Gorhill pulls uBlock Origin Lite from Firefox store

I manage a medium-sized browser extension at work. We also offer(ed) it on Firefox. But I have spent the past year struggling to get back into Mozilla store after a manual review. As far as I can tell, there are maybe two reviewers that are based in Europe (Romania?). The turn around time is long when I am in the US, and it has been rife with this same kind of "simple mistake" that takes 2 weeks to resolve. "You need a privacy policy"–we already have one. "You are using machine generated and minified code"–no you are looking at the built code, not the included source. "We cannot reproduce your source"-that's because you didn't follow instructions and are in the wrong directory. Very frustrating.

That sucks. I work for Mozilla, but nowhere near Addons so I don't know what pressures they're under or whatever.

But if I ran the zoo... this is gorhill we're talking about. We ought to just make him an add-on reviewer with full rights, and tell him it's ok if the only add-ons he reviews are his own. We do not need to vet either his competence or trustworthiness; we have vastly more historical data backing him up than on any contractor or employee.

He's not a one-off either. We aren't nearly as volunteer-oriented as we used to be, sadly. But we still get many and major contributions from volunteers, and at least in my team (SpiderMonkey) there's no wall between external and paid contributors. (Except for the company-wide offsites, grr...) I don't see any reason why gorhill couldn't be made a full member of the review team, not that I'd expect him to be up for it right now given what's happened.

That makes more sense to me than giving him a special pass that we could potentially give out to other people or organizations. He is a major contributor to Firefox's capability and success already, let him contribute reviews that are already a thing and provide value. (Again, only self-reviews would be just fine with me.)

Now I need to figure out who to pester on Slack.

If I understand the timeline correctly here, it seems that gorhill overreacted, and I say that as someone who is usually harshly critical of everything Mozilla has done in the past 5+ years. It's hardly practical for Mozilla to manually review every add-on revision for safety in a timely manner, so they had the choice between automation and delays that would make add-on development a slog; automation though inevitably will cause false positives.

What's the alternative? No pre-release review at all? As a user I would hope that this will not be the case, especially now that we have confirmation that flashy supply chain attacks are being executed in the wild. In fact the review policy protects gorhill himself too, since it makes him a bit less attractive as a target for a rubberhose attack (no point in blackmailing him to put in spyware if the spyware would be caught before release).

It's very annoying you have to submit your extension to gatekeepers to even distribute them to normal users. As gorhill said on GitHub it took days for a self-hosted version to be approved - that's unacceptable. Imagine you would need approval from Microsoft to distribute software. Not even Android is this closed. Enforcing signatures and removing XUL were the worst things Mozilla has ever done. And yes, Google does the same and it's even worse there but this it to be expected from them, but not from Mozilla.

> The organization issued an apology for the "mistake" and recommended to Hill to reach out whenever he has questions or concerns about a review.

Before taking drastic action like pulling addons from the store, Mozilla should reach out if they have questions or concerns about a review.

Gorhill's full uBlock Origin might be the only remaining selling point for Firefox.

With the outrageous sum of money that the Mozilla top executive was recently taking for themself, they could've instead staffed an entire team of first-rate people, with the sole mission of doing whatever Mr. Gorhill needed.

Why does this extension even exist on AMO? The article says it's the "Lite/Manifest v3 version" - why would you ever install the inferior edition meant for legacy browsers, instead of the one that blocks ads properly that's meant for Firefox?

>The last message from the developer in a now-closed GitHub issue shows an email from Mozilla admitting its fault and apologizing for the mistake. However, Raymond still pulled the extension from the Mozilla Add-ons Store, which means you can no longer find it on addons.mozilla.org.

This seems pretty harsh. Mozilla made a mistake, Mozilla apologized, Mozilla fixed the mistake (maybe even improved their processes), and the author still pulls their choose and criticizes Mozilla. On my opinion either author took this a bit up personally, or cares about improving the review process and wants to make a strong point (with some hurt done for their project visibility).

Fair play. uBO is THE killer extension, and apparently it never occured to Mozilla that if they were going to insist on using some hideous, Google style, machine led review process for extensions, perhaps they should at least make a carve out for one of the single most important extensions that exists.

