Spidermonkey Development BlogIs Memory64 actually worth using?

After many long years, the Memory64 proposal for WebAssembly has finally been released in both Firefox 134 and Chrome 133. In short, this proposal adds 64-bit pointers to WebAssembly.

If you are like most readers, you may be wondering: “Why wasn’t WebAssembly 64-bit to begin with?” Yes, it’s the year 2025 and WebAssembly has only just added 64-bit pointers. Why did it take so long, when 64-bit devices are the majority and 8GB of RAM is considered the bare minimum?

It’s easy to think that 64-bit WebAssembly would run better on 64-bit hardware, but unfortunately that’s simply not the case. WebAssembly apps tend to run slower in 64-bit mode than they do in 32-bit mode. This performance penalty depends on the workload, but it can range from just 10% to over 100%—a 2x slowdown just from changing your pointer size.

This is not simply due to a lack of optimization. Instead, the performance of Memory64 is restricted by hardware, operating systems, and the design of WebAssembly itself.

What is Memory64, actually?

To understand why Memory64 is slower, we first must understand how WebAssembly represents memory.

When you compile a program to WebAssembly, the result is a WebAssembly module. A module is analogous to an executable file, and contains all the information needed to bootstrap and run a program, including:

  • A description of how much memory will be necessary (the memory section)
  • Static data to be copied into memory (the data section)
  • The actual WebAssembly bytecode to execute (the code section)

These are encoded in an efficient binary format, but WebAssembly also has an official text syntax used for debugging and direct authoring. This article will use the text syntax. You can convert any WebAssembly module to the text syntax using tools like WABT (wasm2wat) or wasm-tools (wasm-tools print).

Here’s a simple but complete WebAssembly module that allows you to store and load an i32 at address 16 of its memory.

(module
  ;; Declare a memory with a size of 1 page (64KiB, or 65536 bytes)
  (memory 1)

  ;; Declare, and export, our store function
  (func (export "storeAt16") (param i32)
    i32.const 16  ;; push address 16 to the stack
    local.get 0   ;; get the i32 param and push it to the stack
    i32.store     ;; store the value to the address
  )

  ;; Declare, and export, our load function
  (func (export "loadFrom16") (result i32)
    i32.const 16  ;; push address 16 to the stack
    i32.load      ;; load from the address
  )
)

Now let’s modify the program to use Memory64:

(module
  ;; Declare an i64 memory with a size of 1 page (64KiB, or 65536 bytes)
  (memory i64 1)

  ;; Declare, and export, our store function
  (func (export "storeAt16") (param i32)
    i64.const 16  ;; push address 16 to the stack
    local.get 0   ;; get the i32 param and push it to the stack
    i32.store     ;; store the value to the address
  )

  ;; Declare, and export, our load function
  (func (export "loadFrom16") (result i32)
    i64.const 16  ;; push address 16 to the stack
    i32.load      ;; load from the address
  )
)

You can see that our memory declaration now includes i64, indicating that it uses 64-bit addresses. We therefore also change i32.const 16 to i64.const 16. That’s it. This is pretty much the entirety of the Memory64 proposal1.

How is memory implemented?

So why does this tiny change make a difference for performance? We need to understand how WebAssembly engines actually implement memories.

Thankfully, this is very simple. The host (in this case, a browser) simply allocates memory for the WebAssembly module using a system call like mmap or VirtualAlloc. WebAssembly code is then free to read and write within that region, and the host (the browser) ensures that WebAssembly addresses (like 16) are translated to the correct address within the allocated memory.

However, WebAssembly has an important constraint: accessing memory out of bounds will trap, analogous to a segmentation fault (segfault). It is the host’s job to ensure that this happens, and in general it does so with bounds checks. These are simply extra instructions inserted into the machine code on each memory access—the equivalent of writing if (address >= memory.length) { trap(); } before every single load2. You can see this in the actual x64 machine code generated by SpiderMonkey for an i32.load3:

  movq 0x08(%r14), %rax       ;; load the size of memory from the instance (%r14)
  cmp %rax, %rdi              ;; compare the address (%rdi) to the limit
  jb .load                    ;; if the address is ok, jump to the load
  ud2                         ;; trap
.load:
  movl (%r15,%rdi,1), %eax    ;; load an i32 from memory (%r15 + %rdi)

These instructions have several costs! Besides taking up CPU cycles, they require an extra load from memory, they increase the size of machine code, and they take up branch predictor resources. But they are critical for ensuring the security and correctness of WebAssembly code.

Unless…we could come up with a way to remove them entirely.

How is memory really implemented?

The maximum possible value for a 32-bit integer is about 4 billion. 32-bit pointers therefore allow you to use up to 4GB of memory. The maximum possible value for a 64-bit integer, on the other hand, is about 18 sextillion, allowing you to use up to 18 exabytes of memory. This is truly enormous, tens of millions of times bigger than the memory in even the most advanced consumer machines today. In fact, because this difference is so great, most “64-bit” devices are actually 48-bit in practice, using just 48 bits of the memory address to map from virtual to physical addresses4.

Even a 48-bit memory is enormous: 65,536 times larger than the largest possible 32-bit memory. This gives every process 281 terabytes of address space to work with, even if the device has only a few gigabytes of physical memory.

This means that address space is cheap on 64-bit devices. If you like, you can reserve 4GB of address space from the operating system to ensure that it remains free for later use. Even if most of that memory is never used, this will have little to no impact on most systems.

How do browsers take advantage of this fact? By reserving 4GB of memory for every single WebAssembly module.

In our first example, we declared a 32-bit memory with a size of 64KB. But if you run this example on a 64-bit operating system, the browser will actually reserve 4GB of memory. The first 64KB of this 4GB block will be read-write, and the remaining 3.9999GB will be reserved but inaccessible.

By reserving 4GB of memory for all 32-bit WebAssembly modules, it is impossible to go out of bounds. The largest possible pointer value, 2^32-1, will simply land inside the reserved region of memory and trap. This means that, when running 32-bit wasm on a 64-bit system, we can omit all bounds checks entirely5.

This optimization is impossible for Memory64. The size of the WebAssembly address space is the same as the size of the host address space. Therefore, we must pay the cost of bounds checks on every access, and as a result, Memory64 is slower.

So why use Memory64?

The only reason to use Memory64 is if you actually need more than 4GB of memory.

Memory64 won’t make your code faster or more “modern”. 64-bit pointers in WebAssembly simply allow you to address more memory, at the cost of slower loads and stores.

The performance penalty may diminish over time as engines make optimizations. Bounds checking strategies can be improved, and WebAssembly compilers may be able to eliminate some bounds checks at compile time. But it is impossible to beat the absolute removal of all bounds checks found in 32-bit WebAssembly.

Furthermore, the WebAssembly JS API constrains memories to a maximum size of 16GB. This may be quite disappointing for developers used to native memory limits. Unfortunately, because WebAssembly makes no distinction between “reserved” and “committed” memory, browsers cannot freely allocate large quantities of memory without running into system commit limits.

