[logn]

Browser plugins can read SSL pages no problem. So why did Superfish not just present itself like a browser plugin? Then it's just normal bloatware and probably pulls in the same profit. Some people might uninstall it is the only reason I can think why they didn't go this route. They could have pre-bundled Chrome and FF to avoid having users ok the plugin installation.

[practicalpants]

> So why did Superfish not just present itself like a browser plugin

They did this for years, actually. They paid add-on developers to bundle their shopping app with the developer's app. I remember this going on ~2010/2011 at least.

People were not happy about it to say the least.

[chinathrow]

And VCs gave them money for this shit. What a fucked up investor world this is.

https://www.crunchbase.com/organization/superfish

[TeMPOraL]

Here they are:

https://www.crunchbase.com/organization/superfish/investors

I'd love to see people put money where their mouth is and refuse to be funded by those investors... but I'm pretty sure it's not going to happen.

[ProAm]

Can browser plugins install root CA certs? Honest question, Im not sure but I would be surprised if they could?

[logn]

You can write anywhere to disk where user has privileges (at least in FF). Not sure if that's enough.

But I don't think you need a CA at all since plugins can see the full DOM (whether SSL or not). Like if you "inspect element", view source, or run firebug.

The plugin is already written too: https://addons.mozilla.org/en-US/firefox/addon/windowshopper...

[chinathrow]

Mozilla should just pull this plugin from addons, seriously.

[joshstrange]

What am I missing here? What makes this addon so bad? It looks like it injects buttons/overlays to show "lower" prices of items you are already viewing. While I have zero desire to install this addon I'm failing to see what it's doing that makes it deserving of being pulled.

[DanBC]

The add-on from similarproducts.net uses superfish technology.

http://www.similarproducts.net/

> SimilarProducts is a monetization platform that uses Superfish technology to help users find and discover products visually. The technology instantly analyzes images on the web and presents identical and similar product offers.

[chinathrow]

It _is_ SuperFish, see the about page.

[chinathrow]

The company is scum, as has been proven the last couple of days. I don't know why anyone (Mozillas Add-On place included) should support them and carry their software.

[TazeTSchnitzel]

MITMing everything saves them from having to write a plugin for each browser and update it.