[Ansil849]

The responses here to this story defending the plugin author are appalling. They all seem to boil down to "you didn't read the fine print or the source code, so whatever the plugin does is defensible". What if instead of taking a percentage of the ad revenue, the plugin siphoned credentials or ran malware as a revenue generator, or did whatever else? And what if it openly explained in the fine print that it would be doing this?

[Hasz]

You don’t read the contract, you pay the price.

People just arbitrarily pulling in code from random people on the internet and expecting everything to be fine is hilarious. Your project, due the due diligence.

To answer the hypothetical, the author is still at fault even if was malware.

[Ansil849]

> To answer the hypothetical, the author is still at fault even if was malware.

Wow, that's as explicit victim blaming as you can get.

[belval]

Victim blaming? OP is bragging about his revenue in the very same blog post! He used open-source code without taking the time to understand what the code did and somehow we're victim blaming?

> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

That's the license OP agreed to when he used the code.

[Ansil849]

I really wonder if you have the same approach to all other situations with fine print, not just software contracts? Ebay scams, usury lending agreements, everything?

If on line 37, page 409, of a car rental agreement that you sign, it states that if you are an hour late in returning your vehicle, the car rental company will take your firstborn, and you sign this agreement, then it's on you, right?

[belval]

> I really wonder if you have the same approach to all other situations with fine print

This isn't a fine-print, it's literally in bold in the license file. I am not renting a car that says it might not run but they'll still charge me.

> If on line 37, page 409, of a car rental agreement that you sign, it states that if you are an hour late in returning your vehicle, the car rental company will kill your firstborn, and you sign this agreement, then it's on you, right?

This is a bad example because killing my firstborn is illegal. This is more akin to a car rental that charges and extreme late fee that is written on page 1.

[Aldo_MX]

Dismissing something as "victim blaming" is the best way to say "I am not mature enough to accept that I have responsibilities, and I will play the role of a victim for as long as I can stay unaccountable for my actions".

[Ansil849]

I asked this question in another comment, but same thing: Just curious, is this your attitude towards other things as well? There used to be a very popular ebay scam, which had people sell large screen TVs and video game systems for very cheap. At the bottom of the auction description, in fine print, the auction also clearly stated that you were bidding/buying only a photo of the product, not the actual product. In other words, it was "spelled out", so no one was getting scammed according to your perspective here, right? It was on the fault of the buyers for not reading the license/auction description?

[Aldo_MX]

Dark patterns are not illegal, but they fall in the reputation loss category.

Taking your example: Ebay decided that they couldn't afford the reputation loss to accept listings with dark patterns so they updated their T&C to reflect that, but that doesn't mean that the action that ebay took was the absolute truth.

To name a different example about dark patterns: There are websites which color the "Accept All Cookies" button with the primary action color and they place the button after the checkboxes where you choose your cookies, in the place that most of us expect a "Submit" button. As far as the GDPR is concerned they're complying.

As a consumer it is your choice to stop doing business with persons and companies that use dark patterns.

The same applies to open source. You are seeing that the number of maintainers who are disrupting projects is increasing. Would you really trust your business to a person that you don't even know? It is your reponsibility to audit the code that you're using.

[mypalmike]

> What if... They plugin siphoned credentials or ran malware (etc.)

If you hypothesize that the software did something illegal, I hypothesize that nobody would defend it.

[Ansil849]

I'm not sure it's legal to say that in certain use cases, you will siphon off an unspecified amount of money from your customer? Imagine if an app like Venmo stated that?