Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is this project even still open-source? #1545

Closed
jerkstorecaller opened this issue Jul 7, 2022 · 8 comments
Closed

Is this project even still open-source? #1545

jerkstorecaller opened this issue Jul 7, 2022 · 8 comments

Comments

@jerkstorecaller
Copy link

jerkstorecaller commented Jul 7, 2022
edited
Loading

Hi. The license assigned to this github repo is GPL3.

The repo hasn't had any source commits in 10 years. The most recent commit is a github issue template in 2021.

And yet there's still frequent releases, most recently May 2022: https://addons.mozilla.org/en-US/firefox/addon/tampermonkey/versions

If it's the GPL, the source code should be made available to users, it's how the GPL works. Where is the code for the past 10 years of releases? I looked at tampermonkey.net and it doesn't link to an alternative project hosting website.

If this project has ceased being GPL3 since 2013, please update the license to say "Proprietary" or "Closed Source". And if you want to be ethical put a notice at the beginning of the README that although it used to be GPL, it is now closed-source, so people are not tricked. There's people like me who will never trust a closed-source extension with all their browser history.

I mean no disrespect here, I'm sure it's just some documentation issue or me missing something. (I hope) Tampermonkey couldn't have made it this far as a closed source extension.
@derjanb
Copy link
Member

derjanb commented Jul 7, 2022

Closed via e547f53 in #214

@derjanb derjanb closed this as completed Jul 7, 2022
@jerkstorecaller
Copy link
Author

This is sad to hear.

I wasn't able to find your privacy policy on the Tampermonkey.net, but I found it on the Mozilla Addons page:
https://addons.mozilla.org/en-US/firefox/addon/tampermonkey/privacy/?utm_content=search&utm_medium=referral&utm_source=addons.mozilla.org

It mentions the info you send to your servers:

For technical reasons (i.e. when the BlackCheck service checks for updates), data such as the following, which your internet browser transmits to us or to our web space provider (so called server log files), is collected:
type and version of the browser you use
operating system
websites that you visit
date and time of your visit
your Internet Protocol (IP) address.

"websites that you visit"? You're sending the user's browsing history to your servers? I never would have installed Tampermonkey if I had known before. It's my fault for trusting extension authors by default, I guess.

If I want you to delete all my browsing history that you've collected on me (as the next section of your privacy policy says I can do), how would we do that?

@jerkstorecaller
Copy link
Author

jerkstorecaller commented Jul 7, 2022
edited
Loading

Have you shared the user's browsing history with any 3rd parties? If yes, 1) which? , 2) If a user asks you to delete this collected information, will it also be deleted from 3rd parties?

@derjanb
Copy link
Member

derjanb commented Jul 7, 2022
edited
Loading

"websites that you visit"? You're sending the user's browsing history to your servers?

From the privacy policy:

For technical reasons (i.e. when the BlackCheck service checks for updates), data such as the following, which your internet browser transmits to us or to our web space provider (so called server log files), is collected:

So the answer is no, the web server simply logs what all web server log in their "server log files". The domain and page that an (in this case your) IP visited.

The information that is logged looks like this:

120.243.xx.xxx - - [07/Jul/2022:14:04:02 +0200] "GET /get.php?version=get HTTP/1.1" 502 568 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.66 Safari/537.36 Edg/103.0.1264.44" 0.000 0.000 .

I wasn't able to find your privacy policy on the Tampermonkey.net

https://www.tampermonkey.net/privacy.php

@jerkstorecaller
Copy link
Author

So the "websites that you visit" refers to the update check page only? You don't have records of other websites that the user might visit, such as playboy.com?

@derjanb
Copy link
Member

derjanb commented Jul 7, 2022
edited
Loading

So the "websites that you visit" refers to the update check page only?

Yes, and the changelog page if opened and when a new version is installed.

Simply the information that the browser sends in order to fulfill the request, which includes what site should be loaded from the web server and then is logged at the server log files.

@jerkstorecaller
Copy link
Author

In that case I would rephrase "websites that you visit", it sounds way darker than this :)

Maybe say "The Tampermonkey webpage accessed when checking for updates or opening changelog".

@radian628
Copy link

In that case I would rephrase "websites that you visit", it sounds way darker than this :)

Maybe say "The Tampermonkey webpage accessed when checking for updates or opening changelog".

I'd like to echo this concern too. Stumbled across this exact same rabbit hole of "what do they mean by 'websites that you visit'?" until I found this thread.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@derjanb @jerkstorecaller @radian628