FastForward add-on has been silently removed from Mozilla's AMO
The popular link shortener, intermediary page skipping add-on, FastForward has been removed from Mozilla's AMO. It is unclear why the extension was delisted.
For those unaware of it, FastForward was created as a fork of an old add-on called Universal Bypass that was discontinued. Both extensions were designed to circumvent sites that displayed timers before redirecting you to the actual URL. Such sites are infamous for tracking users on the web.
What made these extensions special was a feature called "Crowd Bypass", an optional feature that relies on an online database to help users skip intermediary links on various websites. It did so by gathering the intermediary page URL, the destination URL, and a hash of the user's IP address. So when you enabled the feature you would be giving the information to the database when you came across such pages, similarly it would also let you bypass pages based on the details that were provided by other users. That is quite useful as it not only saves some time, but also protects your privacy, like an ad-blocker would.
This was FastForward's URL, it's dead now, you can access an older version of the page on Wayback Machine's Internet Archive.
Why was FastForward removed from Mozilla's add-on store?
Update: FastForward's developers have explained why the add-on was removed. Mozilla had contacted them regarding the Manifest V2 version of the extension which was pulling bypasses from a file called injection_script.js, to help users skip the intermediary links. Unfortunately this was violating Mozilla's terms of services, which explicitly forbids remote code execution.
The developers say that Mozilla were reasonable, and that they could not respond to the reviewer's query on time, which resulted in the add-on's suspension.FastForward plans to include the bypasses in the extension itself, but this will only be supported in the Manifest V3 versions. The downside to this is that the bypasses won't be updated automatically, and will require the extensions to be updated frequently. A new version of the add-on is being worked upon, and will be submitted to Mozilla's add-ons store soon. End
According to a recently closed issue on FastForward's GitHub, Mozilla has suspended the add-on. Refer to the image for the original version and the translation. The contributor had also told the user that the extension will be updated and available soon. That was posted 2 days ago. At this point, we are not sure why the add-on has been removed.
This is where things become confusing, FastForward's developer account has been removed completely from the AMO. So, will the extension return or not? The add-on's project page on GitHub says that it was banned from the Chrome Web Store last year, and one of the contributors had said that it was likely due to the "Crowd Bypass" server not having a valid SSL certificate, and that it would be back soon. However, that came to no avail, as the web extension is still not available at Chrome's Web Store.
The GitHub page has a screenshot of the email that FastForward received from Google, where the Mountain View company had accused the extension of bypassing paywalls and other restrictions. To be specific, Google had taken exception to the add-on bypassing URLs from "Linkvertise". I dug around this a bit and found some interesting information. Apparently, Linkvertise wanted to sue Universal Bypass, and this resulted in some changes made to the extension's code, which eventually led to its discontinuation. References on Internet Archive: Universal Bypass issue #1951, and a commit.
Would this have something to do with FastForward's suspension as well?
For what it's worth, I still have the add-on installed in Firefox, it wasn't disabled remotely. I think that's a sign that it's not harmful, the fact that the add-on is still available on Microsoft Edge store also seems to suggest that. You may install FastForward manually in the Developer and Nightly channels of Firefox. The extension can also be sideloaded on Chrome and other Chromium based browsers.
I'm curious why Mozilla has banned the add-on. Was it suspended for violating some terms of services? Did they find some privacy issues in it? Or was the extension hit by a DMCA? If that was the issue, then the developer would have been provided an opportunity to counter the claim. Mozilla has left users guessing about the whole situation, and that is not doing it any favors. It needs to be more transparent, or face the blame. If an add-on did something suspicious, it is Mozilla's responsibility to educate users about the impact it may have caused. Or if it was removed for legal reasons, just put a statement on the add-on's listing.
Mozilla removed the Bypass Paywalls Clean extension from its add-on repository last month, without initially providing information about the removal. A spokesperson for the non-profit organization later told us that the add-on in question was hit by a copyright notice, and that it had not received a counter-notice from the developer.