Still, being able to access 16GB is very useful for some applications. If you need more memory, and can tolerate worse performance, then Memory64 might be the right choice for you.

Where can WebAssembly go from here? Memory64 may be of limited use today, but there are some exciting possibilities for the future:

  • Bounds checks could be better supported in hardware in the future. There has already been some research in this direction—for example, see this 2023 paper by Narayan et. al. With the growing popularity of WebAssembly and other sandboxed VMs, this could be a very impactful change that improves performance while also eliminating the wasted address space from large reservations. (Not all WebAssembly hosts can spend their address space as freely as browsers.)

  • The memory control proposal for WebAssembly, which I co-champion, is exploring new features for WebAssembly memory. While none of the current ideas would remove the need for bounds checks, they could take advantage of virtual memory hardware to enable larger memories, more efficient use of large address spaces (such as reduced fragmentation for memory allocators), or alternative memory allocation techniques.

Memory64 may not matter for most developers today, but we think it is an important stepping stone to an exciting future for memory in WebAssembly.


  1. The rest of the proposal fleshes out the i64 mode, for example by modifying instructions like memory.fill to accept either i32 or i64 depending on the memory’s address type. The proposal also adds an i64 mode to tables, which are the primary mechanism used for function pointers and indirect calls. For simplicity, they are omitted from this post. 

  2. In practice the instructions may actually be more complicated, as they also need to account for integer overflow, offset, and align

  3. If you’re using the SpiderMonkey JS shell, you can try this yourself by using wasmDis(func) on any exported WebAssembly function. 

  4. Some hardware now also supports addresses larger than 48 bits, such as Intel processors with 57-bit addresses and 5-level paging, but this is not yet commonplace. 

  5. In practice, a few extra pages beyond 4GB will be reserved to account for offset and align, called “guard pages”. We could reserve another 4GB of memory (8GB in total) to account for every possible offset on every possible pointer, but in SpiderMonkey we instead choose to reserve just 32MiB + 64KiB for guard pages and fall back to explicit bounds checks for any offsets larger than this. (In practice, large offsets are very uncommon.) For more information about how we handle bounds checks on each supported platform, see this SMDOC comment (which seems to be slightly out of date), these constants, and this Ion code. It is also worth noting that we fall back to explicit bounds checks whenever we cannot use this allocation scheme, such as on 32-bit devices or resource-constrained mobile phones. 

The Mozilla BlogSlate’s ICYMI hosts on their online obsessions and wildest 2025 predictions

Two women are pictured in a grid-patterned orange background. The woman on the left smiles over her shoulder, wearing a pink sweater, with a pencil icon near her image. The woman on the right faces the camera with a neutral expression, wearing a black top, with a microphone icon near her image.<figcaption class="wp-element-caption">Candice Lim and Kate Lindsay are the hosts of ICYMI, Slate’s podcast about internet culture.</figcaption>

Here at Mozilla, we are the first to admit the internet isn’t perfect, but we know the internet is pretty darn magical. The internet opens up doors and opportunities, allows for human connection, and lets everyone find where they belong — their corners of the internet. We all have an internet story worth sharing. In My Corner Of The Internet, we talk with people about the online spaces they can’t get enough of, the sites and forums that shaped them, and how they would design their own corner of the web.

This month, we chat with Candice Lim of Slate’s internet culture podcast, ICYMI, and her new cohost, Kate Lindsay, about their first online obsessions, internet hot takes and predictions for 2025.

What is your favorite corner of the internet? 

Kate: My group chat. I’m a full-time lurker on platforms like TikTok, to the point where I have time limits on my phone, but when it comes to actually participating in the discourse or sharing my life, I now only do it in a space where I’m pretty sure everyone likes me.

Candice: There’s this TikTok account called @petunia_rocks, and it’s run by a college student who voices a stuffed hippo named Petunia. Her account is full of cute little things like, Petunia’s nighttime routine, Petunia cold-calling frat guys, Petunia going to her grandparent’s house for Thanksgiving. And Petunia has a very cute voice, but she also has this adorable growl (hmmmmph!) that I use in my daily life all the time. I stan Petunia and she does, indeed, rock.

What is an internet deep dive that you can’t wait to jump back into?

Kate: I want to know what happened to the 2010s-era YouTube BritCrew. Almost all still post but not all are still friends, and I need to know what some think of the direction that others have taken…

Candice: I have a few that I check in on every year: What’s the nature of Mindy Kaling and BJ Novak’s relationship, what finally made Charli XCX break up with her ex-boyfriend Huck, what really caused Aaron Rodgers and Shailene Woodley to call off their engagement, what is the hour-by-hour timeline of Olivia Munn and John Mulaney getting together, what really happened when Edith Zimmerman profiled Chris Evans for GQ, and was there an actual love triangle between Olivia Rodrigo, Sabrina Carpenter, and Joshua Bassett.

What is the one tab you always regret closing?

Kate: The spelling of “grey” vs. “gray” because I always forget and just have to Google it again. I still don’t know right now.

Candice: Drew Starkey fancams.

What can you not stop talking about on the internet right now?

Kate: How it’s making us lonely! The internet should be for news, seeing what my high school classmates look like now, and fandoms. It should not be a single replacement for working, shopping, socializing and ever needing to leave the house.

Candice: Same as Kate. Maybe we’ll even make an ICYMI episode about it soon 🙂

What was the first online community you engaged with?

Kate: Mugglenet and FanFiction.net, for the same reason: to see if Harry and Hermoine ever kiss.

Candice: I would say MileyWorld.com, which was a Miley Cyrus fan site that I was obsessed with. It had this MySpace feel to it, where “Miley” would leave messages, videos, and notes for her fans to comment on. There was a paid subscription element to the site, which I feel like is a bit gatekeep-y especially when it’s catered to 12 year olds. But the reason I stopped going on there is because I was catfished by someone who claimed to be Mandy Jiroux, Miley’s best friend whom you may know from the iconic program, The Miley and Mandy Show. “Mandy” and I were in the DMs, and on the front page of MileyWorld, they would spotlight one fan every day, and it was a big deal. It was like Reddit Karma points. And I had such a nice conversation with “Mandy,” that she promised she would make me the spotlighted fan on the homepage the next day. I was so excited and bragged about it at school. But I forgot that I had a basketball game the day of my alleged crowning, so I went straight from school to the game, and I came home and conked out. And to this day, I will never, ever know if I was really MileyWorld’s fan of the day.

If you could create your own corner of the internet, what would it look like?

Kate: MySpace plus the ability to post videos, minus the requirement to publicly rank your friends.

Candice: It would combine: KindleTok, hopecore, Bella Hadid’s aesthetic and those TikTok tarot readings where they don’t have any hashtags or captions on the posts so you totally know that video was meant for you.

What articles and/or videos are you waiting to read/watch right now?

