from Hacker News

uBlock Origin GPL code being stolen by team behind Honey browser extension

by extesy on 1/2/25, 5:27 PM with 444 comments

  • by kelseydh on 1/3/25, 8:44 AM

    Google removed chrome extensions that do cookie stuffing before: https://www.zdnet.com/article/google-removes-two-chrome-ad-b...

    PayPal's Honey extension should be pulled by Google for doing the exact same thing. There is no difference and Honey shouldn't get special treatment just because it's owned by PayPal.

    ---

    UPDATE: It's criminal wire fraud.

    Brian Dunning sentenced to 18 months jail for cookie stuffing: https://www.businessinsider.com/brian-dunning-ebay-and-affil...

    “Cookie Stuffing" internet fraud schemer Jefferson Bruce McKittrick pleads guilty: https://www.justice.gov/usao-sdal/pr/cookie-stuffing-interne...

  • by aunty_helen on 1/3/25, 2:56 AM

    Pie also removed its footer reference to being the team that made Honey and then deleted all of the team photos from the who are we page. They seem to understand cookies and affiliate links well but aren’t versed in the way back machine.

    The ethical standards of everyone involved with Honey/Pie are deplorable and they should be outcast from the software industry.

  • by Suppafly on 1/2/25, 6:09 PM

    As if Honey isn't already under enough fire with half the youtube world releasing videos about their shady practices.

  • by shwaj on 1/2/25, 7:30 PM

    I know it’s not necessarily the same people, but it feels contradictory for this community to say “copyright infringement isn’t theft” when we’re talking about movies, but use the opposite language when talking about GPL source code.

  • by alsetmusic on 1/2/25, 7:18 PM

    This isn’t the first time they’ve been accused of shady practices.

    > MegaLag also says Honey will hijack affiliate revenue from influencers. According to MegaLag, if you click on an affiliate link from an influencer, Honey will then swap in its own tracking link when you interact with its deal pop-up at check-out. That’s regardless of whether Honey found you a coupon or not, and it results in Honey getting the credit for the sale, rather than the YouTuber or website whose link led you there.

    https://www.theverge.com/2024/12/23/24328268/honey-coupon-co...

  • by octacat on 1/2/25, 7:37 PM

    Strange, an addon that was written to steal income by replacing affiliate links with their own, is found to also steal the code.

  • by kelseydh on 1/3/25, 10:55 AM

    Snopes looking real silly for this 2018 fact check: https://www.snopes.com/fact-check/honey-browser-extension/

  • by matt3210 on 1/2/25, 8:30 PM

    It wouldn’t surprise me if most companies steal GPL code. When code is closed source, how can anyone know?

  • by mx20 on 1/2/25, 7:35 PM

    Is he correct? That you can't have GPL files in your project without all code adhering to it? I thought it has to be linked static. So just calling a GPLed js library likely wouldn't be enough. I think the law is muddy here and not clear at all, even if the code is directly bundled.

  • by Sephr on 1/2/25, 6:21 PM

    To be fair, Honey could easily bypass the blocklist redistribution legal issue by downloading filter lists at runtime from the official source. Then they aren't redistributing the resources.

    Update: It looks like they're also using code from uBO without attribution or authorization. That's most likely illegal.

  • by slowmovintarget on 1/2/25, 5:32 PM

    If any software ever deserved being sued into non-existence it is the Honey browser extension, and any other scam software they turn out (Pie Adblock in this case).

    https://www.youtube.com/watch?v=vc4yL3YTwWk

  • by jzl on 1/3/25, 3:37 AM

    Minor quibble with the linked complaint: the GPL doesn’t require you to post source code, it just requires that you have to provide it when asked, and only to people using your software. (But you’re not allowed to restrict anything they do, like repost it.) Just follow the whole Redhat / CentOS drama for exhibit A in this behavior.

  • by zb3 on 1/2/25, 5:46 PM

    If something is "heavily promoted by influencers", it's garbage.

    Would it make a difference if this garbage was GPL licensed?

  • by 65 on 1/2/25, 8:22 PM

    How does Pie Adblock make money?

    It's free so I'm suspecting they're doing more affiliate marketing stealing or something similar to Honey.

  • by gonesilent on 1/2/25, 6:07 PM

    paypal paid 2 billion for honey did all the devs leave?

  • by kurthr on 1/2/25, 5:43 PM

    I really wish PieAdblock was in the article headline, since it's more relevant.

    "UBlockOrigin GPL code stolen by Pie Adblock Extension and Honey team"

    Of course Pie is scummy, it is brought to you by the people behind Honey. In addition to stealing GPL Source the new over-hyped Adblocker that probably also steals (silently rewrites in the background) affiliate links, just like the old "coupon finder". No surprises!

  • by exabrial on 1/3/25, 8:48 PM

    PayPal Honey is also involved in lawsuit where it stole Referral Codes and replaced them with its own.

    Basically every dollar the company has made is basically illegal.

  • by Larrikin on 1/3/25, 4:43 PM

    Is there a better option to Honey? The extension has saved me a good bit of money over the years, especially on newer and independent sites that sometimes offer deep discounts for your first order. But it does seem like the coupon codes come from the community and there should be a community version of the extension.

  • by moonshadow565 on 1/2/25, 6:31 PM

    I don't think you can copyright lists of publicly available information (iirc there was some case with phone numbers before). That being said, they also stole code...

  • by ChoGGi on 1/3/25, 1:35 PM

    I'd only heard of Honey by way of random YouTube thumbnails, I assumed it was some sort of scam. Go figure they're connected to PayPal...

  • by mfer on 1/2/25, 6:20 PM

    The author of UBlockOrigin should contact the PayPal legal department (in a legal manner). That might be a more direct path dealing with the Honey business.

  • by Havoc on 1/2/25, 11:23 PM

    I guess honey is just going all out now?

  • by blackeyeblitzar on 1/2/25, 10:26 PM

    Yea but who is going to do anything about it? What is the enforcement method?

  • by efitz on 1/2/25, 10:39 PM

    Wow these people really just go all in on the unethical practices.

  • by SamInTheShell on 1/2/25, 9:42 PM

    I thought config files can’t be copyrighted. The post talks about what appears to just be a config file.

  • by jazz9k on 1/3/25, 12:50 AM

    If piracy isn't 'stealing' neither is this, since the original code is still available.

  • by floppiplopp on 1/6/25, 8:50 AM

    I don't understand. Wanting everything for free and stealing stuff is just good capitalist praxis. Has been for centuries.

  • by max_ on 1/2/25, 5:55 PM

    Why can't people just run businesses decently without deception & scams?

    I'm sure they can be profitable.

    This deceptive behaviour actually makes the business loose customers in the long term.