Major Stylish add-on changes in regards to privacy - gHacks Tech News

Major Stylish add-on changes in regards to privacy

Stylish is a cross-browser add-on available for Firefox and Chrome, and browsers based on those, that allows you to install so-called userstyles in the browser.

These userstyles change the style of websites, e.g. the color scheme, interface elements, and anything else that can be done manipulating CSS more or less.

The owner of Stylish, the extensions and the web property that is a repository for userstyles, was handed over to a new owner back in October 2016.

The change caused issues with styles becoming corrupt due to a change in hosting companies, but nothing else changed other than that, and the issue has been fixed since then.

In "announcement to the community", Stylish's new owner Justin Hindman announces that he made the decision to partner up with web company SimilarWeb.

SimilarWeb is best known for its digital market intelligence platform. In other words, the company's main product is an analytics product.

Stylish privacy changes

The company provides resources, experience and data to the Stylish project as part of the cooperation according to Hindman's announcement.

SimilarWeb has a lot of experience with web products and offers much-needed resources, experience, and data including visibility into which are the most popular websites in each country, information that can help us decide which styles to create. On top of that, SimilarWeb sees the great value of the Stylish community, helping it to better understand the digital world.

A new version of Stylish has been released for Google Chrome in the past couple of days already. It includes SimilarWeb's market research panel which is enabled by default.

It is unclear what is being collected. The opt-out out option in the Stylish options refers to "determining user counts" only. I sent Justin an email asking for clarification, and will update this article when I receive word on the actual tracking that is taking place.

Update: According to Justin, the cooperation with SimilarWeb will bring value to Stylish. Plans are underway to work closer with the Stylish community, and get it more involved in the product. Justin is aware that the "real power of Stylish" lies in the community and its developers.

As far as tracking is concerned, anonymous information like which styles get installed or which sites visited get collected. This information powers some of the extension's functionality such as the ability to reveal styles to users when they visit sites in the browser. End

stylish privacy opt-out

The privacy policy is not clear as well on what is collected.

Opting-out will block the sending of anonymous data to "Stylish developers". One side effect of this is that Stylish won't reveal available styles through its icon when you visit Internet sites.

If you have updated Stylish to the latest version on Chrome, or installed the latest version, anonymous data is sent to Stylish.

Opt-out

To opt-out of this, do the following:

  • Google Chrome: Right-click on the Stylish icon in the address bar and select Options. Remove the checkmark from "Send anonymous data to Stylish developers for determining user counts". Confirm the prompt.
  • Firefox: The change is not part of Firefox yet. The last Firefox version available dates back to August 2016.
Summary
Major Stylish add-on changes in regards to privacy
Article Name
Major Stylish add-on changes in regards to privacy
Description
The new owner of Stylish announced that he partnered with web analytics firm SimilarWeb, and integrated anonymous data collecting in Stylish.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Anonymous said on January 4, 2017 at 9:05 am
    Reply

    Like for Menu Wizard I will not update, never again. Thanks Martin for the info.

    1. Hy said on January 4, 2017 at 9:18 pm
      Reply

      I know that Menu Wizard a little while back tried to add some kind of advertising, which I disabled. But what else is wrong with Menu Wizard? It must be quite serious if you’ll never update it again? I still use Menu Wizard, so I’d like to know. Thanks.

      1. Anonymous said on January 4, 2017 at 11:28 pm
        Reply

        “MENU WIZARD – Privacy Policy
        If user consent is given, this add-on will show advertising on web pages.
        In that case, the user’s browsing history can be accessed by a third party (ad network).
        This behavior does not extend to Private Browsing mode.

        ADVERTISEMENT DISABLED BY DEFAULT!

        Advertising only applies to HTTP
        Advertising is always disabled for HTTPS (banking pages, Facebook, Gmail, etc.)
        Advertising is always disabled for Private Browsing mode”

        @ Hy
        My politic is to never install an addon with that “kind of advertising” :(
        MENU WIZARD 2.01 has no privacy policy and it works perfectly with my browser., why I should update it?
        “which I disabled”? I was thinking reading the PP it was “DISABLED BY DEFAULT!” in capital letters??

      2. Hy said on January 5, 2017 at 7:13 am
        Reply

        @Anonymous: “”which I disabled”? I was thinking reading the PP it was “DISABLED BY DEFAULT!” in capital letters??”

