[dark-star]

It's a common theme:

- build an open-source thing

- wait till thousands or millions of people are using it

- change the license and close down the source

- implement malicious code

- push an update

- profit! you now have your malware running on millions of systems

[jeroenhd]

Should be added that the malicious part is often done by a third party that takes over an open source project when the original developer doesn't have the time/energy/money to maintain their open source/free work. Many Chrome extensions end up being sold for thousands or just hundreds of dollars because there's no money in them and the dev isn't all that interested.

Society as a whole could easily avoid this by funding open source/free utilities to the point where malware makers need to spend significant cash to outbid yearly community support, but unfortunately maintaining anything available online for free is a thankless job that barely covers the electricity required to maintain the code.

In this case too, the developers behind the theme seemed to want to monetise their work, which had attained almost 4 million installs, in the past, but found themselves with a rather unwilling customer base. I don't know if they snapped and uploaded something malicious or if they're intentionally making it hard for forks to copy their work, but either way the lesson learned is that if you want to make money you should just abandon your free projects and start something else.

[hombre_fatal]

Every time piracy or Youtube ads come up, HNers grandstand on how they don't even pay a dime to the content creators making the hundreds of hours of videos they watch.

GGs if you want a buck for the VSCode theme you made.

[skyyler]

I proudly block ads while giving directly to the people that make the stuff I like.

I know I'm in the minority, but I block ads because of memetic hygiene. I don't want to deprive artists but I'm not sitting through adslop for a podcaster's sake.

[Thorrez]

With Youtube at least, you can buy Youtube premium, so you don't have to sit through Youtube ads without needing an ad blocker (though you'll still have to sit through any ads the Youtuber directly adds into the video itself).

Disclosure: I work at Google.

[skyyler]

I use Youtube Premium, plus an ad blocker, plus an extension that removes shorts, plus an extension that skips sponsored segments.

Soon, I'm going to need an extension that removes the AI stuff I don't want and didn't ask for.

Using youtube in 2025 is exhausting.

[Thorrez]

Does the ad blocker do anything on Youtube since you have premium? It'll of course do things on other sites, but I'm wondering if it has any impact on Youtube.

[coffeecantcode]

Care to share these extensions?

[dspillett]

At £12/month YT Premium feels rather expensive for what we'd get out of it (though we have considered it for our Dad who uses it for music and train videos a lot) compared to other subscription services.

Also note that while it takes away the ads, it does nothing about the stalking (which bothers me much more than the adverts themselves) the results from which will be used to serve ads if you cancel in future (and in any case may be made available, directly or otherwise, to third parties, unless that part of the terms has changed).

[Thorrez]

US prices:

Netflix 1080p: $18/mo. Netflix 4k: $25/mo. No annual plan.

Youtube Premium, which offers 4k, is $14/mo, or $120/yr for the annual plan (which averages to $12/mo).

UK prices:

Netflix 1080p: £13/mo. Netflix 4k: £19/mo. No annual plan.

Youtube Premium: £12/mo. No annual plan.

It's interesting how in the Youtube Premiums discount over Netflix is smaller in the UK than the US, and how Youtube Premium lacks an annual plan in the UK.

>Also note that while it takes away the ads, it does nothing about the stalking

Does an ad blocker change that?

[izzydata]

I fundamentally disagree with making money from ads. I have no problem giving money to people who make things.

[Der_Einzige]

Copyright abolitionists are more than happy to embrace no one ever making money off of "software" again.

[tobyhinloopen]

> Society as a whole

As long as we won't have to pay 2 USD for an extension!

[notpushkin]

The closing down step is optional. Just don’t build on a public CI, and inject malicious code in your builds, xz-style.

[not_wyoming]

Are you contending that's what happened here? This is not a leading question, I genuinely do not know and am trying to learn more.

[pickledoyster]

yup, many mobile app developers do this (inject any SDK that'd pay them) too. Doesn't need to be open source, though

[DANmode]

Mobile app devs are often scum,

but no need to single them out.

Plenty of bait and switch later free apps turned freemium, or malicious, out there.

[oneeyedpigeon]

This is a good description of the problem. I'm not sure why it's been downvoted, except that "common" is overstating it a bit.

[mightysashiman]

reminds me of mx player on android (nova launcher also?)

[talkingtab]

Hey! Isn't that the Microsoft business model? Doesn't MS control VS Code? (google microsoft antitrust).