Time to remove Nano Adblocker and Defender from your browsers (except Firefox)
When Nano Defender was launched in 2019, it quickly became a go-to extension to bypass anti-adblocking mechanisms on Internet sites. It used code from uBlock Origin, one of the most prominent content blocking extensions, and users started to install the new extension in Chrome and other Chromium-based browsers.
One of the main differentiating factors between Nano Defender and uBlock Origin was that the former supported a reporting option to let the developer know about issues encountered while using the extension. A port for Firefox was created by another developer to cover all major browsers on the Windows platform.
Nano Defender has more than 200,000 users that installed the extension from the Chrome Web Store alone.
The developer of the extension revealed on the official GitHub that he decided to sell the extension twelve days ago to two Turkish developers.
Community members and Raymond Hill, developer of uBlock Origin, shared their thoughts on the deal and the fact that little information was provided. Gorhill suspected that the new owners main intention was to monetize the extension in one form or another, or do worse with it.
The new owners uploaded a new version to the Chrome store, and careful analysis of the code of the extension revealed that it contained a new connect.js file that did not come from the project's GitHub page.
Hill provided an analysis of the code and discovered that the new code allowed the developers to submit user activity and data to remote servers.
The extension is now designed to lookup specific information from your outgoing network requests according to an externally configurable heuristics and send it to https://def.dev-nano.com/.
Hill suggested that users uninstall Nano Defender / Nano Adblocker immediately to block data from being submitted to the new owners.
The Firefox fork of the extension was not part of the deal, and the maintainer of it expressed interest to rename it and continue maintaining it. All other versions of the extension, basically any for Chromium-based browsers, should be removed immediately. Users who want to be on the safe side should remove the Firefox extension as well.
ok guys time to act!
https://chrome.google.com/webstore/report/gabbbocakeomblphkmmnoamkioajlkfo?hl=en&gl=GB
report abuse to chrome!
at least don’t let this circle grow..
@ali_Good on you! I just reported it.
Thanks Ali, Just did keep the circle grow by 1.
[https://chrome.google.com/webstore/report/gabbbocakeomblphkmmnoamkioajlkfo?hl=en&gl=GB]
Does not work with Firefox, reporting needs a chromium-based browser.
Also done. A shame as it had been my go to ad block extensions.
done
we did it guys we did it!
You are all my hero. Thank you for reporting the app. Chrome auto-removed it, I googled, and found this article. Thank you thank you.
Thanks for this update, Martin!
The Firefox port maintainer first said he would stop his work, then changed his mind and is thinking about renaming it after a separation from the sold Nano branch.
There’s still too much up in the air about Nano on Firefox to know which way to go. One thing to keep in mind though, uBlock Origin has caught up a lot over the years and now maintains their own list with anti-adblock fixes, if word of it reaches the ears of the list maintainers.
This may not be as comfortable as with the Nano branch, but posting on reddit to /r/uBlockOrigin/ and mentioning your issue isn’t that complicated a process for end users.
This, this is a perfect example of why I always check out this website every day! Thanks, Martin.
think thats a great cover up on the current status of the firefox port from LiCybora:
https://github.com/LiCybora/NanoDefenderFirefox/issues/187
A dick move from a dick developer. I had a discussion with him on github long time ago and I have to say I’ve never met anyone so selfish and rude before on github.
why would you use nano over UBO anyway.?
Makes no sense.
Mainly it’s the combo of adblocker and defender which ubo hasn’t. You can use defender with ubo but have to do a little configuring yourself rather than it just working. I seem to remember some of the default general setting being different too.
@computer said no… The reasons why were explained here:
https://www.ghacks.net/2020/07/05/behave-for-chrome-and-firefox-warns-you-of-port-scans-and-local-attacks/#comment-4467393
The Nano extensions were referenced in connection with Brave, but the advice would presumably have applied equally to Chrome, etc.
@Steve R.
Indeed, the advice I gave there would have been equally applicable to Chrome or any other Chromium-based browser, not just Brave.
Nobody could have foreseen that the Nano Adblocker / Defender developer would sell out, back when I wrote this comment the two extensions had no bad track record whatsoever and could be trusted, needless to say this is no longer the case.
