
Problematic monetization in security products, Avira edition - robin_reala
https://palant.de/2019/12/11/problematic-monetization-in-security-products-avira-edition/
======
dessant
The truly problematic part is that Mozilla did not immediately block the
extension for executing arbitrary remote code that is controlled by the
antivirus company.

Mozilla has recently blocked several translation extensions for loading remote
code from Google Translate, Firefox users finding their workflows for
accessing information being broken, with no good workaround, other than
switching to Chrome.

[https://www.ghacks.net/2019/11/05/mozilla-bans-all-
extension...](https://www.ghacks.net/2019/11/05/mozilla-bans-all-extensions-
that-execute-remote-code/)

[https://www.jeremiahlee.com/posts/page-translator-is-
dead/](https://www.jeremiahlee.com/posts/page-translator-is-dead/)

[https://blocked.cdn.mozilla.net/](https://blocked.cdn.mozilla.net/)

~~~
phyzome
Of note, he didn't report the Chrome extension because the Chrome maintainers
don't consider it to be a problem.

~~~
netsharc
Is it Chrome maintaners or the extension store maintainers?

"In particular, Google allows execution of remote code as long as there is no
proof for it being used for malicious purposes."

Ah, so they're using the model Zuckerberg used for FB apps, "FB apps are not
legally allowed to do anything illegal, as a developer click here to agree
that you'll behave.". And among others, Cambridge Analytica exploited this
bullshit lazy trust.

~~~
phyzome
It's Google. I don't really know how it all breaks down from there.

------
mirimir
Generally, cloud-based security products are disastrous for privacy.

~~~
marcosdumay
And all other kinds of security.

Now, go try to explain that to people.

------
blattimwind
I had no idea Avira is still around.

