Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: The popular Chrome extension ModHeader is injecting ads into searches
93 points by geuis on Oct 4, 2023 | hide | past | favorite | 12 comments
Not much more to say than the title. I enabled ModHeader to test something a couple days ago and started noticing the same add showing up in the sidebar on both Google and Bing. I keep a constant vigilance with uBlock Origin and denying all 3rd party cookies.

Since that was the only extension I've modified recently, I disabled it and refreshed a search page and voila, the ad is gone.




This may violate the Chrome Web Store ad policies [1], specifically points 4, 5, 8.1, 8.2, and 8.4:

  4. Ads must be presented in context or clearly state which product they are bundled with.

  5. Ads must also be easily removable by either adjusting the settings or uninstalling the product altogether.

  8. Ads associated with your product may not interfere with any ads on a third-party website or application. You may show ads alongside a third-party website only if all of the following criteria are met:

    1. This behavior is clearly disclosed to the user.

    2. There is clear attribution of the ads' source wherever those ads appear.

    3. The ads do not interfere with any native ads or functionality of the website.

    4. The ads do not mimic or impersonate the native ads or content on the third-party website, and the ads adhere to the content policy on impersonation and misleading behavior.
[1]: https://developer.chrome.com/docs/webstore/program-policies/...


Requestly founder here! If you're still looking for a solution to modify HTTP Headers [0], you can try Requestly - An Open-source[1] Chrome & Firefox extension to intercept & modify network requests.

Although Requestly is a freemium product, the free plan offers unlimited HTTP header modifications. You can get Requestly here[2]

[0]: https://requestly.io/blog/modify-headers-in-https-requests-a...

[1]: https://github.com/requestly/requestly/

[2]: https://chrome.google.com/webstore/detail/requestly-redirect...



I went there on mobile Safari and the UI just let me go between Free and Ad Supported, saying “Subscribed” next to the option I just clicked, regardless of the fact that I don’t have an account or the plugin installed. So that seems nice and trustworthy.


Well, what do you think happens when you dereference a null pointer? Undefined behavior. It does work correctly when you have the extension installed.


Seems like it is disclosed so shouldn't be "news"?


Just cause it's disclosed doesn't mean it's acceptable. This crap takes us back to the late '90s. Remember all those IE toolbars?


This is the problem with autoupdate - you are giving Google complete control over your computer.


Yep, same thread model can be applied to Steam Workshop mods.


This seems to happen to all browser extensions eventually. I had to give up using them years ago.


Wow I was wondering what was causing ads for 'MaxAi.me' to pop up in every google search result as a 'promoted' ad even though I have adblock on. Well good riddance and turning off extension autoupdate.


This isn't the first time they've done something sketchy, a few years ago they added something that converts you into some "proxy" that was used for ad fraud




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: