uBlock Origin GPL code being stolen by team behind Honey browser extension

Remember Kazaa, BonziBuddy, Gator (The OG adware), etc.? They were demonized for collecting data on all the web traffic you were doing it. They got sued by the FTC and were forced to change their business models and/or close down.

Then Facebook, Google came along and did the same thing in the early 2010's except via cookies and Javascript, but somehow that's ok. Even worse, it's considered a normal business practice.

It amazes me that Honey has been able to become so popular given it's business model has always been more of a hack than an actual product. How did commission programs not sue them for fraud?

Probably because they had good ole Silicon Valley VC money to scare them off.

For context, this all started about 2 weeks ago with one of the best pieces of investigative journalism I've seen on youtube: https://www.youtube.com/watch?v=vc4yL3YTwWk

And it's spiraling from there into lawsuits etc. I'm kinda glad PayPal bought them as they can't just shut down and file bankruptcy. Hopefully some of these creators will get paid out for lost revenue.

Sadly, Ryan Hudson knows how to play the game and Pie (with its charming .org domain) is on a roll --- already hit 1M downloads just 9 months after its launch and grown to 10+ Engineers/20+ employees.

Shameless.

On the bright side, LegalEagle also called out Pie in the video. Hopefully that'll help shine a light on them.

Online advertising is a cesspool that makes things more expensive not less.

Honey isnt a problem it's a symptom.

If you believe information should be free to share and remix, you would believe that copyright infringement is not theft and that not releasing code is wrong.

The fact that the proprietary code is based on GPL code just shows that the ex-Honey folks are hypocrites: they're trying to use copyright to control their code, but breaking the same rules in the way they reuse others' code.

1. Movie copyright is compared, by its owners and the law, to physical theft. This type of theft does not remove the physical use or any use from the owners.

2. GPL copyright only requires sharing changed code. Failing to disclose the changes actually does affect the owners in the way claimed.

They’re two different social contracts and we need different words for them. Honestly many social problems are like this.

I wasn't aware there was this community standard. I explicitly disagree with it and I presume many others here would as well. The contradiction exists only in your one sided assertion.

I think the position is more nuanced. Once I've paid for the movie then breaking it's "copyright circumvention measures" so I may copy it or display it for my own purposes and reasons is neither immoral or illegal regardless of what hollywood or the law they paid for says.

I also think that Copyright terms being the life of the author are explicitly in violation of the Constitution, let alone, life plus some arbitrary term. These laws have fallen out of the service of the many and into the hands of the few.

There's a habit to "point out the contradiction" in these forums. I think it's almost always misguided.

GPL: "The code must be shared" Downloading/Pirating movies. "The movies should be shared"

I don't think people that people who believe in the GPL and pirate movies often do so because "pirating is the right thing to do", but one can certainly make the case that they share the same basic idea.

Copyright infringement, while it may be wrong, truely isn't akin to car theft. It is however akin to a stolen idea. A car theft deprives the rightful owner of the car, but they don't otherwise care that the thief now has a car. An idea theft doesn't deprive the thinker of the idea, but they care that the thief is benefiting from the idea without compensation. Yet they don't care if someone becomes aware of the idea, but keeps it to themself.

I don't care about the movie industry, and don't care if they lose money. I don't care about the software industry or if they lose money.

I do care about information being freely available whether its in the form of movies or source code - it's in no way contradictory for me to want people locking up source code to be stopped from doing so while also wanting to see more torrenting. Copyright law is a tool - much like fire. I don't want my house to burn down, but I also don't want the fire in the furnace to go out... is it contradictory that i want to use fire to keep warm but not have all my possessions destroyed?

The people in this community that says “copyright infringement isn’t theft” do not refer to copyright infringement where people exploit the work for-profit and put it out as their own (feel free to find a single occurrence to prove me wrong). The word plagiarism comes to mind, which is morally and (depending on country and circumstance) legally a bigger crime than copyright infringement. The legal system usually also recognize that exploitation done for-profit and large scale should be considered worse and punished harder.

It's about the idea that software (and, for many, all digital media) should be free. The GPL is designed to "infect" other projects, by forcing them to be free if the GPL code is included. It's using IP/copyright laws to combat profiteering in software (and, in the case of movies, Blender releases a GPL'd movie every few years).

It's the activists' FOSS license, unlike the MIT/BSD/Apache licenses, which are just the literal definition of Free and Open Source, no strings attached.

