Chrome's Adblock Pro is a uBlock Origin rip-off
Adblock Pro is very popular ad-blocking extension for the Google Chrome browser with over 2.7 million users and 12500 mostly positive ratings on the Google Chrome Web Store.
If you install the extension and have used uBlock Origin before, you will immediately notice that it uses more or less the same interface as the popular extension.
The core difference is the Adblock Pro logo that is added to the menu when you click on the icon in Chrome's address bar, and the logo on the settings page.
If you dig deeper, you will notice that the about page is missing, but that all other interface elements are a one to one copy of uBlock Origin.
Adblock Pro
Raymond Hill, creator of uBlock Origin, left a review for Adblock Pro on the Google Chrome web store that highlighted this, and other interesting tidbits.
I am the developer of uBlock Origin.
This is essentially the same code base as an older version (circa 1.7.4) of uBlock Origin, but with Google Analytics hook added to the manifest. Note the absence of privacy policy.
Also, aside google-analytics.com, whoever is behind this extension added another Content Security Policy directive which should really not be needed (the ability to embed Flash objects in the extension code itself). I consider this suspicious.
Also, the maintainer of Adblock Pro apparently does not want users to find out that the code was taken from the uBlock Origin project, the "About" pane has been removed from the dashboard.
Just use the real uBlock Origin: you get a more up to date version (1.10.0 as of writing), without any analytic hooks in the code base.
If you compare the source code of both extensions, you will immediately notice that they share most of the code. The main difference is that Adblock Pro seems to use an older version of uBlock Origin than the original.
What more, the about page is still in the code of Adblock Pro, but it is not linked. It highlights that the extension is indeed uBlock Origin based. So, no attribution at all by the makers of Adblock Pro.
What weights more are Raymond's other findings. First, that Google Analytics code was added to Adblock Pro. This means that some level of logging is going on, and available on Google Analytics.
Raymond noticed that code was inserted into the Adblock Pro extension to "embed Flash objects" in the code itself which he called suspicious.
Closing Words
It may not be that surprising that a rip-off of a popular extension can gain lots of popularity. More than 2.7 million users compared to Ublock Origin's 6.9 million is quite the feat considering that it does not add anything original and is based on an older version of uBlock Origin.
As Raymond noted, there is no reason to use Adblock Pro at this point in time. Considering that it uses old code, has analytics integrated and the option to run Flash content, it is fair to say that using uBlock Origin is the much safer bet.
Now You: Do you use an ad blocker?
Adblock Plus Can not be faked because of their registered trademark https://adblockplus.org/blog/adblock-plus-trademarks
install ABP from https://adblockplus.org/
I noticed that uBlock Origin was updated today (12/19/2016) to version 1.10.4
I use UBO as its far better than the other crap thats out there!
UBO forever.
Thanks gorhill.
I trust uBlock Origin only.
Rather ironic seeing Martin using an Ad-blocker on his own site! :) (I turn mine off just for you Martin!)
I suppose those who download Adblock Pro on Chrome are confusing it with Adblock Plus that is available on FF. If these guys are as shady as they seem, the naming was probably deliberate. I can see how this would happen.
There should be a communications link (at least an email address) between Chrome and the extension developers whereby they can discus something like this. A developer should not have to leave a comment on the Google Store.
Looking at those reviews I’d say that’s pretty much astroturfing, if the development hadn’t stopped already for almost a year now. Assuming it does shady stuff in background, it should be reported imo, but I personally can’t see any report link (although using FireFox).
And two million users o.O I always wondered how do people end up with such obscure things installed on their systems..
Some clarifications/observations.
The Google Analytics hook added to the extension itself is quite certainly not to record “any activity”. My understanding (I never enabled the setting in Chrome store dashboard because that would make no sense given uBO’s stance) is to collect and make available analytic data to the author about the extension usage: who installed it (geo data), when is it in use, versions histogram, etc. I did not see the extension phoning home with a user’s browsing activity, and no such code to do this was added.