I’ll add another comment under the one you linked to, clarifying that Nano Adblocker and Nano Defender are no longer recommended for reasons laid out in this article here.
@Iron Heart
1) Can we just uninstall both Nanos from Brave and install Ublock Origin, or do we need to do some setting up to get equivalent of Nana Defender?
2) Concerning adding a another comment on the old post from 4 months ago, could you add 1 all-inclusive comment here (if it is allowed)?
@Anonymous
Yes, uninstall Nano Adblocker and Nano Defender as soon as possible, then install uBlock Origin as a replacement.
Nano Defender serves the purpose of evading anti-adblock scripts. There are other uBlock Origin-compatible lists which achieve the same thing:
Adblock Warning Removal List (hit “Subscribe†in order to subscribe):
https://filterlists.com/lists/adblock-warning-removal-list
Fuck Fuckadblock (hit “Subscribe†in order to subscribe):
https://filterlists.com/lists/fuck-fuckadblock
These two could serve as a replacement.
I am definitely planning to renew this post of mine with updated information (including the removal of the Nanos), but I am still waiting for an opportunity to re-post this that would not be blatantly off-topic on my part. Since Brave is underreported here, such an opportunity is yet to arise.
Hi. yes, it is true uBlock Origin as a replacement for Nano Adblocker. and the uBO Extra Extension as a replacement for Nano Defender.
Nano Defender Based on Code from:
Credits
Nano Defender uses open source code from the following projects (alphabetical):
reek / anti-adblock-killer
primers / octicons
uBlockOrigin / uAssets
gorhill / uBlock
gorhill / uBO-Extra
Note: I am citing a list from the GitHub page of jspinguin2017 / uBlockProtector.
@Reno Sifana Paksi
uBlock Origin Extra seems to be abandoned, though. Last update was on September 9th, 2019, more than a year ago:
https://chrome.google.com/webstore/detail/ublock-origin-extra/pgdnlhfefecpicbbihgmbmffkjpaplco
https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/
Word! And also using chrome 2020 wtf?!
Thanks Martin. A couple of additions, if you don’t mind:
– There’s a ‘Nano Defender Pro’ version for Edge Chromium (https://microsoftedge.microsoft.com/addons/detail/nano-defender-pro/ijfkmnlofajajikjhfiigelipempcklj). Interestingly, I’m no longer able to search for it on the store, maybe it’s been flagged up to Microsoft already?
– To those who have originally followed the extra steps required to install Nano Defender alongside uBlock Origin (as opposed to Nano Adblocker), PLEASE UNDO THOSE STEPS.
Original developer still owns Edge store listing and he made it hidden himself because it won’t receive any updates. Only Chrome store ownership has been transferred so Firefox, and Edge for now, should be safe.
According to the github discussion thread, Microsoft have been notified about this development and they’re looking into preventing or warning Edge users from installing this extension via Chrome store.
Oh and it should be pretty obvious but neither Edge nor Firefox extension will receive any updates so there’s no point in having them installed.
Thanks Martin. I just have uninstalled them on all main browsers (Execpt Firefox 81.0.2).
Maybe a lessen when your selling your code that your standard have a contract signed where its stricly forbidden to tempere with the product.
Then no one will buy it. It’s easier to abandon it.
I can only concur with what the article says: UNINSTALL THOSE EXTENSIONS IMMEDIATELY!
I used to recommend Nano Adblocker and Nano Defender for quite some time, because both were good and capable extensions before the developer sold out. The dev should just have ended development, providing one last update notifying users of the EOL, instead of selling out and letting two once great extensions be turned into unmitigated spyware. An incredible breach of trust that has tainted the reputation of the former developer forever, if you ask me.
uBlock Origin is the logical replacement, and would be my suggestion. Next to removing Nano Adblocker + Nano Defender, also consider removing all of the following filter lists, if you have subscribed to any of them in uBlock Origin:
– Nano Contrib Filter – Placeholder Buster
– Nano Defender Integration
– Nano filters
– Nano filters – Annoyance
– Nano filters – Whitelist
These lists were also sold as part of the deal.