        And so advertising must be disabled by default, as you quoted. It’s been a long time since I installed and set up this current browser I’m using, and so I don’t remember that that one particular add-on, Menu Wizard, had advertising disabled by default. I saw quickly when I looked in my Menu Wizard options “Advertising is disabled,” and I assumed (therein, the mistake) that I had disabled it myself. Thanks for letting us know that it’s disabled by default.

    2. Tom Hawack said on January 5, 2017 at 1:12 am
      Reply

      There’s no problem with the Firefox ‘Menu Wizard’ add-on, there’s never been. The only problem came from an illiterate user on AMO who didn’t understand that advertising was proposed and set as an option. As always ignorance is not a scourge as long as it is not accompanied by “the revolt of he who knows”, yelled most of the time.

      ‘Menu Wizard’ is free of front, back, side advertisement doors. It’s clean… and quite handy. Except for those who see malware everywhere when where it actually is is far enough to not ad imaginings to reality.

      1. Anonymous said on January 5, 2017 at 1:28 am
        Reply

        “There’s no problem with the Firefox ‘Menu Wizard’ add-on, there’s never been.”

        So why it was removed from AMO before the author makes change on his policy?

      2. Hy said on January 5, 2017 at 3:53 am
        Reply

        @Tom Hawack: Thanks, Tom! I remember the optional advertising proposal awhile back, and in mine it says it’s disabled, but then when I saw the post by “Anonymous” above I began to wonder: “Was there something else? Did I miss something?” Menu Wizard is a great, super-useful add-on, and I’d hate to have to stop using it. Thanks again for clarifying!

      3. Tom Hawack said on January 5, 2017 at 10:44 am
        Reply

        @Anonymous, “So why it was removed from AMO before the author makes change on his policy?”

        I don’t know, you tell me. Maybe the policy wasn’t sufficiently explicit about the advertisement option, be it off by default? I have no idea. But whatever, if I rather look at the traffic than at the lights before crossing the road, I check an add-on myself when I consider there could be ads, phoning home, suspicious activity.

        1- Download the add-on, unzip it, have a look inside;
        2- With uBlock Origin I’ve even modified default permissions in its whitelist:

        REMOVED from Whitelist : chrome-extension-scheme
        ADDED TO My Rules :
        chrome-extension-scheme * 3p noop
        chrome-extension-scheme * 3p-script noop
        chrome-extension-scheme * 3p-frame noop

        So add-ons themselves remain filtered by uBlockO. I never noticed any problem with ‘Menu Wizard’.
        There’s nothing in the code which would suggest a hidden activity.

        Life is tough for many of us, I don’t consider that because an add-on developer includes advertisement as an opt-in option it means his add-on is craps. As long as things are clear and that the policy is opt-in, where’s the problem? After that, two possibilities: 1- the author is a wise guy, yet honest, who plays the violin to make a few extra bucks for his Saturday nights’ beers, either he has a family and really needs money. In both cases, as long as there is the option within an opt-in it’s not a problem for me.

      4. Anonymous said on January 5, 2017 at 12:18 pm
        Reply

        @ Tom Hawack: The reason was clearly a problem with the privacy policy, same thing happened with S3.Google Translator which was removed too when the author decided to make gain with advertising. He complained to Mozilla, on his page he even given his own interpretation why. Interpretation deleted apparently, I no longer find it?.. Thank you for your advices and tips but as non techy Firefox’s user like you I prefer to remain cautious and stick to my habits.

      5. Tom Hawack said on January 5, 2017 at 12:49 pm
        Reply

        @Anonymous, maybe you’re right. The eternal problematic of the principle of caution, either excessive and you miss the good either insufficient and you face the bad.

        ‘Menu Wizard’ as well as ‘S3.Google Translator’ are on-line at AMO, both state the same privacy policy. I was unaware of the debate between the developer and Mozilla, I understand it was more of this privacy policy being explicit or not than of the code itself. Whatever, as of today, now, this privacy policy is clear, both add-ons have been reviewed and accepted by Mozilla and, as far as I’m concerned with ‘Menu Wizard’ (I don’t use ‘S3.Google Translator’) I see no suspicious activity of this add-on, even if I certainly would not opt-in for advertisement, especially now that I know a bit more of the background even if IMO life shows smoke even with no fire around (to paraphrase a French wording). I try to remain objective even if perhaps my analysis of probabilities includes an undetermined amount of subjectivity, which is the lot of ignorance.

        Hard to calculate a risk.

      6. Anonymous said on January 5, 2017 at 1:36 pm
        Reply

        @ Tom Hawack: You know maybe it was not only the privacy policy… if the author decided to turn off that feature “BY DEFAULT!” IN CAPITAL LETTERS!! maybe it was not by pleasure :) otherwise what was his interest to risk to afraid people for nothing if he was not forced?