Copyright should not even exist to begin with. GPL is just there to try to use the system against itself by essentially forcing everything it touches to be public domain. GPL is barely above the copyright industry from a moral standpoint. That usually causes people to treat violations of it far more charitably. Nobody feels sorry for the trillion dollar copyright industry.

We live in a world where the same trillion dollar corporations who compare us all to high seas pirates who rape and burn will also engage in AI washing of copyrighted material at industrial scales. That's a far more interesting contradiction than what you're presenting and far more deserving of the people's indignation.

GPL violation: less people than intended can see the code.

In short: until society changes you play by its rules.

Copyright infringement may be criminal. But compared with theft there’s, rightly, a higher standard of proof required.

FSF address this issue directly. GPL is basically fighting fire with fire.

infringing on copyleft is like stealing from the poor

its the difference between robin hood and government corruption

If copyright infringement isn't theft (our goal), then it doesn't matter.

Hope that makes some sense.

People are willing to let behavior slide when it aligns with their interests, but will call it out when the "other team" does it.

- Copyright abuse of games, movies, commercial software vs open source software

- Censorship of conservative speech vs censorship of liberal speech

- Genocide of one geopolitical entity vs another geopolitical entity

- Separation of church/state with mandated removal of religious symbols from students and government places vs freedom of religion with removal of LGBT symbols from students and government places

- Use of executive branch authority for [liberal goal] vs [conservative goal]

It's the same behavior on both sides, just different groups of people doing it.

There are cases here where companies used GPL code without releasing their changes.

How do licenses of a source code check if the people using their code is complying with the license it uses?

https://www.reddit.com/r/embedded/comments/18gie6l/how_do_li...

The fastest way is often to just run the "Strings" program on the software. Often it will dump out a bunch of strings that match those in the Open Source project: Error Messages, Logging messages, etc. Sometimes if they're really sloppy it'll spit out the name of the GPL program/library directly and a version number.

I often add magic arrays to my code. So.. if I find them in a binary blob...

Have there been any lawsuits involving breach of open source licences?

https://opensource.stackexchange.com/questions/11452/have-th...

Suspecting users can try the software to see if it has the exact same functionality or bugs as the copied GPL library. This is of course not a definite proof, but some amount of rare enough coincidences can be considered as a very strong sign for copying. Legal measures can be taken on account of these evidences.

And of course there is always the option of a whistleblower.

Granted that means the 'smart' infringers are likely to slip through the sieve, but at that point they'll have to essentially be re-writing the code anyway, and lose most of the benefit that they'd get stealing the GPL code (they'd have to hand-roll any bug or security fixes back into their stolen-but-obscured GPL code)

Also I don't think it's that easy to conceal and not sure any serious company would risk the liability.

First, if you are distributing modified code or code compiled from GPL sources, in any way, you must advertise that fact clearly, and extend an offer to the original sources plus your compilation methods to anyone who recieves this from you. This is true regardless of whether your work constitutes a combined work.

Then, if you are distributing a work that includes GPL parts and parts that you don't want to release under the GPL, you have to check specifically how the GPL parts are used. The relatively safe boundary is calling GPL binaries as separate processes, especially over a network - if this is the only way you are using the GPL code, it's probably OK to keep your other parts under an incompatible license.

If you are using the GPL parts any more closely, such as calling functions from a GPL library directly through an FFI, or worse, linking to that library, then you are almost certainly building a combined work and all of your own code has to be released under the GPL if you wish to distribute the GPL parts.

Even if you are calling the code only as a separate process, the amount and type of communication you use matters - if you are exchanging extremely complex and specific data structures with the GPL process, rather than just a few command line switches and parsing some yes/no answer, then your work may still constitute a combined work and have to be entirely distributed under the GPL.

GPL is called a viral license. Any project that you add GPL code to must be licensed under GPL (and made available to others under the GPL guidelines). That's why many commercial companies don't include GPL code - see Apple.

LGPL is typically meant for code packaged as a standalone library called from other, possibly non-GPL, code. You can distribute and call LGPL code from your code but your code does not have to be GPL/LGPL-licensed.

I believe the intent of LGPL was to have free LGPL versions of libraries where only popular non-LGPL libraries existed before. Any changes made to LGPL source code must be released under the usual LGPL/GPL guidelines, i.e. you can't make changes to LGPL code, release it in your project, yet keep the changes to yourself.

>5. Conveying Modified Source Versions.