A shame.
Adding to that:
Please UNDO all the steps as described in the previous dev’s instructions: https://jspenguin2017.github.io/uBlockProtector/#extra-installation-steps-for-ublock-origin
@ShintoPlasm
Thanks for adding this, useful information for anyone running a uBlock Origin + Nano Defender combo. In this case, one should undo the steps you linked to in uBlock Origin, in addition to removing the Nano Defender extension itself.
Note to others: Reversal of the steps @ShintoPlasm hinted at is only required if you run a uBlock Origin + Nano Defender combo, if you run a Nano Adblocker + Nano Defender combo, removing both Nano Adblocker and Nano Defender will suffice.
Hi,
I use Nano Adblocker and Defender on Firefox, what should I use instead?
@Fais
1) The Nano Adblocker and Nano Defender extensions on Firefox were not affected, because the Firefox versions are being maintained by someone else, more info here: https://github.com/LiCybora/NanoDefenderFirefox/issues/187
The person maintaining the Firefox version is as sad about these ongoings as we all are. The maintainer of the Firefox versions has announced that development of Nano Adblocker will be put to rest on Firefox, but that he / she will continue to develop Nano Defender independently, possibly renaming it. So if you are on Firefox, you can keep Nano Defender and replace Nano Adblocker (which is abandoned now) with uBlock Origin.
2) Nano Defender serves the purpose of evading anti-adblock scripts. There are other uBlock Origin-compatible lists which achieve the same thing:
Adblock Warning Removal List (hit “Subscribe” in order to subscribe):
https://filterlists.com/lists/adblock-warning-removal-list
Fuck Fuckadblock (hit “Subscribe” in order to subscribe):
https://filterlists.com/lists/fuck-fuckadblock
These two could serve as a replacement, but as said, Nano Defender on Firefox can still be recommended. The Chromium versions of both Nano Adblocker and Nano Defender are malicious now.
for now your are safe:
read: https://github.com/LiCybora/NanoDefenderFirefox/issues/187
“These two could serve as a replacement”
Should I use both or just one of them?
@Damien
> Should I use both or just one of them?
Use both, there is no reason not to. I use both as well.
@Iron Heart: thanks for sharing those 2 anti-adblock links.
@Klaas Vaak
Semi-OT: Another must have list for me is the “I don’t care about cookies” list:
https://filterlists.com/lists/i-dont-care-about-cookies
Has served me well in fending off pesky EU cookie notices.
Just use UBO Extra instead of Nano Defender, it basically works the same
@Laitinlok
uBlock Origin Extra seems to be abandoned, though. Last update was on September 9th, 2019, more than a year ago:
https://chrome.google.com/webstore/detail/ublock-origin-extra/pgdnlhfefecpicbbihgmbmffkjpaplco
Except this maybe?? :
“Step 1. Subscribe to Adblock Warning Removal List.”
@Damien
Yeah, you can safely keep that list. Its maintainer is not involved with the Nano projects.
>Except this maybe?? :
>“Step 1. Subscribe to Adblock Warning Removal List.â€
This list is useless anyway.
@Anonymous
> This list is useless anyway.
Its usefulness depends on one’s location (it covers websites from a certain set of regions primarily). This was not the question though, the question was whether or not it’s problematic. Adblock Warning Removal is definitely not problematic.
“This list is useless anyway.”
Why?
@Iron Heart: thanks for the heads up about those Nano filters. After removing the extension, does one need to remove those filters separately, and if so how?
@Klaas Vaak
Nope, removing the extensions (Nano Adblocker + Nano Defender) got rid of those filter lists already, no additional steps are required. If you have installed uBlock Origin now, just don’t subscribe to those filters, IF anyone should suggest them to you. They must now be considered compromised same as the extensions.
In case of these lists, look at GitHub, if you had old URL, then nothing will change, it’s safe to keep them, but they archived, which means that won’t be any updates.
@hawkeye116477
Might as well remove them, then. No updates will come anyway. If there will be any updates, chances are they will be malicious. I’m not taking any risks, and neither should anyone else.