Kate: I’d love to open up YouTube and see that one of my various English mums has posted a 40-minute long vlog of them cleaning their house and running errands. I just checked and one has 🙂

Candice: I really love Wishbone Kitchen’s content. Her TikToks have leaned away from “day in the life of a private chef in the Hamptons” and toward her daily cooking rituals as someone who just bought a house in the Hamptons. And usually, when an influencer buys a home, they get hate (envy) for it but I am really happy for Meredith because she showed the work that it took to get there, and her content doesn’t strike me as braggy. Instead, she nurtures her garden, she takes her dogs on a walk, she microplanes local cheeses, and it’s very Cotwaldsian to me. She feels like American Taggie from Rivals. I’ve been saving her 45-minute Christmas and Thanksgiving dinner videos for those cozy nights in when you’re cooking a big bolognese and you want something light and bright that encourages you to be patient while cooking. I like her videos because audio-wise, there’s something really satisfying about hearing the garlic sizzle and short rib sear and her videos make everything seem doable.

What’s your wildest internet culture prediction for 2025?

Kate: Digital wellness as the new self-care — mindful consumption, logging off, physical media (and then posting about it all online, of course).

Candice: I think a big celebrity or influencer will sue @PopCrave for forgetting to say they “stunned” in a photo.


Kate Lindsay is a writer from Brooklyn, New York and author of the internet culture newsletter Embedded. Her work has also appeared in The New York Times, The Atlantic, Bustle, and GQ, launching viral phenomena like the millennial pause and “rawdogging” flights. Previously, she was a newsletter editor at The Atlantic and a staff writer at Refinery29.

Candice Lim is the co-host of ICYMI, Slate’s podcast about internet culture. She comes to Slate from NPR, where she was an assistant producer at Pop Culture Happy Hour. Prior to that, she was an intern at NPR’s How I Built This, the Hollywood Reporter, WBUR and the Orange County Register. She graduated from Boston University with a bachelor’s degree in journalism and grew up in Orange County, California.

The post Slate’s ICYMI hosts on their online obsessions and wildest 2025 predictions  appeared first on The Mozilla Blog.

This Week In RustThis Week in Rust 582

Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tag us at @ThisWeekInRust on X (formerly Twitter) or @ThisWeekinRust on mastodon.social, or send us a pull request. Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub and archives can be viewed at this-week-in-rust.org. If you find any errors in this week's issue, please submit a PR.

Want TWIR in your inbox? Subscribe here.

Updates from Rust Community

Official
Foundation
Newsletters
Project/Tooling Updates
Observations/Thoughts
Rust Walkthroughs
Miscellaneous

Crate of the Week

This week's crate is vidyut, a Sanskrit toolkit containing functionality about meter, segmentation, inflections, etc.

Thanks to Arun Prasad for the self-suggestion!

Please submit your suggestions and votes for next week!

Calls for Testing

An important step for RFC implementation is for people to experiment with the implementation and give feedback, especially before stabilization. The following RFCs would benefit from user testing before moving forward:

RFCs
  • No calls for testing were issued this week.
Rust
Rustup
  • No calls for testing were issued this week.

If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

RFCs
Rust
Rustup

If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

Call for Participation; projects and speakers

CFP - Projects

Always wanted to contribute to open-source projects but did not know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

CFP - Events

Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.

  • Rust Week (Rust NL) | Closes on 2025-01-19 | Utrecht, NL | Event on 2025-05-13 & 2025-05-14
  • Rust Summit | Rolling deadline | Belgrade, RS | Event on 2025-06-07

If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

Updates from the Rust Project

469 pull requests were merged in the last week

Rust Compiler Performance Triage

A quiet week with little change to the actual compiler performance. The biggest compiler regression was quickly recognized and reverted.

Triage done by @rylev. Revision range: 0f1e965f..1ab85fbd

Summary:

(instructions:u) mean range count
Regressions ❌
(primary)
0.4% [0.1%, 1.8%] 21
Regressions ❌
(secondary)
0.5% [0.0%, 2.0%] 35
Improvements ✅
(primary)
-0.8% [-2.7%, -0.3%] 6
Improvements ✅
(secondary)
-10.2% [-27.8%, -0.1%] 13
All ❌✅ (primary) 0.2% [-2.7%, 1.8%] 27

4 Regressions, 3 Improvements, 3 Mixed; 3 of them in rollups 44 artifact comparisons made in total

Full report here

Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

  • No RFCs were approved this week.
Final Comment Period

Every week, the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now.

RFCs
Tracking Issues & PRs
Rust Cargo
  • No Cargo Tracking Issues or PRs entered Final Comment Period this week.
Language Team
  • No Language Team Proposals entered Final Comment Period this week.
Language Reference Unsafe Code Guidelines
  • No Unsafe Code Guideline Tracking Issues or PRs entered Final Comment Period this week.
New and Updated RFCs

Upcoming Events

Rusty Events between 2025-01-15 - 2025-02-12 🦀

Virtual
Europe
North America
Oceania:

If you are running a Rust event please add it to the calendar to get it mentioned here. Please remember to add a link to the event too. Email the Rust Community Team for access.

Jobs

Please see the latest Who's Hiring thread on r/rust

Quote of the Week

This is a wonderful unsoundness and I am incredibly excited about it :3

lcnr on github

Thanks to Christoph Grenz for the suggestion!

Please submit quotes and vote for next week!

This Week in Rust is edited by: nellshamrell, llogiq, cdmistman, ericseppanen, extrawurst, U007D, joelmarcey, mariannegoldin, bennyvasquez, bdillo

Email list hosting is sponsored by The Rust Foundation

Discuss on r/rust

Don MartiHow this site uses AI

This site is written by me personally except for anything that is clearly marked up and cited as a direct quotation. If you see anything on here that is not cited appropriately, please contact me.

Generative AI output appears on this site only if I think it really helps make a point and only if I believe that my use of a similar amount and kind of material from a relevant work in the training set would be fair use.

For example, I quote a sentence of generative AI output in LLMs and reputation management. I believe that I would have been within my fair use rights to use the same amount of text from a copyrighted history book or article.

In LLMs and the web advertising business, my point was not only that the Big Tech companies are crooks, but that it’s so obvious. A widely available LLM can easily point out that a site running Big Tech ads—for real brands—is full of ripped-off content. So I did include a short question and answer session with ChatGPT. It’s really getting old that big companies are constantly being shocked to discover infringement and other crimes when their own technology could have spotted it.

Usually when I mention AI or LLMs on here I don’t include any generated content.

More slash pages

Related

notes on ad-supported piracy LLM-generated sites are a refinement of an existing business model by infringing sites and their Big Tech enablers.

use a Large Language Model, or eat Tide Pods? Make up your own mind, I guess.

AI legal links

personal AI in the rugpull economy The big opportunity for personal AI could be in making your experiences less personalized.

Block AI training on a web site (Watch this space. More options and a possible standard could be coming in 2025.)

Money bots talk and bullshit bots walk?, boring bots ftw, How we get to the end of prediction market winter (AI and prediction markets complement each other—prediction markets need noise and arbitrage, AI needs a scalable way to measure quality of output.)

