[[ CROSSRIDER OFFICIAL RESPONSE ]]
Dear RogueDarkJedi & everyone,
My name is Koby Menachemi and I’m the co-founder and CEO of Crossrider. I believe your comment is misleading (not your fault; just because you are not familiar with Crossrider) and I would like to clarify it so everyone will know and understand Crossrider better.
The most basic thing needed to be understood here is that Crossrider is a development framework and not an individual application. Claiming Crossrider is a malware is almost as claiming .NET or C++ is a virus.
Crossrider provides a powerful framework for developers to easily create cross browser extensions, which also supports auto update in order to allow flexibility to the developers, when it comes to version updates.
As we try to bring Chrome’s (the most modern web browser) development architecture to all browsers we do follow their basics, including auto update of your code automatically (exactly as it is in Chrome!). We did think about the users and we run the application in a secured sandbox, just like GreaseMonkey does, so it’s even much more secured than any standard extension you download which can update itself easily with no limitation.
The Google+Facebook extension only does what it claims to do, and confusing it with a potential malware threat based on assumptions re future code changes and by misunderstanding what Crossrider is all about, is really not fair.
Let me reply shortly re each one of the claims:
Auto update: if you compare it to Chrome or Firefox then extensions built with Crossrider can have only JS running in secured sandbox. With Chrome you can update your extension freely with no user confirmation(!). Firefox will show you there is new updates but the developer can also update the extension freely.
Premium Services: I’m sorry but you are wrong on this one :) From your notes it seems like there are requests to remote server in order to fetch these “premium services”, which nothing like that exists. Crossrider DOES NOT install any extensions other than the specific extension the user has downloaded and confirmed to install!
You mentioned again the JS source code might change in the future. Again, following Chrome’s architecture this is identical to installing any Chrome extension which does auto-update. btw, the reason for this (on both Chrome and Crossrider) is to provide the ability for the developer to quickly fix bus and have more solid and stable extensions.
Re changing the default search engine: as you know, any FF extension has this capabilities. As a platform that is a layer (API) to the browser API we provide this as well. This is the only part I feel I should apologize to some of the users. There was a glitch in the system and the search was indeed replaced to a minority of the users (only few hundreds out of more than 90,000 installations!).
Stats: when the extension check for updates, it tell the server the browser type, version and generated id in order to get the latest updates. Please note it’s for updates + there is NO personal data (as you were fair enough to mention). As you probably know, Chrome, Firefox and IE are doing the same thing.
Google Analytics: as a platform with powerful API the developer can use his own Google Analytics to track events. Yes, bad developers can track your pageviews but good developers will track your usage in their app to see what is working and what isn’t in order to improve it. Again, you were honest and mentioned you don’t see any use of it (because the specific extension you checked, Google+Facebook, really doesn’t use it)
API is packed: true, so? We’ve put a lot of work into our code… You can freely check our Chrome version (which has less IP because we are trying to provide Chrome’s architecture to other browsers) at: http://crossrider.com/download/chrome/519
Higher permissions level: there isn’t anything like that in the code… we run the code in FF sandbox so there is no need for that.
Changing homepage: again, this is something a developer can do in his extension (in regular FF extension). We used to allow developers to change the homepage (only once at installation!) but decided it’s not fair for the user so we don’t allow this anymore. If you create an app on Crossrider you will see there is no option like that. I think in some way, you can say we are safer than regular extension!
Uninstall: while uninstall the extension catch the event and clean the entire branch at the preferences.
(I believe I covered all your concerns… let me know if I miss anything)
I think it’s fair to say that you don’t want to use any Crossrider based extension, but it’s not fair to compare us to malware. We are hard working developers who built great tool for developers and we are one email/tweet away from you, so PLEASE: next time, just ask us and we will be happy to answer any of your questions rather than being accused. (btw, I have to admit I really understand you. Today there are just too many “fake apps” and malware but if you tried our product you would see it’s really far away from that)
I invite anyone here to try Crossrider and not only you will understand Crossrider is FAR AWAY from being a malware, it’s actually a pretty cool development framework to build cross browser extension. You can develop in regular/plain JS and we will create native extension for each platform (Chrome, Firefox, Internet Explorer and Safari support is coming soon) which will make your life much easier when it comes to developing extensions to multiple browsers.
Moreover, I will be happy to talk with you over the phone/Skype/chat and guide you through our code. I think it’s fair enough, right?
One last note: I have no hard feelings about this entire scenario. It did hurt us and we felt it’s not cool, but as I said I totally understand you. I guess I would do the same as you and I hope you will act like me and post clarification about it (only after I will guide you through the code and prove you it’s totally not what you thought :)
Best,
Koby Menachemi
Co-founder & CEO, Crossrider
koby@crossrider.com
skype: kobymenachemi