I’ll more clarify my previous comment. Filterlists are from https://github.com/NanoAdblocker account on GitHub, which you can see that is under control of original author, it wasn’t transferred. New developers however have new account on GitHub named nenodevs.
So some still can be safely used on Firefox, but as you can see, all is archived, so no update, so pages might be broken soon, so you should observe LiCybora repo for updates and change URL when it will be available.
@hawkeye116477
No updates going forward is yet another reason for removal. Even if the new spyware devs who have taken over Nano Adblocker + Nano Defender on Chromium should not control those lists, do you think it’s any better that they are controlled by the previous dev who has just sold out his users? And what is archived can be resurrected at any time, perhaps with someone else controlling the lists now. I reaffirm my recommendation that those should be removed.
Thank you for clarifying anyways.
Thanks Martin!
The article should have prompted firefox users to uninstall the addon. It is clear that the author is not trustworthy.
Firefox version didn’t changed the owner and is maintained by someone else than Chrome version. He/she doesn’t plan to port that bad Nano changes and seems that rather wants to develop it independently under new name.
https://github.com/LiCybora/NanoDefenderFirefox/issues/187
@user By that logic Gorhill isn’t trustworthy either because back then he sold uBlock to someone else, came back and created uBlock Origin. Developers are just people. Nobody is perfect.
@Malte I never sold uBlock.
I don’t think that was the case with ublock. From what I read it was like Gorhill was robbed by sb, but I might be wrong. Anyway, extension called ublock is pretty dead compared to ublock origin.
Malte said:
“By that logic Gorhill isn’t trustworthy either because back then he sold uBlock to someone else”
Gorhill would never “sell” the extension, ever, that would be a guarantee that the buyer is malicious. It was too much work and he publicly transferred control for free to someone he hoped he could trust. When this someone started doing unethical things, he came back creating ublock “origin”.
Wikipedia has a description of what happened with ub/ub0 (with links)
https://en.wikipedia.org/wiki/UBlock_Origin#uBlock
And additionally, beside not selling the extension, a reminder that I also did NOT transfer the user base of uBlock to another party, I have always been and I am still in control of the Chrome store publication since I first published the extension in June 2014. I considered it would have been completely unethical to transfer the user base without their explicit contentment.
As a long-time adopter of Ublock Origin on firefox, I stick with what is provided by the extension, with many (backed up) customised settings.
This 3rd party ‘addition’ to Ublock Origin is, to quote Mozilla from [url]https://addons.mozilla.org/en-US/firefox/addon/nano-defender-firefox[/url]
‘This add-on is not actively monitored for security by Mozilla.
Make sure you trust it before installing.’
The Firefox version is a port maintained separately by LiCybora. They have now confirmed (on the Github thread) that they will no longer be maintaining the FF extension so it can be considered abandoned.
sigh -_-
And yet another useful app/extension sells out.
There was an update 3 days ago for firefox:
“- Disable quick issue reporter as upstream no longer maintain it”
Since he no longer maintains it and decided to sell out for chromium i just got rid of it anyway.
Thanks Martin!
The Firefox version is/was a port maintained separately by LiCybora. This dev has now confirmed (on the Github thread) that they will no longer be maintaining the FF extension following the sale of the Chromium version, so it can be considered abandoned.
Let me clarify.
Nano “Adblocker” is abandoned.
Nano “Defender for Firefox” will be continued but with rebranding, and independent from any entities or people.
Thanks, LiCybora.
Thank you for being transparent about everything and also voicing your concerns. It’s a shame it has happened but it would be a shame to also lose you. If you still have a passion for it then absolutely keep going. Honestly this only reinforces everything we stand for and reminds us that the enemy is always looming over us to try and claw back some influence and control over us all in order to benefit from us and throw out our rights to privacy.
I hope to see your work LiCybora be more tightly integrated into a more consistent and trustworthy project such as uBlock Origin if possible.
I’m sorry to hear this has happened but thankful for your work and support.
Thanks for clarifying! Looking forward to it, hope it will get covered here as well.
Interestingly, the latest version in the Chrome Web Store is 1.0.0.154, dated 15 October.