Firefox NightlyKey Improvements – These Weeks in Firefox: Issue 174

Highlights

  • Nicolas Chevobbe [:nchevobbe] Added $$$ , a console helper that retrieve elements from the document, including those in the ShadowDOM (#1899558)
  • Thanks to John Diamond for contributing changes to allow users to assign custom keyboard shortcuts for WebExtensions using the F13-F19 extended function keys
    • You can access this menu from the cog button in about:addons
    • The "Manage Extension Shortcuts" pane from about:addons. A series of keyboard shortcut mappings for an extension is displayed - one of which is mapped to the F19 key.

      You can find this menu in about:addons by clicking the cog icon and choosing “Manage Extension Shortcuts”

    • NOTE: F13-F19 function keys are still going to be invalid if specified in the default shortcuts set in the extension manifest
  • We’re going to launch the “Sections” feed experiment in New Tab soon. This layout changes how stories are laid out (new modular layouts instead of the same medium cards, some sections organized into categories)
    • Try it out yourself in Nightly by setting the following to TRUE
      • browser.newtabpage.activity-stream.discoverystream.sections.enabled
      • browser.newtabpage.activity-stream.discoverystream.sections.cards.enabled
  • Dale implemented searching Tab Groups by name in the Address Bar and showing them as Actions – Bug 1935195

Friends of the Firefox team

Resolved bugs (excluding employees)

Volunteers that fixed more than one bug

  • Abhijeet Chawla[:ff2400t]
  • Meera Murthy

New contributors (🌟 = first patch)

Project Updates

Add-ons / Web Extensions

Addon Manager & about:addons
  • Thanks to Matt Mower for contributing CSS cleanup and modernization changes to the “Manage Extensions Shortcuts” section of about:addons – Bug 1921634
WebExtensions Framework
  • A warning message bar will be shown in the Extensions panel under the soft-blocked extensions that have been re-enabled by the user – Bug 1925291
WebExtension APIs
  • Native messaging support for snap-packaged Firefox has been now merged into mozilla-central – Bug 1661935
    • NOTE: Bug 1936114 is tracking fixing an AttributeError being hit by mach xpcshell-test as a side-effect of changes applied by Bug 1661935, until the fix is landed mach test is a short-term workaround to run xpcshell tests locally

DevTools

DevTools Toolbox
WebDriver BiDi
  • External:
    • Dan (temidayoazeez032) implemented the browser.getClientWindows command which allows clients to retrieve a list of information about the current browser windows. (#1855025)
    • Spencer (speneth1) removed a duplicated get windows helper which used to be implemented in two different classes. (#1925985)
    • Patrick (peshannon104) added a log to help investigate network events for which WebDriver BiDi didn’t manage to retrieve all the response information. (#1930848)
  • Updates:
    • Sasha improved support for installing extensions with Marionette and geckodriver. Geckodriver was updated to push the addon file to the device using base 64, which allowed to enable installing extensions on GeckoView. (#1806135)
    • Still on the topic of add-ons, Sasha also added a flag to install add-ons allowed to run in Private Browsing mode. (#1926311)
    • Julian added two new fields in BiDi network events: initiatorType and destination, coming from the fetch specification. The previous initiator.type field had no clear definition and is now deprecated. This supports the transition of Cypress from CDP to WebDriver BiDi. (#1904892)
    • Julian also fixed a small issue with those two new fields, which had unexpected values for top-level document loads. (#1933331)
    • After discussions during TPAC, we decided to stop emitting various events for the initial about:blank load. Sasha fixed a first gap on this topic: WebDriver BiDi will no longer emit browsingContext.navigationStarted events for such loads. (#1922014)
    • Henrik improved the stability of commands in Marionette in case the browsing context gets discarded (#1930530).
    • Henrik also did similar improvements for our WebDriver BiDi implementation, and fine-tuned our logic to retry commands sent to content processes (#1927073).
    • Julian reverted the message for UnexpectedAlertOpenError in Marionette to make sure we include the dialog’s text, as some clients seemed to rely on this behavior. (#1924469)
    • Thanks to :valentin who fixed an issue with nsITimedChannel.asyncOpenTime, which sometimes was set to 0 unexpectedly (#1931514). Prior to that, Julian added a small workaround to fallback on nsITimedChannel.channelCreationTime, but we will soon revert it (#1930849).
    • Sasha updated the browsingContext.traverseHistory command to only accept top-level browsing contexts. (#1924859)

Lint, Docs and Workflow

New Tab Page

  • FakeSpot recommended gifts experiment ended last week
  • For this next release the team is working on:
    • Supporting experiments with more industry standard ad sizes (Leaderboard and billboard)
    • Iterating/continuing Sections feed experiment
    • AdsFeed tech debt (Consolidating new tab ads logic into one place)

Password Manager

Places

  • Marco removed the old bookmarks transaction manager (undo/redo) code, as a better version of it shipped for a few months – Bug 1870794
  • Marco has enabled for release in Firefox 135 a safeguard preventing origins from overwhelming history with multiple consecutive visits, the feature has been baking in Nightly for the last few months – Bug 1915404
  • Yazan fixed a regression with certain svg favicons being wrongly picked, and thus having a bad contrast in the UI (note it may take a few days for some icons to be expired and replaced on load) – Bug 1933158 

Search and Navigation

  • Address bar revamp (aka Scotch Bonnet project)
    • Moritz fixed a bug causing address bar results flicker due to switch to tab results – Bug 1901161
    • Yazan fixed a bug with Actions search mode wrongly persisting after picking certain actions – Bug 1919549
    • Dale added badged entries to the unified search button to install new OpenSearch engines – Bug 1916074
    • Dale fixed a problem with some installed OpenSearch engines not persisting after restart – Bug 1927951
    • Daisuke implemented dynamic hiding of the unified search button (a few additional changes incoming to avoid shifting the URL on focus) – Bug 1928132
    • Daisuke fixed a problem with Esc not closing the address bar dropdown when unified search button is focused – Bug 1933459
  • Suggest
  • Other relevant fixes
    • Contributor Anthony Mclamb fixed unexpected console error messages when typing just ‘@’ in the address bar – Bug 1922535

Storybook/Reusable Components

  • Anna Kulyk (welcome! Yes of moz-message-bar fame!) cleaned up some leftover code in moz-card Bug 1910631
  • Mark Kennedy updated the Heartbeat infobar to use the moz-five-star component, and updated the component to support selecting a rating Bug 1864719
  • Mark Kennedy updated the about:debugging page to use the new –page-main-content-width design token which had the added benefit of bringing our design tokens into the chrome://devtools/ package Bug 1931919
  • Tim added support for support links in moz-fieldset Bug 1917070 Storybook
  • Hanna updated our support links to be placed after the description, if one is present Bug 1928501 Storybook

Mozilla ThunderbirdThunderbird Monthly Development Digest – December 2024

Happy New Year Thunderbirders! With a productive December and a good rest now behind us, the team is ready for an amazing year. Since the last update, we’ve had some successes that have felt great. We also completed a retrospective on a major pain point from last year. This has been humbling and has provided an important opportunity for learning and improvement.