The real worry to me is the addition of a content security policy enabling the embedding of plug-ins in the extension code itself (this is not permitted with the default CSP of extensions). There can’t be no good reason for this — I find this sinister. That fact, paired with a little code snippet added by the author which purpose *appears* to be related to localization make me personally suspect it could be a way for the extension to inject the necessary HTML code to embed plug-in(s) in the extension code itself through entries in the localization files. It doesn’t seem to happen currently, and last time the extension was updated was in May of this year. If ever the extension is updated, the first thing to check is to find out if it makes use of the ability to embed plug-ins in its code.
Adblock Pro has been in the Chrome store since a very long time, even before uBO came to exist I believe, hence the sizable user base. It used to be based on Adblock Plus code, as noted by raymond.cc in its blocker benchmark in August 2015[1]. It may even have been based on AdBlock code at one point, but I am not sure, I just vaguely remember that a lot of the other blockers in the Chrome store were pretty much all based on either Adblock Plus or AdBlock code.
This means that uBO now as an established blocker, there will be more of these instances of blockers using its code base with no added value. There are other extensions which use uBO’s code base but with added value[2] and they do mention that their code is based onto that of uBO. I have no issue with this. It’s the ones doing what Adblock Pro is doing which is bad for users.
Adblock Pro is not alone by the way, someone informed me there is also “Comodo UAdBlocker”, another rip-off with no added value.[3] Despite the claim in its description, there is nothing improved in it, and the only changes was to remove all localizations except English, rename a global variable throughout from “µBlock” to “comodoBlock”, and is based on an even older version of uBO.
***
Note to @DarthTheme: I am not crying, I am warning users that there is no benefit from using such rip-off based on old code, and with no added value, and worst with unnecessary security holes added to them (the unnecessary CSP policy). You think I should refrain from informing users about this?
***
[1] https://www.raymond.cc/blog/10-ad-blocking-extensions-tested-for-best-performance/
[2] “Added value” as in “original work added on top of uBO”, not necessarily that I personally agree with what the extension is doing (i.e. Ad Nauseam).
[3] https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-99#post-2635616
gorhill, is it possible to report the extension?
Read: https://github.com/gorhill/uBlock/wiki/Why-don't-you-accept-donations%3F
Thanks Raymond for your insight. I have edited the Analytics paragraph to make that clear.
” Free. Open source. For users by users. No donations sought.
Without the preset lists of filters, this extension is nothing. So if ever you really do want to contribute something, think about the people working hard to maintain the filter lists you are using, which were made available to use by all for free. ”
Source: github.com/gorhill/uBlock
Next question is, where to donate to list maintainers. Leaving that up to you because I’m lazy and am not sure you are going to want to give them stuff.
@ Raymond Hill / Martin Brinkmann
I have been using uBO for nearly two years. It is a great extension.
There is one problem however. I cannot find a link to donate to Raymond in appreciation of his work.
If there is a link can you post it here (PayPal preferred). Thanks :)
The developer of uBlock Origin shouldn’t have done their open source extension if he didn’t want your extension was copied. Now don’t cry
You must be an Adblock Pro user to be so dumb.
Good lord, you’re an idiot.
Clearly you have no idea how open source licenses work. So, do yourself a favor and stop pulling crap out of your mouth!
@ DarthTheme
So you will not cry when all open source developers turn open source into closed source to prevent the rip off of their software. Open source allows collaborative development to enhance products. Browse Github and see what collaboration means.
You are an idiot. G F A M
Who’s crying? Not Raymond Hill, the developer of uBlock Origin, anyway. But when another developer considers that open source allows him to copy an original code without providing the source, without enhancing it unless to consider that adding open doors to two well known and for the least arguable areas, Google Analytics and Flash, then it seems to me the developer of the original code together with us all are entitled to react. As MdN commented above, “Gorhill was pretty mild in his review, good self-control” : indeed, and this is far from crying.
OK, I understand the concept of open source and taking someone else’s work and improving it, and adding credit to the original creator. But this is everything open source should not be. Gorhill was pretty mild in his review, good self-control. I hope something can be done about it.