I can totally understand gorhill becoming completely insensed by the whole thing and refusing to play ball when Mozilla "realises their mistake". Their mistake was assuming he would simply put up with being subjected to the drudgery that so many extension and open-source developers allow themselves to be subjected to in return for little thanks and ever increasing demands.

The outcome is far from ideal, but the fault, sadly, lies squarely with Mozilla. Real shame.

I really hope Raymond Hill won't do the same for uBlock Origin (the manifest v2 version). I'm not too comfortable recommending others to install a self-hosted extension.

It's a shame Mozilla and Raymond Hill can't/won't solve this together. I get that the review he got simply should not have happened for an extension like this (see the Github thread¹) and that he is simply done with bothering, but I worry about how that will affect uBlock Origin's long-term stability as a project. The whole situation sounds decidedly unhealthy.

1: https://github.com/uBlockOrigin/uBOL-home/issues/197#issueco...

Without Gorhill's uBlock Origin, the internet would be a really awful place. Thank you, Raymond!

There's nothing more frustrating than being gatekept by incompetent, lying idiots. Sad day for users but the right choice by Hill.

Mozilla wanted in on the $CURRENT_THING of being a "platform" where devs bow and scrape and they claim to be the great custodian of stuff, protector of users. Don't do this if you can't be competent at it. Devs _can_ leave, and they will if you fuck up often enough.

Doesn't this behavior from Mozilla staff indicate that using Firefox extensions at all is a security issue?

This shows that the reviewers may not be competent enough to catch actual malware uploaded to their add-ons site.

> The organization issued an apology for the "mistake" and recommended to Hill to reach out whenever he has questions or concerns about a review.

It's unclear why the author of the article decided that the word 'mistake' deserved the scary quote treatment.

If Raymond Hill endorsed a Firefox fork, I would switch to it immediately.

I fully agree with Gorhill's decision to pull the addon. Any downgrade of user experience on Firefox is solely due to their addons review team.

Maybe if more developers refuse to put up with such bullshit in the name of gatekeeping the extensions store, browser vendors will start acting properly.

For anyone confused by the real title:

> uBlock Origin Lite maker ends Firefox store support, slams Mozilla for hostile reviews

“Review” here means the Mozilla review to allow the extension in the store, not user reviews of the extension.

It's a blog post about something that happened a month ago and boils down to "some (obvious) mistake happened during review". Not much to see here.

This again shows the problem of automatic reviews. There should be a person name in every review that was responsible for it, currently it's blamed on our automated system. If the law would require someones name on it then I'm pretty sure the review process would be much better and the explanation would include more than an apology.

It seems to me that any platform with a review gateway should treat failing a review erroneously as a critical failure.

In fact it does literally constitute denial-of-service.

When a failure like this occurs, it needs more than an apology, it should have an incident report to show that the failure was understood and steps were taken to prevent future failures.

Automated process have so far managed to destroy the experience of the world wide web as a whole for developers and users both. And AI based tools seem like gas to this fire. Seems very soon web will die out of it's quality and only bots will remain.

Because no one ever have taken over and compromised high profile extensions?

Chrome battles with it a lot, see eg. https://news.ycombinator.com/item?id=36146278

I find Mozilla's process to be quite reassuring, but would be good to have alternative "addon stores" that also have a review process

If you want another example of difficulty with the AMO review process: https://github.com/adam-p/markdown-here/issues/21

And that's just one of the examples; another resulted in me having to add a preprocessor that removes code at build-time, which was annoying. I like Firefox, but it wasn't always easy to justify the effort.

Curious why Firefox doesn’t just start incorporating uBlock into the browser? Make it a standard feature that comes pre-installed… but maybe not automatically enabled? Thoughts?

Tangentially has anyone else noticed chrome extensions management page now saying unlock origin will soon be disables and to please find a replacement?

I'd hoped Google sabotaging uBlock Origin would be an opportunity for Mozilla to pick up some new users for Firefox. Lol.

One of Firefox's value is uBlock origin for it's users yet not for Mozilla's money train Google and others.

With uBlock, pop up blocker extensions and Mac Minis connected to my TVs (wireless mouse as remote) I have totally ad free Internet experience; every site there is & from my couch or in my rooms.

Mozilla is an absolute joke of an organization, and it's tragic that they are still the primary alternative to Google having a total monopoly on browsers. I suppose you shouldn't expect much from a company that is just there to maintain a facade to fend off regulators.