Exchange Web Services support in Rust

Prior to the team taking their winter break, a cascade of deliverables passed the patch review process and landed in Daily. A healthy cadence of task completion saw a number of features reach users and lift the team’s spirits:

  • Copy to EWS from other protocol
  • Folder create
  • Enhanced logging
  • Local Storage
  • Save & manipulate Draft
  • Folder delete
  • Fix Edit Draft

Keep track of feature delivery here.

Account Hub

The overhauled Account Hub passed phase 1 QA review! A smaller team is handling phase 2 enhancements now that the initial milestone is complete. Our current milestone includes tasks for density and font awareness, refactoring of state management, OAuth prompts and more, which you can follow via Meta bug & progress tracking.

Global Database & Conversation View

Progress on the global database project was significant in the tail end of 2024, with foundational components taking shape. The team has implemented a database for folder management, including support for adding, removing, and reordering folders, and code for syncing the database with folders on disk. Preliminary work on a messages table and live view system is underway, enabling efficient filtering and handling of messages in real time. We have developed a mock UI to test these features, along with early documentation. Next steps include transitioning legacy folder and message functionality to a new “magic box” system, designed to simplify future refactoring and ensure a smooth migration without a disruptive “Big Bang” release.

Encryption

The future of email encryption has been on our minds lately. We have planned and started work on bridging the gap between some of the factions and solutions which are in place to provide quantum-resistant solutions in a post-quantum world. To provide ourselves with the breathing room to strategize and bring stakeholders together, we’re looking to hire a hardening team member who is familiar with encryption and comfortable with lower level languages like C. Stay tuned if this might be you!

In-App Notifications

With phase 1 of this project complete, we uplifted the feature to 134.0 Beta and notifications were shared with a significant number of users on both beta and daily releases in December. Data collected via Glean telemetry uncovered a couple of minor issues that have been addressed. It also provided peace of mind that the targeting system works as expected. Phase 2 of the project is well underway, and we have already uplifted some features and now merged them with 135.0 BetaMeta Bug & progress tracking.

Folder & Message Corruption

In the aftermath of our focused team effort to correct corruption issues introduced during our 2023 refactoring and solve other long-standing problems, we spent some time in self-reflection to perform a post mortem on the processes, decisions and situations which led to data loss and frustrations for users. While we regret a good number of preventable mistakes, it is also helpful to understand things outside of our control which played a part in this user-facing problem. You can find the findings and action plan here. We welcome any productive recommendations to improve future development in the more complex and arcane parts of the code.

New Features Landing Soon

Several requested features and fixes have reached our Daily users and include…

As usual, if you want to see things as they land, and help us squash some early bugs, you can always check the pushlog and try running daily, which would be immensely helpful for catching things early.

See you next month after FOSDEM!

Toby Pilling

Senior Manager, Desktop Engineering

The post Thunderbird Monthly Development Digest – December 2024 appeared first on The Thunderbird Blog.

Wladimir PalantChrome Web Store is a mess

Let’s make one thing clear first: I’m not singling out Google’s handling of problematic and malicious browser extensions because it is worse than Microsoft’s for example. No, Microsoft is probably even worse but I never bothered finding out. That’s because Microsoft Edge doesn’t matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?

Screenshot of the Chrome download page. A subtitle “Extend your experience” is visible with the text “From shopping and entertainment to productivity, find extensions to improve your experience in the Chrome Web Store.” Next to it a screenshot of the Chrome browser and some symbols on top of it representing various extensions.

Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required” approach towards moderating Chrome Web Store. Their attempts to automate all things moderation do little to deter malicious actors, all while creating considerable issues for authors of legitimate add-ons. Even when reports reach Google’s human moderation team, the actions taken are inconsistent, and Google generally shies away from taking decisive actions against established businesses.

As a result, for a decade my recommendation for Chrome users has been to stay away from Chrome Web Store if possible. Whenever extensions are absolutely necessary, it should be known who is developing them, why, and how the development is being funded. Just installing some extension from Chrome Web Store, including those recommended by Google or “featured,” is very likely to result in your browsing data being sold or worse.

Google employees will certainly disagree with me. Sadly, much of it is organizational blindness. I am certain that you meant it well and that you did many innovative things to make it work. But looking at it from the outside, it’s the result that matters. And for the end users the result is a huge (and rather dangerous) mess.

Some recent examples

Five years ago I discovered that Avast browser extensions were spying on their users. Mozilla and Opera disabled the extension listings immediately after I reported it to them. Google on the other hand took two weeks where they supposedly discussed their policies internally. The result of that discussion was eventually their “no surprises” policy:

Building and maintaining user trust in the Chrome Web Store is paramount, which means we set a high bar for developer transparency. All functionalities of extensions should be clearly disclosed to the user, with no surprises. This means we will remove extensions which appear to deceive or mislead users, enable dishonest behavior, or utilize clickbaity functionality to artificially grow their distribution.

So when dishonest behavior from extensions is reported today, Google should act immediately and decisively, right? Let’s take a look at two examples that came up in the past few months.

In October I wrote about the refoorest extension deceiving its users. I could conclusively prove that Colibri Hero, the company behind refoorest, deceives their users on the number of trees they supposedly plant, incentivizing users into installing with empty promises. In fact, there is strong indication that the company never even donated for planting trees beyond a rather modest one-time donation.

Google got my report and dealt with it. What kind of action did they take? That’s a very good question that Google won’t answer. But refoorest is still available from Chrome Web Store, it is still “featured” and it still advertises the very same completely made up numbers of trees they supposedly planted. Google even advertises for the extension, listing it in the “Editors’ Picks extensions” collection, probably the reason why it gained some users since my report. So much about being honest. For comparison: refoorest used to be available from Firefox Add-ons as well but was already removed when I started my investigation. Opera removed the extension from their add-on store within hours of my report.

But maybe that issue wasn’t serious enough? After all, there is no harm done to users if the company is simply pocketing the money they claim to spend on a good cause. So also in October I wrote about the Karma extension spying on users. Users are not being notified about their browsing data being collected and sold, except for a note buried in their privacy policy. Certainly, that’s identical to the Avast case mentioned before and the extension needs to be taken down to protect users?

Screenshot of a query string parameters listing. The values listed include current_url (a Yahoo address with an email address in the query string), tab_id, user_id, distinct_id, local_time.

Again, Google got my report and dealt with it. And again I fail to see any result of their action. The Karma extension remains available on Chrome Web Store unchanged, it will still notify their server about every web page you visit (see screenshot above). The users still aren’t informed about this. Yet their Chrome Web Store page continues to claim “This developer declares that your data is not being sold to third parties, outside of the approved use cases,” a statement contradicted by their privacy policy. The extension appears to have lost its “Featured” badge at some point but now it is back.

Note: Of course Karma isn’t the only data broker that Google tolerates in Chrome Web Store. I published a guest article today by a researcher who didn’t want to disclose their identity, explaining their experience with BIScience Ltd., a company misleading millions of extension users to collect and sell their browsing data. This post also explains how Google’s “approved use cases” effectively allow pretty much any abuse of users’ data.