      7. Anonymous said on January 5, 2017 at 2:39 pm
        Reply

        @ Tom Hawack: Also you should consider that Mozilla could have not the same judgment about what you find “clear” in that privacy policy, about acceptable “(AD NETWORK!)” or not for example, JMHO.

      8. Tom Hawack said on January 5, 2017 at 3:14 pm
        Reply

        @Anonymous, maybe we can agree on the possibility that a Firefox add-on developer *may* have had in mind the idea of advantaging his wallet within a sneaky add-on at first, got corrected by Mozilla (which did its job), and now proposes a totally non-ambiguous extension? :)

        What I mean is that, if the add-on once free of dialectical nuances is valuable then why refuse it on the ground it may have been slightly less at its beginning? We all make mistakes (that includes dishonesty) and condemning for eternity anyone who has failed doesn’t meet my moral as well as my intellectual agreement : if, now, the add-on is OK then it’s OK for me. I’m not going to stone anyone, present and future must prevail, IMO of course!

      9. Anonymous said on January 5, 2017 at 3:45 pm
        Reply

        @ Tom Hawack: Its ok for me now. I agree with you of course, anyone can make an error at first, proof I continue to use Menu Wizard 2.01. I do not think it will be the same for Stylish unfortunately.

      10. Tom Hawack said on January 5, 2017 at 4:12 pm
        Reply

        @Anonymous, Stylish for me, for many of us would have a great impact should its new code be worth a veto in the user’s mind. I know that here it’s absence would considerably impact my use of Firefox. Nevertheless, if neither an opt-in nor an opt-out be available (which is not the case regarding the Chrome extension as I read it above), and should this most valuable add-on prove to have added non-avoidable tracking features then no doubt, not one, that I’d stop using it. But that’s a lot of “if”s.

        Martin often mentions the mouse and cat scheme to describe the discontinuing relationship between antagonists of the Web. How not to subscribe to this established fact? Hence, Tom & Jerry, let’s keep ’em Mighty Mice part of our hopes! We may never beat them but they’ll never beat us!

        Till then, wait’n’see.

      11. Anonymous said on January 5, 2017 at 5:55 pm
        Reply

        @ Tom Hawack: Waiting is something easy, seeing is something more difficult. For example on the Chrome Store I was incapable to find the Stylish Privacy Policy, on AMO this so important thing is easy to find, to read. When I think Firefox’s users will go there to find millions of WebExtensions I have a “pensée” for them.

      12. Tom Hawack said on January 5, 2017 at 6:59 pm
        Reply

        @Anonymous, you mention a “pensée” for them, “pensée” like “pansy”, the flower? That’s very kind of you :)
        Joking. Nice to perceive French thoughts, and words. French touch, taste, excellency, modesty. All that makes us not far from the best, of course.

  2. Tony said on January 4, 2017 at 10:39 am
    Reply

    Another great extension gone downhill. What a shame.

    Maybe a good fork will come along, much like AdBlock Edge was a great fork of AdBlock Plus.

    To my knowledge, the Stylish developer is not responsible for creating styles; volunteer coders (myself included) have been doing this work.

    The excuse of “help us decide which styles to create” does not seem believable to me.

    1. Heimen Stoffels said on January 4, 2017 at 10:46 am
      Reply

      He may not be responsible for it, but that doesn’t mean he isn’t intending to write them. Maybe he knows how to code and is willing to create styles based on user input.

      1. Tony said on January 4, 2017 at 12:11 pm
        Reply

        Maybe, but we’ve seen this before, and it wasn’t pretty.

        What would those styles do? Simple analytics and telemetry won’t tell him anything about what the styles should actually accomplish.

        It needs to be fully disclosed if there is money or anything else of value changing hands as part of this deal.

    2. Nel said on January 4, 2017 at 1:55 pm
      Reply
    3. Mikhoul said on January 6, 2017 at 3:56 pm
      Reply

      Justin Hindman just bough Stylish to make money he don’t really care about users or style devs.

      I’m pretty sure he never used stylish before Sept 2016…

      IMO He will ruin the “Stylish brand” very quickly… Time to fork it and host the forum and styles on another independent host.

  3. Earl said on January 4, 2017 at 10:42 am
    Reply

    This is nothing compared to the functional changes made to Stylish recently that have made it harder for style authors to develop and manage styles. It may no longer be worth using at all based on this loss of features alone.