Luckily there are opposite examples too – when I was looking for a decent mouse gestures extension for Chrome I found crxMouse Gestures, but reading the reviews I saw someone saying that it sends some data somewhere, and that there is another one called “Clean crxMouse Gestures” available, so I got that one instead.
Yes, I use uMatrix now on all my browsers (though I visit gHacks with my phone occasionally and get a few ads). Used to be uBlock Origin, and uMatrix seemed so complicated, but after some learning and setting up I thought that one would be enough, though uBlock Origin is still installed. The only downside is that I wish I had something like this many years ago when I still had a slow computer and dial-up. :-)
That could not happen on Firefox since Mozilla does manual code reviews. Also mandatory privacy policy when there’s phoning home occurring.
And sure enough, there’s no Adblock Pro on addons.mozilla.org even though uBlock Origin is a top ten extension out there.
The question is, should Google remove the extension, should it pressure the author into adding credits and full disclosure through a privacy policy, or should it just ignore it, officially because of “free market” and actually because Google Analytics in an adblocker is valuable data to them ?
The answer will depend on how much of a scandal these news trigger, I guess.
Using Google Chrome with an ad-blocker is a nonsense anyway.
…and running Google Chrome with Adblock Plus is a double nonsense.
Completely agree, fellow anonymous. It isn’t just “ironical”, as another user pointed out or even nonsense: running an ad-blocker on Google’s data-mining machinery is like trying to to stave off a swarm of bees by jumping into a hornet’s nest.
It’s comical to see the mental gymnastics at play to justify the thinking here. User on Windows 10 machine (surveillance), running Chrome (more surveillance) using a Yahoo email account. Yeah… an ad-blocker is really gonna’ help here. This is hysterical!
“Completely agree, fellow anonymous. It isn’t just “ironical”, as another user pointed out or even nonsense: running an ad-blocker on Google’s data-mining machinery is like trying to to stave off a swarm of bees by jumping into a hornet’s nest.”
I second that. Seems ironical, doesn’t it?
“It’s comical to see the mental gymnastics at play to justify the thinking here. User on Windows 10 machine (surveillance), running Chrome (more surveillance) using a Yahoo email account. Yeah… an ad-blocker is really gonna’ help here. This is hysterical!”
That’s because the people doing the objecting here probably have a set-up as you described and feel indignant they they have been played for being the fools here. There’s no point about them lecturing everybody else about privacy when they can’t even do it themselves by using the most non-private tools out there.
Running an adblocker is still very useful even taking privacy out of the equation.
Running ublock origin gives you less bloated web pages, no annoying video ads, bettery battery life etc…
@MdN
A fraction of those who use adblockers do so because they are privacy-centric. Assuming someone is a privacy-centric user, them using any of Google’s services that have a 1:1 or close to 1:1 alternative is a lack of foresight. There’s more than one 1:1 alternatives to Chrome/Chromium, so, such a user using Chrome lacks foresight.
Some users use adblockers because they dislike ads and don’t care so much about privacy that they will bother parting with Google, even for those services easily replaceable like the browser.
Between the best privacy configuration (no idea: Linux with Tor?) and the worst (quoting you, maybe “Windows 10 machine […] running Chrome […]” there is a wide area filled by many choices, of the OS and of the browser among others. I believe that even — perhaps : especially! — in the worst privacy scenario ad blocking (generic term when it comes to blocking far more) is recommended. It’s not because paradise on Earth doesn’t exist that I should believe hell does. it always resumes to doing the best as possible on the basis of choices which may not be the possible best.
You know, not everyone is a computer expert, people try most often to do the best they can. Whatever our expertise level I guess it’s always better for everyone to give a helping hand rather than to focus on facts which may sound subversive even — especially! — if they point out reality. Without revolt and anger things would be worse than they actually are, but let them be constructive, free of demagogy, cynicism, hatred.
So let’s keep on using blockers, whatever our computing environment. It’s our right.
Proof?