Mind you, neither refoorest nor Karma were alone but rather recruited or bought other browser extensions as well. These other browser extensions were turned outright malicious, with stealth functionality to perform affiliate fraud and/or collect users’ browsing history. Google’s reaction was very inconsistent here. While most extensions affiliated with Karma were removed from Chrome Web Store, the extension with the highest user numbers (and performing affiliate fraud without telling their users) was allowed to remain for some reason.

With refoorest, most affiliate extensions were removed or stopped using their Impact Hero SDK. Yet when I checked more than two months after my report two extensions from my original list still appeared to include that hidden affiliate fraud functionality and I found seven new ones that Google apparently didn’t notice.

The reporting process

Now you may be wondering: if I reported these issues, why do I have to guess what Google did in response to my reports? Actually, keeping me in the dark is Google’s official policy:

Screenshot of an email: Hello Developer, Thank you again for reporting these items. Our team is looking into the items  and will take action accordingly. Please refer to the  possible enforcement (hyperlinked) actions and note that we are unable to comment on the status of individual items. Thank you for your contributions to the extensions ecosystem. Sincerely, Chrome Web Store Developer Support

This is by the way the response I received in November after pointing out the inconsistent treatment of the extensions. A month later the state of affairs was still that some malicious extensions got removed while other extensions with identical functionality were available for users to install, and I have no idea why that is. I’ve heard before that Google employees aren’t allowed to discuss enforcement actions, and your guess is as good as mine as to whom this policy is supposed to protect.

Supposedly, the idea of not commenting on policy enforcement actions is hiding the internal decision making from bad actors, so that they don’t know how to game the process. If that’s the theory however, it isn’t working. In this particular case the bad actors got some feedback, be it through their extensions being removed or due to the adjustments demanded by Google. It’s only me, the reporter of these issues, who needs to be guessing.

But, and this is a positive development, I’ve received a confirmation that both these reports are being worked on. This is more than I usually get from Google which is: silence. And typically also no visible reaction either, at least until a report starts circulating in media publications forcing Google to act on it.

But let’s take a step back and ask ourselves: how does one report Chrome Web Store policy violations? Given how much Google emphasizes their policies, there should be an obvious way?

In fact, there is a support document on reporting issues. And when I started asking around, even Google employees would direct me to it.

If you find something in the Chrome Web Store that violates the Chrome Web Store Terms of Service, or trademark or copyright infringement, let us know.

Sounds good, right? Except that the first option says:

At the bottom left of the window, click Flag Issue.

Ok, that’s clearly the old Chrome Web Store. But we understand of course that they mean the “Flag concern” link which is nowhere near the bottom. And it gives us the following selection:

Screenshot of a web form offering a choice from the following options: Did not like the content, Not trustworthy, Not what I was looking for, Felt hostile, Content was disturbing, Felt suspicious

This doesn’t really seem like the place to report policy violations. Even “Felt suspicious” isn’t right for an issue you can prove. And, unsurprisingly, after choosing this option Google just responds with:

Your abuse report has been submitted successfully.

No way to provide any details. No asking for my contact details in case they have questions. No context whatsoever, merely “felt suspicious.” This is probably fed to some algorithm somewhere which might result in… what actually? Judging by malicious extensions where users have been vocally complaining, often for years: nothing whatsoever. This isn’t the way.

Well, there is another option listed in the document:

If you think an item in the Chrome Web Store violates a copyright or trademark, fill out this form.

Yes, Google seems to care about copyright and trademark violations, but a policy violation isn’t that. If we try the form nevertheless it gives us a promising selection:

Screenshot of a web form titled “Select the reason you wish to report content.” The available options are: Policy (Non-legal) Reasons to Report Content, Legal Reasons to Report Content

Finally! Yes, policy reasons are exactly what we are after, let’s click that. And there comes another choice:

Screenshot of a web form titled “Select the reason you wish to report content.” The only available option is: Child sexual abuse material

That’s really the only option offered. And I have questions. At the very least those are: in what jurisdiction is child sexual abuse material a non-legal reason to report content? And: since when is that the only policy that Chrome Web Store has?

We can go back and try “Legal Reasons to Report Content” of course but the options available are really legal issues: intellectual properties, court orders or violations of hate speech law. This is another dead end.

It took me a lot of asking around to learn that the real (and well-hidden) way to report Chrome Web Store policy violations is Chrome Web Store One Stop Support. I mean: I get it that Google must be getting lots of non-sense reports. And they probably want to limit that flood somehow. But making legitimate reports almost impossible can’t really be the way.

In 2019 Google launched the Developer Data Protection Reward Program (DDPRP) meant to address privacy violations in Chrome extensions. Its participation conditions were rather narrow for my taste, pretty much no issue would qualify for the program. But at least it was a reliable way to report issues which might even get forwarded internally. Unfortunately, Google discontinued this program in August 2024.

It’s not that I am very convinced of DDPRP’s performance. I’ve used that program twice. First time I reported Keepa’s data exfiltration. DDPRP paid me an award for the report but, from what I could tell, allowed the extension to continue unchanged. The second report was about the malicious PDF Toolbox extension. The report was deemed out of scope for the program but forwarded internally. The extension was then removed quickly, but that might have been due to the media coverage. The benefit of the program was really: it was a documented way of reaching a human being at Google that would look at a problematic extension.

Chrome Web Store and their spam issue

In theory, there should be no spam on Chrome Web Store. The policy is quite clear on that:

We don’t allow any developer, related developer accounts, or their affiliates to submit multiple extensions that provide duplicate experiences or functionality on the Chrome Web Store.

Unfortunately, this policy’s enforcement is lax at best. Back in June 2023 I wrote about a malicious cluster of Chrome extensions. I listed 108 extensions belonging to this cluster, pointing out their spamming in particular:

Well, 13 almost identical video downloaders, 9 almost identical volume boosters, 9 almost identical translation extensions, 5 almost identical screen recorders are definitely not providing value.

I’ve also documented the outright malicious extensions in this cluster, pointing out that other extensions are likely to turn malicious as well once they have sufficient users. And how did Google respond? The malicious extensions have been removed, yes. But other than that, 96 extensions from my original list remained active in January 2025, and there were of course more extensions that my original report didn’t list. For whatever reason, Google chose not to enforce their anti-spam policy against them.

And that’s merely one example. My most recent blog post documented 920 extensions using tricks to spam Chrome Web Store, most of them belonging to a few large extension clusters. As it turned out, Google was made aware of this particular trick a year before my blog post already. And again, for some reason Google chose not to act.

Can extension reviews be trusted?

So when you search for extensions in Chrome Web Store, many results will likely come from one of the spam clusters. But the choice to install a particular extension is typically based on reviews. Can at least these reviews be trusted? Concerning moderation of reviews Google says:

Google doesn’t verify the authenticity of reviews and ratings, but reviews that violate our terms of service will be removed.

And the important part in the terms of service is:

Your reviews should reflect the experience you’ve had with the content or service you’re reviewing. Do not post fake or inaccurate reviews, the same review multiple times, reviews for the same content from multiple accounts, reviews to mislead other users or manipulate the rating, or reviews on behalf of others. Do not misrepresent your identity or your affiliation to the content you’re reviewing.