But... ublock is like the main reason I use FF

uBlock Origin 1.60 for desktop (not lite) has also been stuck in Mozilla review for a week now. On the firefox add-on site it is still 1.59 which doesn't really work for common things like youtube.

The sooner people realize Mozilla is not your friend, the better. They’ve been compromised by the Google money. Want an alternative to Chromium? Go support Servo or Ladybird, Firefox can’t be saved.

Is it even possible to connect to the public Internet in a way that isn’t completely compromised by a corporation or state?

TOR is busted at this point

DNS have been MITMed

Almost all hosts are under the control of a few players who are compelled by their respective states for ubiquitous and server monitoring

Any advertised IP has to have tons of routing info and local pointers so local hosting is just as risky if not more

What are the remaining options for a free (as in speech) internet?

FWIW, I've seen Firefox being unreasonable to other extensions as well — OldTwitter has been gone for a while and BlueBlocker has been trying to push an update to change the domain from Twitter to X for a while with no success...

I wish we could add PPAs to browsers just like we can in Debian/Ubuntu.

Maybe the EU should look into this, and also allow the users to "weaken" their security in order to continue using Manifest Version 2.

If you would group those woes, by type of addon, i guess there is "irrelevant " and "a world of pain for those threatening google add revenues " .. the hand that feeds.

It‘s not only that, Firefox also forces you to use the Developer edition (which updates about daily, FORCING you to restart it) if you want to install extensions that aren’t signed by Mozilla (e.g. your own).

This behavior reminds of Apple. They say it‘s for security (where have I heard that before), yet Chrome doesn’t seem to need such a restriction.

To me it seems like another step in many of Mozilla‘s enshittification.

A first effect of Mozilla's new "focus on AI"...

Apparently, as the article says, the lite version is the recommended one by the author to be used

It seems like customer service/PR/UX has really taken a nosedive since the start of COVID or maybe 2022. The pendulum seems to be swinging from "the customer is always right" to "give me your money, shut the fuck up, and go away until I want your money again."

Gorhill threw in the towel on uBOL after dealing with repeated bullshit from Mozilla, from the sounds of it. Multiple reviews, multiple people not understanding what the most famous FF extension in the world does, multiple appeals.

Personally, in just the past month, USPS has dropped active email conversations twice; a vendor I use often at work has disabled important web pages and there's utter silence from their support email; Verizon is deprecating their messaging app in a month and I learned this through reddit; and my bank returned a canned response to an issue I raised two months ago.

I remember a comment on this site from several months ago from someone who worked in customer service who shared a list of things that deprioritize you in a company's eyes, but it sounded like if you express the least bit of frustration at a bad experience, it goes on your permanent record. Companies, however, are allowed to shaft you however they please.

Mozilla just can't help themselves, can they? Seriously, once Google is broken up and their donations to Mozilla stop, I won't be sad when Mozilla is forced to shut down.

honestly we arent missing much by a manifest v3 ublock origin lite extension going away on firefox because firefox is still compatible with v2 so realistically we wouldnt have any use for it.

nevertheless it still is a sucky situation

We need an industry movement of just saying no to app stores.

Those don’t seem like unreasonable asks on Moz side

I'm glad he put it back up, I for one use it knowing that it's saving me battery on my phone and it works quite well.

This is why app stores / extension stores are simply an antipattern. The intent is to make usability easier, but it's actually useful functionality.

Get rid of the app and extension stores and let users just install software they find on the internet. Safe and secure software is found on websites dedicated to reviewing them, like the Freshmeat of old, Tucows, etc.

[dead]

Oof. I get gorhill is pissed about the whole thing, but, this feels like cutting off your nose to spite your face. It's going to be much trickier for people to get uBO Lite onto their Firefox for Android installations now, or even if they can, they might just not bother.

And, while I suppose gorhill could make the case that he's protesting this egregious process on behalf of the little guy, the fact is, he's not the little guy as far as Firefox add-ons go. uBO was one of the first (if not the first) 3rd-party addon to be offered as part of Firefox for Android after Mozilla's reorg started rolling out. He clearly has Mozilla's attention. I'm not sure what he gains from continued intransigence offers after Mozilla admits their mistake and apologizes.

[dead]