> Putting these JavaScript files into the extension would have been possible with almost no code changes
The AMO team at Firefox used to outright ban addons with remote script injection. I guess it matters who you are -- like on the Apple App Store, big names just need to pull the right strings or call the right people for a free pass. Rules are not applied equally. The playing field is NOT level.
> Rules are not applied equally. The playing field is NOT level.
That's true, always has been.
> big names just need to pull the right strings or call the right people for a free pass
I'd be curious if that's the case.
For the most part in B2B, "the rules" generally only apply when the risk of a client doesn't out weight the benefit of that client. T&C and Contracts are always negotiable, it's just a matter of if it's worth it to both parties.
Amazon has more street cred than say, me, as a developer. And Amazon has a lot more to lose from their Add-On doing a bunch of evil things that I would if I decided to do evil things with mine. Amazon is big enough to assume liability for both itself and Mozilla if something goes wrong, I can't.
I'm not defending Amazon but what did they do that was evil? From what I read in the article, they were doing things a normal add-on developer isn't allowed to do, but that isn't inherently evil.
In a similar vein, your reasoning would conclude that white hat hackers are evil as well.
Having the power to do something bad, and doing something bad with that power are not equivalents.
Is it unfair that they received that power? Yes. Does that make it evil? No. Do I trust them? No.
I'm not defending Amazon, I'm questioning your reasoning because I don't arrive at the same conclusion.
Individuals in the US are not allowed to own machine guns except with extremely limited exceptions. Owning a machine gun does not inherently make one evil, so why can’t we own them?
> Individuals in the US are not allowed to own machine guns except with extremely limited exceptions.
That's not true. The laws vary by state with California being one of the most restrictive but other states like Idaho, Iowa, Montana, Nebraska, New Mexico, and Mississippi having no restrictions at all.
The AMO team used to review every submitted add-on. They no longer do, now it just says “This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.” on virtually every add-on. They still enforce this policy, but usually only when someone reports an add-on violating it. I reported this add-on, we’ll see now when/how they take action.
Note: I’m the author of this article and a former AMO reviewer.
The AMO team at Firefox used to outright ban addons with remote script injection. I guess it matters who you are -- like on the Apple App Store, big names just need to pull the right strings or call the right people for a free pass. Rules are not applied equally. The playing field is NOT level.