    1. Tony said on January 4, 2017 at 12:09 pm
      Reply

      What functional changes are making it harder?

      1. Earl said on January 4, 2017 at 11:53 pm
        Reply

        Visit the forum at userstyles.org–there are several discussions about features being removed (some restored, sort of, in the latest release). The people who actually create styles are not happy.

  4. Dave said on January 4, 2017 at 11:11 am
    Reply

    It’s worth noting that the previous custodian of Stylish wasn’t the original author (and hardly did much good while in control). I’m not even sure he has the rights to transfer control to someone else. Maybe he does. Who knows?

    I guess I’ll take my styles off the website and host them elsewhere. I remember when internet projects were largely altruistic, but things aren’t like that any more.

    1. Earl said on January 4, 2017 at 11:59 pm
      Reply

      The “previous custodian” was the original dev–Jason Barnabe (np). So who might you be referring to?

  5. Peter said on January 4, 2017 at 1:26 pm
    Reply

    aaaand it’s gone.

  6. Brat said on January 4, 2017 at 2:20 pm
    Reply

    ” Following this partnership, Stylish users will be joining SimilarWeb’s market research panel. However, I understand that not all Stylish users would like to do so. That’s why I’ve made it easy to opt out of from joining the panel, straight from the Stylish Settings page. ”

    Money is definitely involved. It’s funny how the new owner tries to hide the likely fact that he actually acquired Stylish IN ORDER TO make money from users data. Reading him feels like eating low grade marketing language filled with non-sincerity and faked enthusiasm towards the great users and great product created by someone else and which we’re definitely not going to milk as much as we can, promise.

    Only time will tell whether or not the new owner behaves. Chances are that advanced users that care about privacy will be able to use Stylish without leaking data, but there are about 2 millions people using Stylish, so that’s a lot of milk either way.

    I don’t use Stylish so it doesn’t affect me, but a fork is in order IMO. If the important part is user-made styles, the landscape sounds similar to that of adblockers where many extensions use the same lists. A fork would fit well in there.

  7. Justin Hindman said on January 4, 2017 at 2:23 pm
    Reply

    That sucks. Uninstalled.

  8. Dan82 said on January 4, 2017 at 3:50 pm
    Reply

    Just a warning: this is (at the moment) limited to the Chrome extension. If you don’t opt out, this can be a serious privacy concern on par with that of the recent Web of Trust debacle. Although the extension wouldn’t need to send more than the domain names of websites you visit (even that many users would be uncomfortable with), the data transmitted contains in fact the FULL LINK of every page that is accessed. This includes all get-variables present in the url. Someone has shown a screenshot of that which can be found somewhere in the Stylish forums. I don’t have it on hand at the moment and am not a Chrome Stylish user anyway, but it did catch my attention while browsing through the forums yesterday.

    1. Brat said on January 4, 2017 at 3:59 pm
      Reply

      Sending GET parameters is awful, I’m going to assume this is going to be fixed.

      Leaking just the site address is very bad, the full link is terrible, but adding in GET parameters is almost malicious, so it can only be an oversight, I hope.

    2. Dan82 said on January 4, 2017 at 4:02 pm
      Reply

      Just looked the post in question up on their forum, see this link: https://forum.userstyles.org/discussion/comment/109446/#Comment_109446

    3. Pants said on January 4, 2017 at 4:53 pm
      Reply

      this one perhaps: https://forum.userstyles.org/discussion/comment/109446/#Comment_109446

      Seriously, it’s gone from my portable chrome and iron, and I hope someone forks it, especially if ANY of this crap comes to the FF addon (I don’t care too much about userstyles.org, as almost all my styles are custom coded by myself, but as in the Chrome version, it doesn’t even show your non-userstyles.org ones). Also .. ughhh, those chrome images in that thread look hideous (eg can only see two styles because HUGE images etc).

      Time to find something else… (in the meantime I can stick with the latest FF version) … I can not and will not trust Justin or this extension again… tampermonkey is one name I remember

  9. pd said on January 4, 2017 at 4:28 pm
    Reply

    Time for a fork / alternative to rise from the ashes.

    Congratulations to Mr Hindman. You seem to have just outed yourself as a bullshit artist of the highest order! You’re on your road to president!

    1. Mikhoul said on January 6, 2017 at 4:20 pm
      Reply

      👍👍👍👍👍👍👍👍👍👍

  10. Matt said on January 4, 2017 at 5:06 pm
    Reply

    Use stylebot.

    https://chrome.google.com/webstore/detail/stylebot/oiaejidbmkiecgbjeifoejpgmdaleoha?hl=en

    Copy the userstyle’s CSS into stylebot and you have an instant stylish replacement.