Removing an add-on to protect the privacy and security of users is always welcome, but an explanation should be provided for the same, case in point, the banning of FVD Speed Dial. I also believe the developers should provide some information about the same on their part too, to inform their users about what happened.
What do you think about all these silent removals?
See https://github.com/FastForwardTeam/FastForward/issues/920#issuecomment-1484281031
“FastForward pulls the latest bypasses from the file injection_script.js in this github repo, to ensure you always have the latest bypasses. mozilla doesnt like this because it mean that the extension can be changed over time without them approving it, which, while true, is kinda how the current structure of the extension operates.
The way we plan to resolve this is with our MV3 versions of FastForward, where the bypasses are included in the extension itself and are not automatically updated. this is not ideal, as we will have to regularly update the extension on the stores which is time consuming. it does, however, mean that we will be allowed back onto the firefox store, and potentially even the chrome web store if we remove the linkvertise bypass from that build. we are working hard to make this happen, and we should be ready to submit a version to the mozilla addons store soon.”
“The developers say that Mozilla were reasonable”
Not so much :
https://github.com/FastForwardTeam/FastForward/issues/912#issuecomment-1482917142
“Firefox is not a fan of the auto-updating script because (according the them) it’s code not bundled within the extension, which isn’t exactly allowed under their guidelines. The hypocrisy is that extensions like uBO have similar designs and are still on there.”
There is no clean line between extensions using remote code or not. uBlock origin injects scripts in web pages that have a part, the scriptlet building blocks, that is only updated with the extension, and another part, how to use what building blocks where, that is updated more often through filter lists. It could be argued that this last part still makes it using remote code.
Google’s Mozilla would surely love to have the power to draw the line that further, but can’t yet. uBO was once almost banned by Mozilla in the past for having the building blocks part also updated more often, and had to change its design to a less efficient version to avoid that.
Greasemonkey-like extensions do even more than uBO, but were allowed to only because users had manually installed every user script that would be remotely updated later ; no installed by default user script would have been allowed a remote update. So there is surely lots of arbitrariness and lots of room for power abuse for browser developers to castrate anti-tracking extensions at the expense of users interests, with the false excuse of security.
The irony being that Mozilla Corporation allows itself to use the ban hammer against software and developers that are undoubtedly more ethical that Firefox itself. Not only generally speaking, but also even on that specific point, as there is a little known mechanism to update silently Firefox’s code arbitrarily between browser updates. And MozCorp has been known for sneaking malicious code in Firefox already in the past following business deals.
I once had a lot of respect for Mozilla. They are now fraudulent like all the other major tech companies.
And they lie that Google is not paying them to stay alive by giving away their users’ data back to Google in return. And some people actually believe that.
No real surprises here. Mozilla playing deaf and dumb seems like the thing these days.
Mozilla is prospering… xD By doing the stupidest things ever and pushing the last sensible users away.
I haven’t seen a browser scraping rock bottom as hard as Firefox. It’s like an Shounen anime where each arc ends in a cliffhanger and you can’t wait to find out how will Firefox screw up next time.
On github they says: “Firefox has temporarily discontinued our extension, but it will be updated again soon in the Firefox extension store.”
https://github.com/FastForwardTeam/FastForward/issues/912
This is the worst weird and disgusting thing that I have ever read about extensions and Mozilla. So we have an addon discontinued because of a rare legal issue for bypassing ads linking? If so, what can happen now, how many enterprises would sue Ublock Origin for bypassing ads too, for example? I think that Mozilla is Googlenized more and more till become the Google’s best soft pet. Thanks for the article.
Understandable tho, honestly the money most Mozilla employees are using to buy food, clothes, to feed their wife and their kids are from Google, if they don’t behave they don’t even have food to fill their stomach, life is a struggle.
@upp +1, however it’s very sad to see how it seems that there are now too many ways to do the “right things”. I clearly understand that the money factor is a powerful reason to close the eyes and do whatever the master Google wants. Anyway I wish Google would take their big dirty hands off Mozilla (and also I wonder if someday this will happen before the Firefox UA appears like Chrome, LOL, or not too LOL after all, probably).