@Particle, very interesting idea.
First of all, I wish you gave me that tip half a year ago
But it got me thinking…
I’m not sure it would be a good idea to obfuscate any code, that would also mean trouble for me when submitting new versions to AMO.
The questions is, should I try to make it difficult for the spammer, or should I make it easy for users to discover they have an unofficial version?
Even though the spammer hasn’t changed anything in copies I have checked, the spammer knows Git good enough to import my repository and zip content of a folder (it’s a snapshot of code in-between two official releases). So I will assume spammer has some coding experience too. Will the spammer just jump to another extension if I put a simple “integrity check” on extension’s onboarding page? There’s a good chance I guess, but if not I will always be one step behind if he starts modifying my code.
If I focus on users only, I’m thinking about not making the “integrity check” immediately. Maybe wait until a day or two after install, and hope that spammer never discovers the check, and thus never look for a way to remove it?
But of course, nothing here helps fighting the current spammer, unless he gets the idea of taking a newer snapshot, instead of just continuing using the same as he does currently …
Yes, I’m just thinking out loud here. Comments and ideas are welcome (and I hope spammer doesn’t follow this thread )