    1. Dan82 said on January 4, 2017 at 8:10 pm
      Reply

      Thanks for the tip, I’ve been trying it out now since the extension was unfamiliar to me before now. Sadly it doesn’t appear to work nearly as well or comfortable as Stylish. My reasons?

      *) It seems to swallow the “!important” declaration in my CSS code, which is necessary in a number of cases and thus it immediately disqualifies itself as a viable alternative.
      *) The in-tab live preview is nice, but if you add a style from within its options page, you need to reload the page because unlike Stylish, it does not inject/update the CSS whenever a style is created/saved.
      *) There is no way to combine select CSS code with different matching criteria in one style (ie apply one part on http://www.xyz.com and the other on abc.xyz.com), so you may need to create separate styles for every common block.
      *) The list of saved styles is awful in its usability. Not only is there no way for a user to sort the list (by default it is sorted by its change/create date descending), but in the case of longer url matches, this title is cut off and it is impossible to distinguish between those split-up styles for the urls from the same domain.

      All in all, while this extension was worth checking out, it really has very few features that would make it useful to an advanced user or content creator. It’s probably better to downgrade to an earlier version of the extension in the meantime. There doesn’t exist a fork like that on the chrome web store, but there’s another way of adding an old Stylish version to your browser. Maybe Martin might want to keep that in mind if he ever decides to do a list of alternatives for those privacy-minded people that are keen to look elsewhere.

    2. Andersen said on January 6, 2017 at 10:45 am
      Reply

      Stylebot not updated for 4 years. Don’t hope any fix or new features. And how it will work in next Chrom* just counting down.

  11. Corky said on January 4, 2017 at 8:37 pm
    Reply

    With Stylish being open source isn’t someone just going fork a version with the SimilarWeb market research code removed? Or am i missing something.

    1. Andersen said on January 6, 2017 at 10:54 am
      Reply

      Judging how many fail attempt to replace Stylish either open source or not. Maintaining this kind of extension seem a major PITA. Fund is only one of it.

  12. Jonnyredhead said on January 5, 2017 at 1:22 am
    Reply

    Could one of you clever fellows please figure out what is being sent to ‘SimilarWeb’, and then create a Ublock Origin rule to use. That would be good to have.

    1. Pants said on January 5, 2017 at 9:21 am
      Reply

      AFAIK … just from reading … every time you load a webpage, stylish will check with userstyles,org if a style exists (if this is kept or monetized is moot) – THE problem is that this is basically harvesting EVERY site visited. The proper way to do it is to allow the end user to click ” check is this site has a style” rather than do it for.. bah

      If you don’t allow XSS by default you should be ok .. AFAIK

  13. gorhill said on January 6, 2017 at 5:55 pm
    Reply

    > As far as tracking is concerned, anonymous information like which styles get installed or which sites visited get collected.

    Sounds like “tracking browsing history” in so much words. I installed Stylish (v 1.6.3) from the Chrome store to investigate. I did not install any user styles. I went to the front page of Hacker News, and the Network tab in the dev tools of Stylish showed a POST to “https ://api.userstyles.org/tic/stats” (I added a space in URL to prevent URL parsing). I randomly clicked on a link on the page and another POST was made to “api .userstyles.org”. I manually entered the URL of the page here in a new tab and another POST was made to “api .userstyles.org”.

    I then looked at the data sent in the POST. It is a two-pass base64 encoded data, and the data sent is as follow:

    vmt=1.6.3
    lav=21
    wv=1
    gr=chrome
    di=541
    pxe=[a unique identifier reused for each page visited]
    knl=https%3A%2F%2Fnews.ycombinator.com%2F
    gp=http%3A%2F%2Fmattwarren.org%2F2016%2F12%2F12%2FResearch-papers-in-the-.NET-source%2F
    ver=https%3A%2F%2Fnews.ycombinator.com%2F
    st=1483716982098
    ch=9

    Notice the unique id (pxe) and the browsing data, i.e. the URLs navigated to (gp) and from (ver).

    So yes, Stylish can now build a profile of your browsing history. The two-pass encoded base64 is something I have seen elsewhere in other such extensions with tracking ability, for example with Web of Trust and Popup Blocker. There is no other purpose than a silly attempt at obfuscating what it is doing. Any rationale to explain this attempt at obfuscation will be pure BS (there is no valid reason AT ALL to encode twice base64 — so the only explanation left is “let’s not make it *too* obvious what we are sending”).

