top | item 46976996

(no title)

Rygian | 19 days ago

While assuming absolutely zero bad will on your part, I would nevertheless find it fair if you were legally on the hook for whatever happened after the sale, unless you could prove that you provided reasonable means for the users of your extension to perform their due diligence on the new owner of the extension.

This is of course easy to say in hindsight, and is absolutely a requirement that should be enforced by the extension appstore, not by individual contributors such as yourself.

discuss

deanc|18 days ago

I wouldn't find that fair at all. Bad actors should be legally responsible for their bad action. If I sell you a taxi business, and then all of a sudden you decide to start robbing the customers - it's not my fault is it? And just to be clear, I had no idea if my extension was used for nefarious purposes, but in hindsight it probably was.

Rygian|18 days ago

Customers were sold[1] a lifetime subscription to Honest Guy's taxis, and then Honest Guy does a secret deed to sell his taxi joint to Bad Guy[2] without telling any customer about it. Then customers start getting ripped of in all manner of ways, that some of them would have known to avoid if they knew their taxis were being run by Bad Guy.

[1] Of course, the issue here is that no contracts were signed.

[2] In the specific case I was replying to, there was no malice or intent to hide from you as seller. Yet, a better outcome could have been achieved by advertising the sale to those impacted.

I don't think there is any legal support for what I describe above, but in principle whenever a user signs up for Good Thing, and then gets baitswitched to Evil Thing, the main victim is the user, and it is fair to hold responsible everyone involved in the bait-and-switch maneuver.

unknown|18 days ago

[deleted]

Chris2048|18 days ago

No, how it should work is each extension is associated with a private key that is registered with a specific individual or legal entity and implies some kind of liability for anything signed with that key - and if/when the key changes (or the associated credentials), users will be explicitely alerted and need to re-authenticate the plugin.

If the old owner gives their key to the new owner, then they should be on the hook for it. I was thinking of this yesterday, as I think this is also how domains should work.

dragonmost|18 days ago

How does this safe guards against having the extension under a company and selling that company off. Still the same entity, different owners, different "incentives".

eli|19 days ago

How would that even work? What if the seemingly clean buyer sells it to someone else scammy?

Rygian|18 days ago

Disclose the sale to the users of the thing being sold. Plain and simple.