Another sellout by a dev who benefitted immensely by being uBlock Origin’s fork and pulling upstream changes and the work done by gorhill, [Editor: removed, please stay polite].
The lively discussion continues at https://github.com/jspenguin2017/Snippets/issues/2
It’s starting to look like a case of ‘caveat venditor’…
Imagine being so butthurt about the deal.
What people should do is accept defeat, Manifest v3 will kill uBlock, ABP, nano and every other extension, the only ones that will work are the system adblocker ones like Adguard.
This deal makes sense, if he got $100, $1000 or more money off it, at least he will get some money before Manifest v3 starts killing every extension and then it is too late to get something off it. Even if he got $1 it would be more than what Google or Microsoft will give the guy when killing adblocker extensions.
I uninstalled it, but I was already not even really using it because Brave adblocker was doing all the job. I uninstalled it without being butthurt, just wishing the guy good luck, at least he properly supported Edge browser, both version at the time, unlike uBlock.
@Harr Ramp
I think the problematic aspect here is that the former Nano Adblocker developer has given his user base over to people out to spy on the same users, without having done proper vetting before. Adblock extensions are definitely on their way out due to Manifest V3, however, that doesn’t justify violating user trust in the way he did. Not at all.
@Iron Heart
Well, the problem is you want to see this as a “trust user” thing, what trust would he have? unless he wanted to develop something else in the future, I don’t think he cares much anymore. He was even thinking about abandoning the extension development so he is tired of it, like many are. the only ones having a good time lately on the open source are the big projects that are pretty much not free since they keep getting money from everywhere.
But In my experience this is what I see all the time, people sell and then the other people acquire the product. in software it happens so many times and then what responsibility would a developer have if the developer already sold it? He sold pretty much the ‘nano’ name, and then what turkish developers do, it won’t be his responsibility anymore.
But if even the hundred and thousand dollar software do this, and you would have more right to complain since you paid for it, how can you blame the ‘free’ product that does the same?
Open source is like whatever to me, and this is another proof developers do whatever they want, and will always do whatever they want. People will keep thinking that open source is positive because “you can check the code” but that doesn’t guarantee much when they can do the same good or dirty trick a closed source software does.
Right now, we don’t even know what def.dev-nano website is about but it has a timer, so we will have to check exactly what happens in 35 days.
But like I said, all we can do is the same we can do with other software when they do something you don’t like, remove/uninstall them and move on. I do that with software that costs a lot of money because I stopped wanting to support the developer since I had problems with company practices or decisions they take, so doing that for a free product I guess it is easier since you don’t have to deal with any loss money or licensing problems or anything.
I understand your point but in software and in the state of any project lately it is like “it is what it is”. This is one more reason why I don’t support open source projects too much and I am glad Brave browser has a decent adblocker and I will hope they add the few tiny features that are missing from the normal uBlock/Nano like procedural cosmetic filtering.
@Anonymous
They might! they are able to, for sure. So it is good we have browsers that have native adblockers, but hopefully somehow, we will always have a browser that doesn’t just follow Google and want to be like google, obviously not caring about users.
@Harr Ramp saying “So it is good we have browsers that have native adblockers, but hopefully somehow, we will always have a browser that doesn’t just follow Google and want to be like google, obviously not caring about users.”
Every opportunity is good to advertise for brave it seems. I tried to avoid feeding it but this claim here in reply to me is too much and I give up: in addition to brave serving its own ads, the brave adblocker whitelists Google search ads and by coincidence has search deals. Of course it just follows Google and want to be like Google, obviously not caring about its users. And of course the built-in blockers provided by browser companies like Mozilla Corporation and Brave Software Inc exist to give them control over what they whitelist because of their business model and must not be trusted. Actually even AdGuard whitelists by default search ads and sponsored content that they intentionally misidentify as self-promotion, for suspicious reasons. They just don’t call it “acceptable ads”, but “useful ads”.
https://github.com/brave/brave-browser/issues/4533
https://brave.com/faq/#search-engines
https://kb.adguard.com/en/general/search-ads-and-self-promotion
https://github.com/AdguardTeam/AdguardFilters/issues/52103#issuecomment-603318247
@Anonymous
> in addition to brave serving its own ads,
Perhaps you should clarify that Brave serves “its own ads” as system notification, i.e. it never alters websites. Brave periodically downloads a non-personalized list of ads, and a local algorithm then analyzes your browsing, picking ads from the list accordingly. The data in question never leaves your PC, and it’s never processed on a remote server, only locally. This is a far cry from the type of ads (website elements) we are talking about here. Plus, Brave Rewards are opt-in, it’s not even enabled by default.