Now you may be wondering how well these rules are being enforced. The obviously fake review on the Karma extension is still there, three months after being posted. Not that it matters, with their continuous stream of incoming five star reviews.

A month ago I reported an extension to Google that, despite having merely 10,000 users, received 19 five star reviews on a single day in September – and only a single (negative) review since then. I pointed out that it is a consistent pattern across all extensions of this account, e.g. another extension (merely 30 users) received 9 five star reviews on the same day. It really doesn’t get any more obvious than that. Yet all these reviews are still online.

Screenshot of seven reviews, all giving five stars and all from September 19, 2024. Top review is by Sophia Franklin saying “solved all my proxy switching issues. fast reliable and free.” Next review is by Robert Antony saying “very  user-friendly and efficient for managing proxy profiles.” The other reviews all continue along the same lines.

And it isn’t only fake reviews. The refoorest extension incentivizes reviews which violates Google’s anti-spam policy (emphasis mine):

Developers must not attempt to manipulate the placement of any extensions in the Chrome Web Store. This includes, but is not limited to, inflating product ratings, reviews, or install counts by illegitimate means, such as fraudulent or incentivized downloads, reviews and ratings.

It has been three months, and they are still allowed to continue. The extension gets a massive amount of overwhelmingly positive reviews, users get their fake trees, everybody is happy. Well, other than the people trying to make sense of these meaningless reviews.

With reviews being so easy to game, it looks like lots of extensions are doing it. Sometimes it shows as a clearly inflated review count, sometimes it’s the overwhelmingly positive or meaningless content. At this point, any user ratings with the average above 4 stars likely have been messed with.

The “featured” extensions

But at least the “Featured” badge is meaningful, right? It certainly sounds like somebody at Google reviewed the extension and considered it worthy of carrying the badge. At least Google’s announcement indeed suggests a manual review:

Chrome team members manually evaluate each extension before it receives the badge, paying special attention to the following:

  1. Adherence to Chrome Web Store’s best practices guidelines, including providing an enjoyable and intuitive experience, using the latest platform APIs and respecting the privacy of end-users.
  2. A store listing page that is clear and helpful for users, with quality images and a detailed description.

Yet looking through 920 spammy extensions I reported recently, most of them carry the “Featured” badge. Yes, even the endless copies of video downloaders, volume boosters, AI assistants, translators and such. If there is an actual manual review of these extensions as Google claims, it cannot really be thorough.

To provide a more tangible example, Chrome Web Store currently has Blaze VPN, Safum VPN and Snap VPN extensions carry the “Featured” badge. These extensions (along with Ishaan VPN which has barely any users) belong to the PDF Toolbox cluster which produced malicious extensions in the past. A cursory code inspection reveals that all four are identical and in fact clones of Nucleus VPN which was removed from Chrome Web Store in 2021. And they also don’t even work, no connections succeed. The extension not working is something users of Nucleus VPN complained about already, a fact that the extension compensated with fake reviews.

So it looks like the main criteria for awarding the “Featured” badge are the things which can be easily verified automatically: user count, Manifest V3, claims to respect privacy (not even the privacy policy, merely that the right checkbox was checked), a Chrome Web Store listing with all the necessary promotional images. Given how many such extensions are plainly broken, the requirements on the user interface and generally extension quality don’t seem to be too high. And providing unique functionality definitely isn’t on the list of criteria.

In other words: if you are a Chrome user, the “Featured” badge is completely meaningless. It is no guarantee that the extension isn’t malicious, not even an indication. In fact, authors of malicious extensions will invest some extra effort to get this badge. That’s because the website algorithm seems to weigh the badge considerably towards the extension’s ranking.

How did Google get into this mess?

Google Chrome first introduced browser extensions in 2011. At that point the dominant browser extensions ecosystem was Mozilla’s, having been around for 12 years already. Mozilla’s extensions suffered from a number of issues that Chrome developers noticed of course: essentially unrestricted privileges necessitated very thorough reviews before extensions could be published on Mozilla Add-ons website, due to high damage potential of the extensions (both intentional and unintentional). And since these reviews relied largely on volunteers, they often took a long time, with the publication delays being very frustrating to add-on developers.

Disclaimer: I was a reviewer on Mozilla Add-ons myself between 2015 and 2017.

Google Chrome was meant to address all these issues. It pioneered sandboxed extensions which allowed limiting extension privileges. And Chrome Web Store focused on automated reviews from the very start, relying on heuristics to detect problematic behavior in extensions, so that manual reviews would only be necessary occasionally and after the extension was already published. Eventually, market pressure forced Mozilla to adopt largely the same approaches.

Google’s over-reliance on automated tools caused issues from the very start, and it certainly didn’t get any better with the increased popularity of the browser. Mozilla accumulated a set of rules to make manual reviews possible, e.g. all code should be contained in the extension, so no downloading of extension code from web servers. Also, reviewers had to be provided with an unobfuscated and unminified version of the source code. Google didn’t consider any of this necessary for their automated review systems. So when automated review failed, manual review was often very hard or even impossible.

It’s only with the introduction of Manifest V3 now that Chrome finally prohibits remote hosted code. And it took until 2018 to prohibit code obfuscation, while Google’s reviewers still have to reverse minification for manual reviews. Mind you, we are talking about policies that were already long established at Mozilla when Google entered the market in 2011.

And extension sandboxing, while without doubt useful, didn’t really solve the issue of malicious extensions. I already wrote about one issue back in 2016:

The problem is: useful extensions will usually request this kind of “give me the keys to the kingdom” permission.

Essentially, this renders permission prompts useless. Users cannot possibly tell whether an extension has valid reasons to request extensive privileges. So legitimate extensions have to constantly deal with users who are confused about why the extension needs to “read and change all your data on all websites.” At the same time, users are trained to accept such prompts without thinking twice.

And then malicious add-ons come along, requesting extensive privileges under a pretense. Monetization companies put out guides for extension developers on how they can request more privileges for their extensions while fending off complains from users and Google alike. There is a lot of this going on in Chrome Web Store, and Manifest V3 couldn’t change anything about it.

So what we have now is:

  1. Automated review tools that malicious actors willing to invest some effort can work around.
  2. Lots of extensions with the potential for doing considerable damage, yet little way of telling which ones have good reasons for that and which ones abuse their privileges.
  3. Manual reviews being very expensive due to historical decisions.
  4. Massively inflated extension count due to unchecked spam.

Number 3 and 4 in particular seem to further trap Google in the “it needs to be automated” mindset. Yet adding more automated layers isn’t going to solve the issue when there are companies which can put a hundred employees on devising new tricks to avoid triggering detection. Yes, malicious extensions are big business.

What could Google do?

If Google were interested in making Chrome Web Store a safer place, I don’t think there is a way around investing considerable (manual) effort into cleaning up the place. Taking down a single extension won’t really hurt the malicious actors, they have hundreds of other extensions in the pipeline. Tracing the relationships between extensions on the other hand and taking down the entire cluster – that would change things.

