[testdrive5]

Quoting a fellow HNer:

I recommend avoiding all browser extensions unless they come from well-known developers (eg 1Password) and they’re downloaded and installed through official channels. Browser extensions have a lot of access to your browsing activity and can phone home as well. One of the reasons this extension was sent a C&D was that it was sending some data home to the author’s server. That might be what the install instructions above are hinting at with the warning to examine the JS and remove any phone-home code. The original author defended the data collection as just enough to make sure the plug-in was working, except for study participants who apparently submitted much more information through the plug-in. Either way, I wouldn’t rush to install a plug-in that was caught sending any of my social media data to a 3rd-party server. I certainly would not install a browser extension from an unknown 3rd-party website just to spite Facebook, regardless the claimed origin of the code.

Source: https://news.ycombinator.com/item?id=28804308

[lelandfe]

> One of the reasons this extension was sent a C&D was that it was sending some data home to the author’s server

I think that this is incorrect.

The C&D included that as an example of banned things - beneath the actual list of what the extension had done wrong.

Per the wording, what they had done wrong was automation of actions, and unlicensed use of trademarks.

The letter: https://louisbarclay.notion.site/Unfollow-Everything-cease-a...

[PragmaticPulp]

“Accessing and/or collecting users content or information” is the first bullet point in the C&D. The Reddit install instructions even include a note to remove the phone-home code before running the plug-in.

The plug-in author also explained his data collection in his interviews. He said they collected a lot of data for study participants and less data for normal users to confirm the plug-in was “working”.

[lelandfe]

The first paragraph is the only one that includes a list of what their extension had been doing wrong. I haven't seen it typed up anywhere else, so here are the salient bits:

> Facebook has gathered evidence that your Chrome extension “Unfollow Everything for Facebook” facilitates unauthorized functionality on Facebook. Specifically, your extension automates actions on Facebook, including mass following and unfollowing of Friends, Pages, and Groups. Your extension also impermissibly makes use of Facebook’s trademarks. These activities violate Facebook’s terms.

> Facebook demands that you stop these activities immediately.

The bullet point you've pointed out lives beneath that list of issues, under a title of, "Facebook's terms prohibit, among other things." Things that Facebook's terms prohibit ≠ stuff the extension was doing.

Otherwise it would be curious indeed that Facebook isn't demanding they cease the collection of data :)

> The plug-in author also explained his data collection in his interviews

That could well be – I'm just saying that the C&D does not include it as a basis.

[trhway]

Is the author of the extension bound by the FB EULA? I'd guess no.

[leppr]

For this kind of simple use case, a userscript makes more sense than a full extension, which has the benefits of making the code easily auditable and forkable.

[andybak]

Harder for less technical people to use however.

[leppr]

It's just one more step, one time. After installing a userscript extension, it's as easy as a normal add-on.

[hetspookjee]

Thanks for the link as the thread is rather hilarious with the Dropbox v2 comment.