> the brave adblocker whitelists Google search ads and by coincidence has search deals.
The two are intimately connected with each other. You don’t get a search engine deal if you insist on blocking ads on the search result page, it’s a standard clause of such contracts not to so. That’s also the case in most other browsers having such deals, by the way. Search engine royalties are one way of funding for Brave, others include investor money and a commission for Brave Rewards ad campaigns, as well as a small commission whenever someone donates BAT.
> Of course it just follows Google and want to be like Google, obviously not caring about its users.
Dude, if that were so, it would not come with an internal adblocker mitigating the effects of Manifest V3. It also wouldn’t try to undermine Google’s business model (collection and analysis of user data on remote server) by providing a counter-business model.
> And of course the built-in blockers provided by browser companies like Mozilla Corporation and Brave Software Inc exist to give them control over what they whitelist because of their business model and must not be trusted.
This is always a possibility and not limited to browsers. Extensions authors can accept money just as well. In fact, most adblocker extensions aside from uBlock Origin are trash and operate some kind of whitelist. uBlock Origin is the exception rather than the rule, and that it hasn’t gone to shit yet is only thanks to Raymond Hill’s strength of character (he was offered money on several occasions, he declined). You saying that extensions are generally more trustworthy just because it’s true for one of them is somewhat off the charts.
Brave has no incentive yet to whitelist anything other than ads on search engine result pages, and as said, they are under an obligation to whitelist them, as otherwise there would be no contract, means no funding, means devs haven’t a job anymore.
> They just don’t call it “acceptable adsâ€, but “useful adsâ€.
Funny that you mention that, AdBlock Plus (an extension) operates such a whitelist, while Brave doesn’t (apart from the aforementioned search engine result pages).
“”Brave doesn’t operate such a whitelist, apart from the whitelist it operates””
Ok.
The point was that brave is sold out to the ad industry just like adblock plus, and that such built-in blockers are thus not more trustworthy than extensions, contrary to what the brave shills are trying to push here. uBO remains ethical.
You should work on improving the wording there justifying your ad whitelist:
“Why doesn’t Brave block ads on search engine result pages?”
https://brave.com/faq/#search-engines
As it reads now it’s embarrassingly not really answering the question. Missing words like “search deal” and “The two are intimately connected with each other.” for instance.
@Anonymous
> Brave doesn’t operate such a whitelist, apart from the whitelist it operates
Is is really that hard to grasp? Just like any other browser I know of, Brave is (partially) funded by search engine royalties, you don’t get them if you insist on blocking ads on the results page. Firefox doesn’t block those, and neither does Vivaldi for example. Are all those browsers trash because they need to be funded somehow?
I bet you are just now using a browser that whitelists ads on the search result page by default, and you only block those via uBlock Origin. Great. I can do the same with Brave (run it in conjunction with uBO), so how does that make Brave worse?
> The point was that brave is sold out to the ad industry just like adblock plus,
No, this is a silly allegation. Brave is funded by search engine royalties (partially), just like any other browser I know of, and thus whitelists ads on a limited area (search result page of the default search engine). AdBlock Plus whitelists entire ad networks on whatever random websites their ads may be found, this comparison is totally erroneous.
> and that such built-in blockers are thus not more trustworthy than extensions,
The status of “extension” does not guarantee trustworthiness. Read the article you comment under again.
> contrary to what the brave shills are trying to push here.
Are people “shilling” Brave when they say that they are using it as a viable response to Manifest V3? Seriously? If that qualifies for “shilling” already, all other browsers would be getting “shilled” here as well upon being mentioned.
> uBO remains ethical.
≠all other adblocking extensions remain ethical, extensions are generally better.
