It's OK to inject ads, but not OK to remove them, under Google's current policies.

> I feel like browser extension marketplaces are a failed experiment.

People rightly criticize all of the problems around vendor-lock-in and rent-seeking with platform app stores, but this is a good example that they do indeed provide some value in terms of filtering out malware.

The degree to which they are successful at that and add enough value to overcome the downsides is an open question. But it's clear that in a world where everyone is running hundreds of pieces of software that have auto-update functionality built in and unfettered access to CPU power and the Internet, uncontrolled app stores a honeypot for malicious actors.

Thanks for posting this. I think it's such a shitty thing to do. I don't have much of a problem if an original author wanted to do a closed fork of an open source project, but to start injecting ads, without warning, to folks who have already installed your generic JSON formatter and phrase it as "I'm moving to a closed-source, commercial model in order to build a more comprehensive API-browsing tool with premium features." - seriously, f' off.

I agree that browser extension marketplaces are a failed experiment at this point. I used to run security an a fin services company, and our primary app had very strict Content Security Policy rules. We would get tons of notifications to our report-uri endpoint all the time from folks who had installed extensions that were doing lots of nefarious things.

> went closed source and started injecting adware into checkout pages ... [and] geolocation tracking.

Maybe we should resort to blame and shame publicly this sort of actions. DDoS their servers, fill their inbox with spam, review-bomb anything they do. Public court justice a la 4chan trolling. Selling out is a lawful decision, of course, but there is no reason it shouldn't come with a price tag of becoming publicly hated. In fact, it might help people who are on the verge to stay on the ethical side of things (very ironically).

I'm just kinda joking (but wouldn't hate it if I was rugpulled and the person that did it got such treatment)

How did you "notice" a suspicious element in the inspector? Do you routinely look at the DOM?

Agreed with that. My main use of AI is just writing ultra minimal apps that are specifically tailored to my needs, instead of using a larger app(or plugin or whatever) that is controlled by a third party and is usually much more than I need, and doesn't exactly fit my needs, and requires ad hoc configuration.

I'm wondering when/if this is going to bite me in the butt