* They use whitelist (visible in source) of sites, thus they do not record activity on all sites, but just the ones in whitelist.
* You can individually block sites from being tracked even if they are in whitelist (by click on the icon). This gets respected.
* They store a lot of data "locally". Things like timestamps, cursor activity, time spent on the page etc. This does not get sent to flattr, but sits in local storage.
* Once "site/page" qualifies for a flattr, path with title is sent to flattr. No other information (i.e. - no query string, no mouse activity etc.).
* They record things, that they should blacklist. For example - common cms paths (wp-admin/) is reported, but should not be. In some sites they report paths that should be blacklisted (like in twitter they report /settings/ ).
* In youtube.com icon for extension looks disabled (like nothing is being recorded), however they still store data in local db (browsing history, videos viewed). Nothing is sent to flattr though. This should be updated. Either show in icon that you record data, or do not record anything.
All in all extension does not look malicious at the moment. But it's not perfect either. And i'm not sure that there will be a point where i will feel 100% confident with it. Most likely i will try to use it, but will continue to inspect regularly to see if its still solid.
Edited: fixed some typos.
We have tried to be as thorough as we could with what data the extension saves in local storage, even with the first release. There are always improvements that can be done and will be done.
We are going to add to the blacklist to not send things like twitter settings or wp dashboards etc.
Youtube is a bug that sneaked in just before release, in reality the UI does not reflect that youtube is supported and used. It's being addressed right now.
From a technology point of view, that might have been a gain for them.
But does this outweigh the loss of the "trust in advance" that they would otherwise receive?
Also, what's about the risk of being dragged into bad reputation? (Which might happen as soon as AdBlock Plus gets bad media coverage, once again.)
Looking at their "all-knowing, privacy-friendly algorithm", they are already there:
Even the title is an oxymoron, let alone the scary description.
Which issue is fixed by "acceptable ads" in a better way than a plain ad blocker that has no exceptions?
The former tries to "mediate" between ad providers and users, while the latter is an actual "user agent" in every sense of the word.
Maybe it is just me, but I don't see any shortage of the former. And I'm missing the latter one in many aspects of the internet. NoScript, uBlock origin and miniwebproxy all are just first steps to fix issues which browsers (in the sense of real "user agents") shouldn't have in the first place.
> The reputation they got are based on stories created by the ad industry, and yes, obviously they hate eyeo
Not sure which stories you allude to. I'm not aware of any such stories, being placed by the ad industry or any other entity.
However, I am aware of much criticism that is based purely on their business model, by well-known people far away from the ad industry, without involvement of any additional stories.
> and yes, obviously they hate eyeo
Almost nobody feels sorry for the ad industry, but it is quite a far stretch to argue that we (i.e. the ad targets) should like Eyeo because they are the enemy of the enemy.
Maybe my perception is wrong, but all people I know don't care, because they just see different flavors of shady businesses that happen to step on each other's feet.
What's noble in being involved in that game?
Is that in the manifest or in the source?