2MuchMark

Actually I started because TheLegacy asked me to. He wanted to install it and asked me if I should. I decided to check it out and help him initially, then sent him a private email telling him what found that the software did. He then posted the email here which I really wish he didn't do, but oh well...

Besides that, I don’t investigate every piece of code posted here, but I look more closely when all three of these things are true at the same time:

1) The software is being actively promoted to the whole community. This wasn’t “here’s a script if anyone wants it.” It was positioned as “for GFY”, repeatedly encouraged for adoption, with install instructions pushed hard, right out of the gate.

2) It requires elevated trust. A browser extension isn’t a snippet you paste into a page.
You’re asking people to install software that runs inside their browser, can see page content, and can update behavior based on remote data. That’s a much higher trust bar. A few years ago I hired by a big US/Canadian company who had been hit with Ransomware to join the team to secure their network, scrube their PC's discover the source, etc, and Browser Plug-in reviews was one part of that process.

3) It was easy to do. The explanation and details took longer to write than the actual work.

That combination matters regardless of who wrote it. If anyone else had posted the same thing in the same way, I would have said the same thing.

Also worth noting: the issues weren’t hypothetical. Pheer/Mindi said himself that they were acknowledged and fixed afterward here in this post. Is the new current version is materially safer than the original? Dunno, I'm done, but you should ask him.

This wasn’t that much about personalities or history. It was about software that people were being encouraged to install, and whether it was designed safely at the time it was offered.

I hope you aren't mad at me. If you are, then sorry....

Cheers.

m