?

      There probably is something but it won't be a human reading the code reverse engineering what it does and checking it's compliant with the privacy policy.

      It'll be something similar to anti-virus software. Heuristics can pick up some nasty code, but mostly it's about producing signatures of already-in-the-wild viruses and making sure they don't get executed again - or in the case of a browser plugin library, making sure someone doesn't upload it again.

      2 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Don't Firefox and Chrome check the extensions behaviour?

      No. Neither do app stores or any other commercial software distributors. They scan for viruses, blatant ToS violations, etc, but not bad behavior.

      It's not black or white, "safe" or "malware". The lion's share of software falls in a grey area: exploitative, dishonest, incomplete, unreliable, and/or insecure. Often it's due to lack of skill and experience, but even the best programmers make mistakes which can be exploited by malware. Especially in ultra-complex software like web browsers.

      So you really can't trust anything. Especially browsers and extensions.

      2 0 Reply
    3. Orv Silver badge
      Reply Icon

      Re: Don't Firefox and Chrome check the extensions behaviour?

      They do some checks, but they're mostly automated. A common way to slip past them is to either include the malware in a later update (which often isn't checked as stringently), or include a mechanism that downloads it after the app is installed. That last one is a big no-no in the Chrome store, though -- you're not supposed to download and run code from outside the extension package.

      1 0 Reply
  6. Anonymous Coward
    Big Brother

    Stylus

    Stylus (Mozilla addon page) does what Stylish did but their privacy statement says this:

    Unlike other similar extensions, we don't find you to be all that interesting. Your questionable browsing history should remain between you and the NSA. Stylus collects nothing. Period.

    Note I am in no way associated with it: I'm just a happy user.

    4 0 Reply
    1. DropBear
      Reply Icon
      Alert

      Re: Stylus

      Also, for those already running some version of Greasemonkey, there is an open source converter from styles to scripts - it did seem to work fine for me...

      1 0 Reply
    2. petef
      Reply Icon

      Re: Stylus

      Thanks for pointing out Stylus, I shall migrate.

      One of my prime reasons for using Stylish is to read El Reg without the gratuitous headline images.

      2 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Stylus

        "One of my prime reasons for using Stylish is to read El Reg without the gratuitous headline images."

        Bugger...

        I now have a choice, migrate to Firefox from PaleMoon so I can use Stylus instead of Stylish

        -or-

        Stay with PaleMoon and trace & block all outbound traffic from Stylish...

        Neither seems ideal, nor is accepting the 'as intended' rendering of El Reg.

        1 0 Reply
        1. onefang
          Reply Icon

          Re: Stylus

          Or use another plugin to block large images. I use uBlock Origin on PaleMoon for that.

          0 0 Reply
  7. onefang

    I was looking for a PaleMoon extension to swap black text on white to white text on black, do it well, and easily swap back for when things inevitably go wrong. Stylish was one of the ones I was looking at. If I recall correctly it was too overblown for that relatively simple job, so it didn't get selected. I went with "Page Colors & Fonts Buttons". Crappy name, but it does what I need.

    I also used to use QuickPic, now I use Simple Gallery from F-Droid. Early last year I started replacing Google Play sourced apps with F-Droid sourced apps.

    Looks like I've dodged a couple of bullets, which was half the point of switching to F-Droid in the first place.

    2 0 Reply
  8. Bela Lubkin

    In addition to Stylus, it is worth noting that each(*) 'style' on userstyles.org has a link 'Install style as userscript' (just above 'Discussion'). Clicking on this is supposed to immediately invoke your Greasemonkey / Tampermonkey / Violentmonkey to suck it in as a userscript; this mechanism isn't currently working for me, but using `wget` on the URL pointed to by the link does work, and is preferable anyway since I can vet the result.

    Said result is basically a 30-line userscript wrapped around the raw CSS(**) of the style. You could download it once, then subsequently download other styles from userstyle.org using the 'Show CSS Code' button and pasting the received CSS into the middle of the static userscript. But why bother, when the site will already do it for you.

    (*)Of course I only checked a few so it is always possible that this feature isn't universally available...

    (**)One of the ones I downloaded had a bit more complexity having to do with adapting the CSS to different sites; this may be an additional reason to actually use the userjs downloader rather than the 'Show CSS' downloader.

    0 0 Reply
  9. Bela Lubkin

    -- and, of course, you can use the 30-line script to inject any CSS of your own. I would cut it down to about 10 lines since the bulk of the script relates to dealing with old pre-Greasemonkey userscript injection frameworks...

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like