    When I un-checked the option “Send anonymous data to Stylish developers for determining user counts”, the extension ceased to send the browsing history.

    It must be noted that the information sent is by no mean anonymous, because of the unique user id in each POSTed request, and on top of this by sending data to “api .userstyles.org” server, the server will be able to match your IP with the data sent (your browsing history). But regardless, even if using a VPN, the POSTed data still identify you through the unique id (very bad — defeats the purpose of using a VPN as a mean to enhance anonymity).

    The manifest shows that the extension contains hook for Google Analytics (this fulfills the “user counts” explanation). However I see a “object-src ‘self'” content security policy, and I question this: this gives the extensions the ability to embed plugins in its own code[1], though through a quick glance I can’t see any file as of now in the extension itself which could be loaded as a plugin.

    > This information powers some of the extension’s functionality such as the ability to reveal styles to users when they visit sites in the browser

    So things to keep in mind if you are eager to believe the above explanation from Stylish representative:
    – the attempt at obfuscation (no valid reasons whatsoever).
    – the unique id “appUniqueId” (no valid reasons whatsoever).
    – the full URL visited (could be just the hostname and only on 1st visit + possibly a user-initiated update manifest in case new user styles become available for a specific site already visited.)
    – the full referrer URL (no valid reasons whatsoever).

    All these are not necessary for the official stated goal — and of course the worst is that the claim that the data is anonymous is false. If the will to not collect browsing history was really genuine, the extension would have been written in a very different way to accomplish the stated goal.

    My advice is if you *really* need that extension, disable the option to send supposedly anonymous data — so far, as of writing, it seems it does what it says. Unfortunately as is too often the case, the default is not pro-user i.e. not opt-in so a lot of people will end up having their browsing history collated (even if using a VPN).

    ***

    [1] https://www.w3.org/TR/CSP2/#directive-object-src

    1. Tom Hawack said on January 6, 2017 at 7:39 pm
      Reply

      Well, thanks a lot, gorhill. Detailed and relevant analysis.
      1- Opt-out : no data sent;
      2- By default, the user is tracked with non-anonymous data collection.
      1+2 : behavior of a jackass company who knows the limits (opt-out) and imposes itself until that limit (tracking with ID)

      Stylish definitely needs to be forked and the new owner to be forgotten.
      Some companies still haven’t understood that users are fed up with tracking practices and that some talented coders are fortunately active.

      Many thanks, gorhill. I’m sure we’ve all read you loud and clear.

      Side-note : I’m wondering why the updated add-on is not yet made available for Firefox. Would Chrome be considered as a testing zone?

      1. Ikari said on January 6, 2017 at 8:05 pm
        Reply

        If the opt-out truly works and KEEPS WORKING it could be fine, but only if the owner was absolutely transparent about what is sent exactly.

        I personally don’t want such an add-on to ever reach my browser, and don’t want this type of code to spread throughout the add-on base.

        But nowadays companies don’t even provide a working 100% opt-out, so when I see one I tip my hat. Even though I acknowledge that for everything else related to this news, distrust is all that the new Stylish owner and SimilarWeb deserve.

      2. Tony said on January 6, 2017 at 10:24 pm
        Reply

        Mozilla, in my opinion, is MUCH better than Google in preventing this type of bullshit from happening in their ecosystem. After all, Google is likely the biggest data collector in the world, and even got in big trouble for driving around the planet collecting WiFi traffic (not just SSID’s).

        It’s possible that the new owner submitted the new version to Mozilla, who promptly rejected it.

      3. Geno said on January 7, 2017 at 11:02 am
        Reply

        A Mozilla add-on reviewer said Stylish didn’t submit the add-on yet. He said Mozilla doesn’t accept that kind of behaviour by default but I’m not sure I understood this correctly. See the Web of Trust issue, wasn’t that on by default ? Can’t remember.

        Mozilla is better at this than other browsers and demands a privacy policy, but I’m not sure that they’ll have Stylish tweak the add-on. Wait&See I guess.

      4. flash said on January 8, 2017 at 10:22 am
        Reply

        @ Geno : The difference in the Web-of-Trust case was, that the user installed the Web-of-Trust extension because and not in spite of the functionality (which collected data definitely useful for tracking). It wasn’t the tool’s feature set that led to it being removed from add-on stores. Only after their exposure in a news article claiming they sold their collected user data did that happen. Prior to that event, the extension and the company behind it were actually regarded as positive due to the service they provided.

