We need to talk about how difficult it is to monetize browser extensions. Most of these problems occur when a reputable extension gets sold to a less reputable owner, frequently for a relatively small amount of money (4-5 figures). Even very popular extensions have a hard time monetizing. Unfortunately, Chrome has recently made the situation worse by deprecating Chrome Web Store payments, and Firefox eliminated their paid extension store several years ago.
If the only way to monetize an extension is to exploit its users for data, this kind of thing is going to keep happening. It's perfectly understandable how someone who is doing a lot of work for no pay will eventually get tired of it or have other priorities in life, which is what happened in this case. Perhaps we all need to stop taking it for granted that browser extensions ought to be free? Or maybe the browser vendors themselves can find ways of financially supporting extension authors. I feel that money is essential to both the problem and the solution.
Of course, paid upfront software gets sold to new owners too. But if the software is paid upfront, the expectation is that the new owner will perhaps do a better job of maintaining and marketing the software, and that's why the new owner buys it. When the software is paid, the new owner has an opportunity to make money legitimately, without secretly exploiting the existing user base.
I think we need to also talk more about our legal system's inability/unwillingness to deal with malware-like behavior that should definitely fall afoul of the CFAA. Being in an industry where monetization is difficult shouldn't be a free pass to behave maliciously like that.
The problem here isn't exploiting user's data; that is not necessarily bad as long as the user is kept informed and accepts. The problem is that the current maintainers are essentially handing over code execution privileges on millions of machines to an untrustworthy actor and that actor intentionally exploits this to run spyware-like code on those machines without their user's knowledge nor consent.
The same could be said of Web Payments in general btw. The prime mover behind the rise of adtech was lack of any standards or easy usage for payment acceptance on the Internet.
When you can't accept money for your work, selling data instead seems to be the only business model for the Internet (sadly)
> The prime mover behind the rise of adtech was lack of any standards or easy usage for payment acceptance on the Internet.
I disagree. Online commerce has always been very healthy and pervasive almost since the beginning of the web. Payments were never the problem they're sometimes made out to be. "Standards" are completely unnecessary except for the de facto standards of MasterCard and Visa that predated the web.
The rise of adtech is explained simply: many if not most consumers make decisions based on the price of the product, and nothing beats a price of free! If you can offer a product that's free and still make a profit from it by selling ads, then you have a huge advantage over non-free competitors. For physical products, that's nearly impossible, but for virtual products it's quite feasible.
Paid upfront software has a long history on the web, despite the Orwellian revisionism of the App Store apologists who want to erase the past. Even paid upfront software plugins sold on the web have a long history. Web browser plugins and extensions, on the other hand, have tended to be free. This may be the result of most web browsers being free, or included with the operating system. Firefox is free, Chrome is included with Android and free otherwise, Safari is included with macOS/iOS, Internet Explorer was and now Microsoft Edge is included with Windows. The browsers themselves never made a point of taking payments, and so browser extensions were never really designed by the browser vendors with taking payments as a priority. It's kind of an historical accident, but one the browser vendors don't seem to be interested in correcting. Although now for better or worse, Safari web extensions can only be distributed via the Mac App Store.
"Online commerce has always been very healthy and pervasive almost since the beginning of the web."
Actually, in the very early days of the Web, I was personally ridiculed by advertisers I approached with the idea of advertising online. Almost every single one I approached stated quite clearly that they were certain the web was "just a passing fad" and that "normal" people wouldn't be interested in it. They all thought advertising online was a waste of time an money.
Somehow we've gone from that to pretty much the entire advertising industry having convinced the world that the Internet could not survive without online advertising, and that they somehow have a right to spy on us all to achieve their ends, and almost nobody seems to care that we've been giving away more and more of our privacy to these unsavory characters.
"'Standards' are completely unnecessary except for the de facto standards of MasterCard and Visa that predated the web."
The web (and the Internet in general) would not exist as it does today, were it not for the existence of agreed upon standards. The entire infrastructure of the Internet is built upon standards of communication which ensure that communication between devices is even possible. Without those standards, it'd all fall apart at the seams.
"many if not most consumers make decisions based on the price of the product, and nothing beats a price of free!"
Actually, during the time I speak of above, it was also extremely common for most people to think that "free" = "garbage", and that only paid products were worth a damn. If something was given away for free, it was either a trick to get you to buy something, or it was something you wouldn't want anyway, because if it was worth anything, then it wouldn't be given away for free.
Yes, a feature that results in the user details of millions of innocent users getting harvested. Remind us your contact details again, so we can forward them to the FBI?
If the only way to monetize an extension is to exploit its users for data, this kind of thing is going to keep happening. It's perfectly understandable how someone who is doing a lot of work for no pay will eventually get tired of it or have other priorities in life, which is what happened in this case. Perhaps we all need to stop taking it for granted that browser extensions ought to be free? Or maybe the browser vendors themselves can find ways of financially supporting extension authors. I feel that money is essential to both the problem and the solution.
Of course, paid upfront software gets sold to new owners too. But if the software is paid upfront, the expectation is that the new owner will perhaps do a better job of maintaining and marketing the software, and that's why the new owner buys it. When the software is paid, the new owner has an opportunity to make money legitimately, without secretly exploiting the existing user base.