>You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions:

>[...]

>c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.

It seems to be the case here since, as the top comment by RraaLL says, they've included GPL-licensed JavaScript from uBO in their extension.

I’m not an expert in this sort of thing, so a more knowledgeable person may chime in.

@readers: Obligatory notice: Don't base your business decision on random internet comments.

I thought it was interesting that YouTube, in the midst of trying to crack down on ad blockers, allows ads promoting an ad blocker that is specifically claiming to evade that crackdown.

The affiliate networks (CJ, Impact, etc) are the ones who determine what attribution method to use, shopping extensions just comply. The vast majority of shopping sessions don't have any prior attribution and merchants fund all of these commissions (nothing is taken from a creator or a user). Yeah, it does seem like the codes Honey has have gotten worse in recent years, probably just a consequence of PayPal acquiring them and not giving it any attention (and layoffs). But the example MegaLag points out of finding a better code on a coupon website DOES THE SAME THING AS HONEY (overides the attribution).

So are there some problems with the affiliate industry? Probably. But calling Honey a "scam" seems completely unfair and lacks critical thinking. It's saved me thousands of dollars over the years.

and not just cut it off once, but cut it off forever

and as a bonus: cut it off for all other influencers too

> Pie Adblock: Block Ads, Get Paid

Really? Do people not understand how the economy works or something? Education failed so bad :(

What they did was out themselves as garbage humans, with laziness, antisocial grifting, disrespect for the law, and general unpleasantness at every possible level. It'd be difficult to be worse people without adding murder or violence to the mix.

> Get Paid to See Ads — Opt-in to see a limited number of partner ads and earn rewards.

> For Zeidenberg's argument, the circuit court assumed that a database collecting the contents of one or more telephone directories was equally a collection of facts that could not be copyrighted. Thus, Zeidenberg's copyright argument was valid.[1] However, this did not lead to a victory for Zeidenberg, because the circuit court held that copyright law does not preempt contract law. Since ProCD had made the investments in its business and its specific SelectPhone product, it could require customers to agree to its terms on how to use the product, including a prohibition on copying the information therein regardless of copyright protections.

https://en.wikipedia.org/wiki/ProCD,_Inc._v._Zeidenberg

A similar example would be using a GPLv3 licensed JavaScript library in a website. What it implies to other HTML/JS/CSS code is controversial [0]. The FSF actually believed that they should not be "infected" [1], and the legal implications may need to be tested in court.

[0]: https://opensource.stackexchange.com/q/4360/15873

[1]: https://www.gnu.org/licenses/gpl-faq.en.html#WMS

A system that tolerates bad actors like this will in time only have bad actors. It’s tolerated because it makes a large amount of money for a small number of people.

Their product is supposedly: install a FREE extension and you get discount codes applied for you at retailers when you check out.

It turns out they were able to be profitable by making themselves the affiliate every time you purchase something, but that's scammy because it's stealing from others who actually generated the referral.

But what other non-scammy business model could they have? There's basically no business model for what they're trying to offer that makes sense other than end-users paying for it.

1 - Because investors are now the customer. There is no incentive to solve a problem or provide a product for end-users, only to funnel money to investors. That is the business model. 2 - The attention economy is run entirely on deception. Without solving someone's problem, the best option is to keep their attention and prevent them realizing they don't need a subscription. Literally addicting people to notifications and scrolling.

Some aren’t and never will be without the deception and those companies just shouldn’t exist.

https://fee.org/resources/the-road-to-serfdom-chapter-10-why...

But can you be as profitable as your indecent, deceptive, scamming competitor?

If not, it won't matter how much of a goody-two-shoes you are. If the market sets the bar low, you either limbo or leave.

I'm deeply pessimistic about the future of open source. A lot of people are going to give up on it as it becomes clear that it's just free labor for SaaS companies and hustlers. That and I expect far more supply chain attacks in the future. I'm quite surprised there haven't been a lot more like the attempted XZ poisoning... yet. Or maybe there have been and we haven't caught them.

Edit: I forgot free training data for code writing AI. It's that too.

OSS is one of the Internet's last remaining high trust spaces. It'll be dead soon like all the others. The Internet is a dark forest.

I don’t see any incentives for decency.

Decency is as desired by society as “made locally.” Very few people are willing to pay for it and behaving that way he tremendous opportunity costs.

Breaking into someone's car and riding off isn't stealing, just disrespecting the concept of ownership.