        @ Ikari : Exactly, if the opt-out “keeps working”. That’s the whole reason why I would not trust the Stylish extension on the Chrome web-store, because there is little trust left that it’s going to stay this way. In addition you have little to no control to stop a Chrome extension from updating itself. There have been more examples than I could count, where undesirable settings are mysteriously reset after an update of some piece of software. I wholeheartedly agree with gorhill. The kind of data that is being submitted is several magnitudes beyond what would be required to maintain the new functionality of the extension (which to me is unnecessary anyway, because on the old version of the extension, one single additional mouse-click was all it took to achieve the same, but without any of the invasive user tracking). Add in the new owner and his admitted connection to a company that would use this kind of user data to their own commercial advantage. Suddenly the whole thing seems disingenuous and you have to ask yourself: “what do they need all this data for?” Everyone should draw their own conclusion from that.

        I for one was deeply disturbed by this, because in my browser the extension updated itself and I only noticed this after I was about to create a new user style for myself. Once I saw the horrible new popup menu, I went to read on their forums which has already provided me with plenty of criticism by other users, but it also led me here, where the problem was looked at more closely. This “new” Stylish has just been removed from my computer and I’ll never trust it again. For now I’m using an old pre-tracking version from Github, but maybe it is going to get forked, as I always had the impression that Stylish was in rather wide-spread use.

    2. ID said on January 6, 2017 at 7:49 pm
      Reply

      Not really infact, many thanks gorhill.

      Anomymous

    3. Dingler said on January 6, 2017 at 8:17 pm
      Reply

      Thanks for the awesome input, gorhill. I appreciate your work.

    4. Anonymous said on January 6, 2017 at 10:40 pm
      Reply

      “Mozilla, in my opinion, is MUCH better than Google in preventing this type of bullshit from happening in their ecosystem”.

      @Tony: much better for how long… with “their” WebExtensions the Chrome Store will be a large part of “their ecosystem” soon.

      1. Geno said on January 7, 2017 at 11:06 am
        Reply

        Should not be a problem. The add-ons should still have to be submitted to Mozilla for code review and be accepted or denied or Privacy Policed or whatever it is Mozilla requires through its manual reviews.

    5. Martin Brinkmann said on January 7, 2017 at 8:25 am
      Reply

      Gorhill, others have thanked you already, but I want to thank you personally for coming here and posting insightful comments. You have probably a lot on your plate with uBlock development and such; coming here and posting information shows what a great guy you are. Thanks!

    6. Sofa said on January 11, 2017 at 8:08 pm
      Reply

      “for example with Web of Trust and Popup Blocker.”
      what popup blocker? which one to avoid?

    7. Rick A. said on March 10, 2017 at 11:50 am
      Reply

      @Gorhill – i just wanted to say that you’re awesome and i appreciate everything you do for uBlock Origin, uMatrix and the users of those great add-ons. You’re appreciated by MANY. Oh, and thank you for the analysis of this lying and tracking add-on.

  14. Tony said on January 6, 2017 at 10:29 pm
    Reply

    In addition to previously-mentioned StyleRRR, there is an extension called FreeStyler that people might like. Here are the URLs:
    https://addons.mozilla.org/firefox/addon/freestyler/
    https://addons.mozilla.org/firefox/addon/stylrrr/

    I have no affiliation with these extensions.

  15. Paul B. said on January 7, 2017 at 5:28 am
    Reply

    I’m convinced the purpose of the new menu is to drive traffic back to the website, for the purpose of ad clicks and to sell styles. I envision the new userstyles.org to be modeled as an app store. The extension and its supporting site will be almost completely monetized.

    The way it was done is most galling. The usability of the toolbar menu was virtually destroyed, and it immediately became basically an ad frame for styles. At this point the styles remain free, but I think that will change.

    Barnabe and Hindman have the right to do what they want with the extension, but I find it helpful to understand what’s really going on. I’m confident a replacement for what once was a great extension will arise, because of the need. There’s a long history here, going all the way back to the fabled Proxomitron.

    BTW, thank you, gorhill, for that excellent analysis, and to whoever referred to it over in the userstyles.org forum.

    1. Geno said on January 7, 2017 at 11:14 am
      Reply

      User history in itself is worth money, remember Hindman partnered with a data analytics company. He gets money and technical backup from them in exchange for selling his users(‘ data).

      A paid app store for styles is unnecessary.

  16. Mikhoul said on January 7, 2017 at 6:47 pm
    Reply

    Here’s all the other options for Firefox:

    – userChrome and userContent: work pretty well, but require restarting browser for changes to take effect so there is no easy way to disable / enable / install styles on the go, and would be relying on your text editor for code completion / syntax highlighting.