I’m not a Google fan but… Google gets your data through reading your Gmail, Gmail of people you talk to, and cookies and scripts like googlesyndication, doubleclick, google-analytics, google fonts, gstatic, googletagservices etc, etc. You can pick them up or block them in any browser, even Chrome which is just a platform to bring you Google services, and you don’t need to use them. You can also blame a process called Google Update but that’s only Windows. As for the rest, any website you visit can be made to read more data about you than what Chrome is sending, and it can happen just by visiting it.
That makes no sense. Chrome with uBlock Origin works great. Explain the nonsense comment you made, please. You won’t because you’re an anonymous coward.
If God told me “Be Evil” while the Devil whispered “Be Good”, who would I listen to?
That’s when I wake up and answer to Anonymous (the authentic Anonymous not to be mistaken with fake ones) : yeah, we read that story about a former Google employee suing the company. It’s always been tough to work for dictatorship, you never know when you’ll get hanged, or shot, or even fired.
Even Google needs “anonymous” people!
https://www.theinformation.com/employee-lawsuit-accuses-google-of-spying-program
Don’t be evil…
It does make sense. And you’re anonymous too, genius. That name you typed means nothing. Please tell us your whole name and address to avoid hypocrisy.
To avoid insults time for gorhill to develop an anonymous blocker…
@Gary D, Anonymous is indeed he or she but it may as well be “them”…
Anyway, for those who wish to avoid being included in the bad reputation (here) of a or several users having omitted to provide their name which leads to “Anonymous” by default, or who chose deliberately “Anonymous” as their name, my advice : choose a name and avoid “Anonymous”. At least something like “Incognito”, just to change the flavor. That won’t mean the “bad” Anonymous won’t reappear under another name but at least it’ll be less boring :)
@ seeprime
Anonymous will not answer you. He (or she) keeps posting dumb comments on ghacks.
They are always either:
– off topic
– full of vitriolic crap about some software or other.
– total bulls**t like the one above.
People like Anonymous crave attention. Ignore them and they go away.
Maybe did Anonymous mean that when a browser is that of a company known for its advertisement policy, hence commitment, using an ad-blocker appears ironical? That’s how I felt it anyway! Even if I disagree as fighting back is always better than showing the other cheek (sorry, I shouldn’t say so, I get to loose some fundamentals of my education!).
Google as a major player in the field of making extensions available to the public should take immediate action & kick out this kind of extension, like it did with malware extensions in disguise.
Google does not care about the users. There’re many malwares in Google and Android app store because there’s no review at all when you submit something. (read popeye’s comment below)
I was stunned when I want to submit my extension, I need to pay to submit my extension. I’ve already paid for Android app store(developer account), why I need to pay for the Chrome also? It does not makes sense. The reason for the fee was for security but there’s no review process at all, I can agree if the fee will be used for the reviewer’s salary. Just look at its rivals Firefox, Opera, and Apple(ios).
Sorry a bit rant
This is a shame, a shame for the developer(s) of Chrome’s Adblock Pro extension. Unfortunately this is the lot of successful extensions as well as applications, as well as articles, as well as everything, everywhere : plagiarism. But in the case of this ‘Adblock Pro’ for Chrome, as mentioned in the article, not only is the code copied from an older version of uBlock Origin, it moreover introduces open doors to Google Analytics and Flash.
Now we have to see if Raymond Hill’s review for Adblock Pro on the Google Chrome web store will be read and understood by users.
The morality is, once again, that you have to strive to find quality and authenticity and not rely on what “others say”. We know that for advertisement, we know it for Web applications, and since recently we even know it for journalism. No sheep, no shepherd. It all comes to a personal choice, between freedom and a sheep’s slavery.
Let’s not be coy and beat around the bush instead of calling a spade exactly what it is. This is theft, plain and simple, not just merely “a shame”.
But of course greedy Google won’t delete this rip-off extension. Why would it? It’s popular and delivers even more data to the mothership, so all’s good in Google ga-ga land…
Let’s call a spade a spade and not beat around the bush unnecessarily. It’s theft, plain and simple, not merely “a shame”. Damn thieves should be fined by Google. At the very least Google should delete the rip-off extension forthwith, but I bet they won’t. It’s quite popular and most likely that’s all greedy Google ever cares about.