Giorgio Maone, the author of NoScript, recently released an update that actively and intensionally crippled Adblock Plus.
The piece of code responsible was reportedly obfuscated to make it hard to find and analyze.
Read the post of Wladmir Palant, the author of Adblock Plus, and what Giorgio has to say.
Giorgio later reverted these changes (under pressure it seems), but started to forcefully add a filter subscription to white-list his domains, without asking for user consent, of course.
The latest release at least lets the user “opt-out”.
Frankly, I find both, first the intensional crippling of Adblock Plus, and then adding some filter subscription without consent, disturbing and unacceptable.
I’d expect Giorgio to stop defending his previous actions and instead admitting his wrong-doing and issuing a public apology to the users.
Update, 2nd of May:
From the NoScript FAQ
Version 126.96.36.199 (released May the 1st 2009) automatically and permanently removes the filter on startup, no questions asked. This decision has been taken as a sign of good will and apologizes, after the lack of a prompt asking beforehand prior version 188.8.131.52 caused complaints and controversy in the Mozilla community.
So the filter subscription is gone again, and there is kind of an apology.
However it still feels, after reading this, that Giorgio didn’t get the point, exactly.
Why didn’t he address the initial “patching” of Adblock Plus code?
Is it just because of the complaints and “controversy” that he reverted the changes again, or does he now see how he betrayed user trust?
I don’t have any problem with NoScript adding a filter subscription, as long as it is in a transparent manner and the user can properly opt-out, far better even has to opt-in.
A lot of other users seem to agree. If there was some choice along the lines of “Want to support NoScript by allowing to displayed Noscript website ads in Adblock Plus” (Yes/No), a lot of users would have chosen yes.
Update2, 2nd of May:
Seems Giorgio indeed got the point. See this forum post.
Still makes me wonder how it can happen that a “security” software developer implements and releases code that easily can be classified as “malware”…