    – StylRRR: Can style both chrome and content, is e10s compatible, can install styles from userstyles.org (uso), is really lightweight and lets you enable / disable styles on the go. But looks really ordinary, doesn’t have code completion / syntax highlighting and doesn’t support automatic updates for the styles installed from uso. Still very early days for the add-on; could evolve into something nice.

    – Website Theme Manager: e10s compatible and can install styles straight from uso. Can’t style chrome, has no code completion or automatic updates for the styles installed from uso. Again, early days for the add-on.

    – User Style Manager: always had more features than Stylish, including automatic updates from uso, but has been abandoned. Not e10s compatible, obviously.

    – Custom Style Script: same as Website Theme Manager, except can add custom JS too but can’t install from uso.

    – Generic CSS Loader 2: no longer in active development and was pretty basic, but didn’t require restarts for changes.

    – FreeStyler: It track you like Stylish

  17. Jonnyredhead said on January 11, 2017 at 11:50 am
    Reply

    This might be Justin’s wife (the new owner of stylish). I remember him saying his wife of partner was also working on the project and then this post below today.

    ‘natalieg’ post source: https://forum.userstyles.org/discussion/53233/announcement-to-the-community (near the bottom)

    “Hi Everyone,

    My name is Natalie and I’m the new Product Manager of Stylish. I’m happy to join the conversation and get to know you all.

    I understand there are several concerns about the future of Stylish and the types of information that are used. Let me give you a quick rundown of how it works: every time a browser navigates to a new page, the extension queries the servers for saved and available styles. The data collected includes the current, previous and referrer pages and for each new install a random user ID is created. All communication runs through https, to provide a layer of protection. The collected data is cleaned from PII in the client and server side, to make sure privacy is preserved and personal information isn’t used at any point. The only data that is ultimately used is the aggregated anonymized data that helps SimilarWeb create the counters of unique visits to certain websites.

    Regarding product features, some community members raised concerns about Stylish becoming commercialized and leaving its main audience – the style creators, behind. I can tell you that we consider you guys as our partners in continuing to improve Stylish. The first step I’d like to take in making sure you have a say in what’s happening is to create a beta group where versions of Stylish are shared with you before anyone else.

    Anyone who is interested in joining the beta group, send me an email to – [email protected] with the subject line – ‘Beta Group’. I’d like to reach a diverse group, composed of developers as well as users who are using styles created by others.

    Since building this group will take a bit of time, the upcoming version of Stylish will be released without a beta group, so we don’t delay the version I know you’ve all been waiting for.

    Feel free to ask me anything about our plans for Stylish.”

    1. Jonnyredhead said on January 11, 2017 at 3:10 pm
      Reply

      Some extra info from same source as above about users IP’s.

      “I’m glad you’ve asked about the IP, since I’ve read here several posts about it and it’s a good opportunity to explain how it works in Stylish. Immediately after we receive the IP (like any other server does) we only save the first 3 subnets of the IP so that no identification will be possible, or more accurately, identification will be extremely difficult. It’s important to understand that when we’re talking about the type of data used in statistical algorithms, personal information has no value and isn’t needed.”

      1. Tom Hawack said on January 11, 2017 at 3:25 pm
        Reply

        Thanks for reporting on this, JohnnyRedHead.
        All I can say is that I avoid add-ons phoning home, and not only for privacy reasons. I even dislike add-ons performing on each and every visited page an operation which can be decided by the user on a per-site choice. Add-ons, scripts the same. Even the OS itself! Beware of all those “terminate and stay resident” codes running everywhere from the OS to the applications to browsers themselves, beware of automated tasks when 90% of them use ram, cpu and often a user’s privacy.

        I’ll stick on Stylish at the express condition the opt-out of their crappy commercial home phoning, partial IP or not, is 100% functional. Otherwise : “RAUS” (means “OUT” in German, that’s what our German teacher used to say when one of us was too talkative, like me right now!).

  18. weritos12 said on January 19, 2017 at 7:15 pm
    Reply

    There is one thing New Firefox’s themes based on WebExtensions will be released.
    I hope user styles will be no need in future.

  19. Kate said on January 24, 2017 at 9:30 pm
    Reply

    Someone made a fork of Stylish called Osprey. On Github: https://github.com/JackCDK/osprey

    1. TomBosley said on November 8, 2017 at 10:23 pm
      Reply

      Thank you for posting this. Exactly what I was looking for.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.