> You should work on improving the wording there justifying your ad whitelist:
Dude, I literally gave you the precise reason why Brave and all other browsers I know of (probably the browser you are using at the moment, too) whitelist ads on the search result page. I have nothing more to add to this.
“the only ones that will work are the system adblocker ones like Adguard.”
Until browsers deny the users the right to let Adguard intercept their encrypted web traffic, which would dramatically reduce their efficiency. You know, “for your own security”.
> This deal makes sense, if he got $100, $1000 or more money off it
No idea how much he made but the figures can go pretty high sometimes. The main developer of VLC was proposed tens of millions of euros to add ads and other crap and refused:
(in french)
https://old.reddit.com/r/france/comments/736ghk/ama_je_suis_le_pr%C3%A9sident_de_videolan_et_le/dnnyrop/
Gorhill, the developer of ublock origin, is also apparently proposed lots of money to add trash to the extension and needless to say refuses:
https://twitter.com/gorhill/status/1293233244826218498
We need more developers like that.
Firefox Users seem to be safe right now, concerning LiCyboras Statement on Developement and Future plans.
https://github.com/LiCybora/NanoDefenderFirefox/issues/187
This is a good example why I strongly believe in limiting or even not installing any extensions in order to prevent this kind of thing from happening (as well as in general to limit the attack surface of a system). I know there are a lot of good devs out there with good extensions that would never do this kind of thing. But all it takes is one that does and you’re left dealing with the consequences like this!
“This is a good example why I strongly believe in limiting or even not installing any extensions”
This is exactly how the major browser companies would like us to think about adblockers…
But all it takes is *not* having an extension like ublock origin to have with absolute certainty your privacy and security level considerably reduced.
@Anonymous
I agree one should not operate without some kind of blocking solution. I should’ve added that I use a blocking hosts file instead of extensions. I prefer it because it doesn’t require installing anything and operates at the OS level so blocks for all applications not just the web browser.
Manifest v3 is another example of trash… it must be another example of google going to great lengths to “listening to its users” :/
Also when people just assume that inbuilt adblockers are fine if not better, it makes me cringe. It’s like downloading a movie and finding that the subs are hardcoded on the video and their is a mistake somewhere or you want to fix or remove them but can’t because the overlord has decided its his way or the highway.
At least with an extension/addon you have the choice and can move onto something else or have some form of dialog with the developer which are usually more open to suggestion and conversation. This was the great design of extensions and addons, one starts with a blank canvas and then can add whatever they liked. The goal was once to expand those regions to be more powerful and allow more but now its designed to allow less, stifle innovation and have complete control over its users under the false guise that this is what is best. You can insert virtually any other big company here and its all the same story.
It’s a cycle and sooner or later these browsers will be replaced by one that respects its users and allows such flexibility but for now we are stuck with this sick mentality that is a manifestion of the culture in our current landscape so we will have to wait and see what the future brings but I can assure you at this pace chrome will have a neat spot in the pages of history right next to IE but maybe this time it will take down a few others that have followed the same path with it. I digress, this is about an addon going to shit and being transferred to a less that reputable party. I guess it was hard to turn down the money that was on offer as there was no consultation prior or offers to hand it over to the community first but I guess there would not have been any payout for that.
“I guess it was hard to turn down the money that was on offer”
Then it’s our job to make it less inviting for the developers to accept the bribe than to refuse it. Every time we let this happen without consequences it makes it easier for it to happen again somewhere else.
The only 2 content blocker extensions I trust are uBlock Origin & AdGuard. Any other blocker (unless it is baked in like Brave Shields) never gets a look from me. I’m sad to see the Nano dev burn users like this, but this is a reminder that many of the companies in this arena (like ADP) are scum.
Both Nano Defender and Nano Adblocker have been removed from the Chrome Web Store!
https://chrome.google.com/webstore/detail/nano-defender/ggolfgbegefeeoocgjbmkembbncoadlb
https://chrome.google.com/webstore/detail/nano-adblocker/gabbbocakeomblphkmmnoamkioajlkfo
I removed Nano from all my Brave profiles and from Edge MS profile, the only one usable on W10. Whatever you do with Edge you will be screwed anyway, extensions or not.
