Anybody using the very popular Google Reader Notifier extension for Firefox should probably remove it immediately, as it is now tracking your browsing and displaying ads in your status bar without your consent. Despicable.

The ads are sneaky, and they don't show up right away... this screenshot was taken from Bernie Zimmermann's blog, but I've personally checked the source code for the extension and found the problem definitely exists—not to mention the Mozilla bug report explains it in detail.

If you want to see the offending code for yourself, browse down into your Firefox profile's extensions folder, find the {efa1abef-cb1c-4e40-9bc5-e2e69a3fb329}\chrome\content folder, and you'll see the st_ads.js file.

image

Once you open up the javascript file, you'll see Loads of tracking and ads going on.

image

And whatever you do, don't click on the ads, because they will take you on an endless redirect through ad-filled pages.

So, How Do I Get Rid of the Despicably Intrusive Ads?

Personally I'd remove the extension entirely, and maybe print the source code off and burn it. But if you absolutely Must keep using this extension, you can simply uninstall the current version, and then install the old version at this URL:

https://addons.mozilla.org/en-US/firefox/addons/versions/3977#version-0.71

You'll want to stick with version 0.71 and make sure that when you are prompted to upgrade the extension later, Don't Do It!

image

Rant About Firefox Extensions: What Is Going On?

This isn't the first time a very popular Firefox extension has sold out to the dark side and become badware. Slashdot reported a while back that the NoScript extension started hijacking the Adblock Plus extension, and while the author has since apologized profusely, I don't see this problem as going away.

What's to stop yet another Firefox extension from turning into badware, sneaking in tracking codes, or stealing your personal information? It's already happened with two of the most popular extensions... Somebody at Mozilla needs to do something about this.

What Can I Do?

Head over to the extension page at Mozilla Add-ons and leave a review expressing your displeasure.

And in the future, you might not want to simply approve every extension update blindly - go to the extension's page at Mozilla Add-ons, and check the recent reviews before you install any updates.

Thanks to Lifehacker reader Daniel for the head's up on this one.