Remove Honey (now revealed to be a scam) from the Extensions

The discount coupons extension Honey was recently revealed to be a massive scam that has taken millions of rightful money from content creators. See: https://www.youtube.com/watch?v=8tDOeQqnrYQ

If Mozilla allows this extension to continue to be downloaded and used, Mozilla is basically allowing the scam to continue happening by inaction.

3 Likes

This is the original video which that video is talking about:
https://www.youtube.com/watch?v=vc4yL3YTwWk
(Exposing the Honey Influencer Scam)

Basically they are doing Cookie stuffing:

But in this case it’s a gray area - since users can indeed get a discount in some cases.

The problem is all the other cases - if there is no discount and Honey will still “stuff their cookie” for your purchase - this could be considered an affiliate fraud.

This is a very popular technique these days as big stores are often letting it slide (maybe because it doesn’t hurt the user directly):

UPDATE:
It looks like this guy already investigated honey in the past but for a privacy related issues and at that time Firefox removed the “Recommended” badge:

I don’t think Mozilla should be listing this in their add-ons directory even if they currently denote it with “This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing.” nor supporting this as an add-on.

This add-on is, at the very least, intentionally malicious in how it handles and manages active data on websites as previously mentioned above by juraj.masiar. It would come under “harmful or objectionable” in the Distribution Agreement

As part of the Mozilla Add-on Distribution Agreement #7

Mozilla reserves the right (though not the obligation) to, in our sole discretion, remove or revoke access to any Listed or Self-distributed Add-ons as well as AMO accounts. This applies, but is not limited to, Add-ons and AMO accounts that, in our reasonable opinion, violate this Agreement or the law, any applicable Mozilla policy, or is in any way harmful or objectionable.

They also list powers as a response to abuse reports from End-Users:

For example, a Listed Add-on or AMO account may be removed in response to abuse reports from End-Users, in response to a Take-Down Request, or if it comes to Mozilla’s attention that the Add-on or AMO account violates our Conditions of Use.

As part of the Distribution Agreement 4c add-ons must adhere to Review Policies:

Mozilla may at any time monitor, test or review Listed and Self-distributed Add-ons for compliance with this Agreement and the Review Policies.

As part of the aforementioned Add-on Policies: there is a clear breach of ‘No Surprises’:

’No Surprises’:" “Unexpected” features are those that are unrelated to the add-on’s primary function, and are not clearly indicated by the add-on name or description. This may include features that impact user privacy or security, make unexpected changes to web content, or change default settings like the new tab page, homepage, or search engine.

There needs to be a Mozilla developer response to the undoubtable numerous end user reports that they are currently receiving and the objectionable and harmful way that the Honey extension operates in breach of Mozilla’s policies.

I’m not exactly sure who is still active in the Add-on Community Experience Team or if it even exists anymore, it looks like a lot of activity was paused in 2022 (@caitlin) . Is this discourse board even monitored? @Edward_Sullivan

1 Like