I venture on with only Brave shields. This is another sad day, so much good old software has been abused, or phased out. Ccleaner, Sandboxie, all the AV’s like Avast and the others.
Ruthless neo capitalism destroys souls, hearts and trust.
Thank you Martin. I hope Martin will keep informing us and since asking for it : please a post about the new Privacy Badger, the old one has become dangerous.
Regarding AVs, ESET is still alive and well :)
Ruthless neo capitalism destroys souls, hearts and trust.
What a silly comment.
Do you even know what “capitalism” is?
Do you work for free?
Go and read the conversation on Github – you’ll find out that the dev was primarily looking for another maintainer to hand the project to, because his workload no longer allowed him to give it sufficient time.
That he earned some money for his efforts – and I very much doubt it would have been a lot – so what?
We all do that, do we not?
He appears to have been taken in by scammers; pure and simple.
Give the guy a break.
I hope that you’re not a software developer.
Then you have read another Github conversation. He did not bother to really sort out who these people were, nor did he bother at all to inform his userbase.
“perhaps they will never know, until one day they cannot withdraw from their accounts for their bills”. https://github.com/jspenguin2017/Snippets/issues/2#issuecomment-711081915
But for you that is fine. He is a victim. Not his userbase. What he did is a fine example of true capitalism. Thank you for enlightening me with your woke logic and reasoning.
Should be noted that it’s confirmed to be malicious now – any users with the extension still installed are having their instagram accounts like random posts.
The article might do well to update with this information.
https://github.com/jspenguin2017/Snippets/issues/3#issuecomment-712449305
It’s confirmed to be malware and is compromising user’s instagram accounts.
https://github.com/jspenguin2017/Snippets/issues/3#issuecomment-712449305
I feel like this is good information to add to the original article.
So what is the damage of this event?
Had unknowingly run with the malicious Nano for some time.
Read on Reddit that Instagram is affected.
What else have the malicious Nano affected?
Maybe a follow up article?
Wonder will this blow up to an excuse for Chrome not giving chance to all adblock extensions?
Holy shit…thank you for this article, I was so confused what’s going on.
Thanks for the warning and actions to flag it !
What accounts could be affected on what apps .. do i have a todo check list ?
I’m searching another anti-ads but don’t know if i’m going to find one as efficient …
Regards,
@Val
What accounts could be affected on what apps .. do i have a todo check list ?
https://github.com/jspenguin2017/Snippets/issues/5
This lists some websites / accounts known to be affected. Potentially, all your accounts could be compromised. Here are the steps I would suggest you take:
1) Remove Nano Adblocker and / or Nano Defender if you haven’t already.
2) Delete your cookies.
3) Log into your accounts, change your password.
4) Log out of your accounts.
They were collecting session cookies. Deleting your cookies might force websites to set new session cookies, changing your password and logging out would likely invalidate existing session cookies the offenders might have. I suggest you do all of the steps.
> I’m searching another anti-ads but don’t know if i’m going to find one as efficient …
I recommend uBlock Origin. Long-standing and trustworthy, check it out.
Nano was based on ublock origin which makes them virtually the same. Give that a try, I am sure you will feel at home using ublock origin plus Raymond the developer is very dedicated and seems to have a strong ethical code. I feel bad for jspenguin2017 as I am sure he regrets the entire deal and is doing what he can to help put out the fires that was caused by this all. Ironically this is the most vocal I have seen of him in years. Lets not forget Jspenguin2017 has been on our side for many years even prior to nano so I prefer to give him the benefit of the doubt.
It wasn’t the best move but this is a great lesson for anyone in the field how not to handle the situation.
It’s definitely very concerning that it is now performing tasks behind your back on instagram and who knows what else it is doing so definitely uninstall it ASAP.
The latest status I have found is that Google Web Store took down the Chrome Nano Extension and deleted it from Chrome browser users who installed the Nano Extension. The Firefox Nano extension is OK as it is owned by another company. See https://www.zdnet.com/article/google-removes-two-chrome-ad-blockers-caught-collecting-user-data/ .
You should also remove it from Firefox because it’s been abandoned.