As the saying goes, the best time to do this was a decade ago. The second best time is right now, when Chrome Web Store with its somewhat less than 150,000 extensions is certainly large but not yet large enough to make manual investigations impossible. Besides, there is probably little point in investigating abandoned extensions (latest release more than two years ago) which make up almost 60% of Chrome Web Store.

But so far Google’s actions have been entirely reactive, typically limited to extensions which already caused considerable damage. I don’t know whether they actually want to stay on top of this. From the business point of view there is probably little reason for that. After all, Google Chrome no longer has to compete for market share, having essentially won against the competition. Even with Chrome extensions not being usable, Chrome will likely stay the dominant browser.

In fact, Google has significant incentives to keep a particular class of extensions low, so one might even suspect intention behind allowing Chrome Web Store to be flooded with shady and outright malicious ad blockers.

Wladimir PalantBIScience: Collecting browsing history under false pretenses

  • This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.

Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.

This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.

Screenshot of a website citing a bunch of numbers: 10 Million+ opt-in panelists globally and growing, 60 Global Markets, 4.5 Petabyte behavioral data collected monthly, 13 Months average retention time of panelists, 250 Million online user events per day, 2 Million eCommerce product searches per day, 10 Million keyword searches recorded daily, 400 Million unique domains tracked daily<figcaption> Screenshot of claims on the BIScience website </figcaption>

Who is BIScience?

BIScience is a long-established data broker that owns multiple extensions in the Chrome Web Store (CWS) that collect clickstream data under false pretenses. They also provide a software development kit (SDK) to partner third-party extension developers to collect and sell clickstream data from users, again under false pretenses. This SDK will send data to sclpfybn.com and other endpoints controlled by BIScience.

“Clickstream data” is an analytics industry term for “browsing history”. It consists of every URL users visit as they browse the web.

According to their website, BIScience “provides the deepest digital & behavioral data intelligence to market research companies, brands, publishers & investment firms”. They sell clickstream data through their Clickstream OS product and sell derived data under other product names.

BIScience owns AdClarity. They provide “advertising intelligence” for companies to monitor competitors. In other words, they have a large database of ads observed across the web. They use data collected from services operated by BIScience and third parties they partner with.

BIScience also owns Urban Cyber Security. They provide VPN, ad blocking, and safe browsing services under various names: Urban VPN, 1ClickVPN, Urban Browser Guard, Urban Safe Browsing, and Urban Ad Blocker. Urban collects user browsing history from these services, which is then sold by BIScience to third parties through Clickstream OS, AdClarity, and other products.

BIScience also owned GeoSurf, a residential proxy service that shut down in December 2023.

BIScience collects data from millions of users

BIScience is a huge player in the browser extension ecosystem, based on their own claims and our observed activity. They also collect data from other sources, including Windows apps and Android apps that spy on other running apps.

The websites of BIScience and AdClarity make the following claims:

  • They collect data from 25 million users, over 250 million user events per day, 400 million unique domains
  • They process 4.5 petabytes of data every month
  • They are the “largest human panel based ad intelligence platform”

These numbers are the most recent figures from all pages on their websites, not only the home pages. They have consistently risen over the years based on archived website data, so it’s safe to say any lower figures on their website are outdated.

BIScience buys data from partner third-party extensions

BIScience proactively contacts extension developers to buy clickstream data. They claim to buy this data in anonymized form, and in a manner compliant with Chrome Web Store policies. Both claims are demonstrably false.

Several third-party extensions integrate with BIScience’s SDK. Some are listed in the Secure Annex blog post, and we have identified more in the IOCs section. There are additional extensions which use their own custom endpoint on their own domain, making it more difficult to identify their sale of user data to BIScience and potentially other data brokers. Secure Annex identifies October 2023 as the earliest known date of BIScience integrations. Our evidence points to 2019 or earlier.

Our internal data shows the Visual Effects for Google Meet extension and other extensions collecting data since at least mid-2022. BIScience has likely been collecting data from extensions since 2019 or earlier, based on public GitHub posts by BIScience representatives (2021, 2021, 2022) and the 2019 DataSpii research that found some references to AdClarity in extensions. BIScience was founded in 2009 when they launched GeoSurf. They later launched AdClarity in 2012.

BIScience receives raw data, not anonymized data

Despite BIScience’s claims that they only acquire anonymized data, their own extensions send raw URLs, and third-party extensions also send raw URLs to BIScience. Therefore BIScience collects granular clickstream data, not anonymized data.

If they meant to say that they only use/resell anonymized data, that’s not comforting either. BIScience receives the raw data and may store, use, or resell it as they choose. They may be compelled by governments to provide the raw data, or other bad actors may compromise their systems and access the raw data. In general, collecting more data than needed increases risks for user privacy.

Even if they anonymize data as soon as they receive it, anonymous clickstream data can contain sensitive or identifying information. A notable example is the Avast-Jumpshot case discovered by Wladimir Palant, who also wrote a deep dive into why anonymizing browsing history is very hard.

As the U.S. FTC investigation found, Jumpshot stored unique device IDs that did not change over time. This allowed reidentification with a sufficient number of URLs containing identifying information or when combined with other commercially-available data sources.

Similarly, BIScience’s collected browsing history is also tied to a unique device ID that does not change over time. A user’s browsing history may be tied to their unique ID for years, making it easier for BIScience or their buyers to perform reidentification.

BIScience’s privacy policy states granular browsing history information is sometimes sold with unique identifiers (emphasis ours):

In most cases the Insights are shared and [sold] in an aggregated non-identifying manner, however, in certain cases we will sell or share the insights with a general unique identifier, this identifier does not include your name or contact information, it is a random serial number associated with an End Users’ browsing activity. However, in certain jurisdictions this is considered Personal Data, and thus, we treat it as such.

Misleading CWS policies compliance

When you read the Chrome Web Store privacy disclosures on every extension listing, they say:

This developer declares that your data is

  • Not being sold to third parties, outside of approved use cases
  • Not being used or transferred for purposes that are unrelated to the item’s core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

You might wonder:

  1. How is BIScience allowed to sell user data from their own extensions to third parties, through AdClarity and other BIScience products?
  2. How are partner extensions allowed to sell user data to BIScience, a third party?

BIScience and partners take advantage of loopholes in the Chrome Web Store policies, mainly exceptions listed in the Limited Use policy which are the “approved use cases”. These exceptions appear to allow the transfer of user data to third parties for any of the following purposes:

  • if necessary to providing or improving your single purpose;
  • to comply with applicable laws;
  • to protect against malware, spam, phishing, or other fraud or abuse; or,
  • as part of a merger, acquisition or sale of assets of the developer after obtaining explicit prior consent from the user

The Limited Use policy later states:

All other transfers, uses, or sale of user data is completely prohibited, including:

  • Transferring, using, or selling data for personalized advertisements.
  • Transferring or selling user data to third parties like advertising platforms, data brokers, or other information resellers.
  • Transferring, using, or selling user data to determine credit-worthiness or for lending purposes.

BIScience and partner extensions develop user-facing features that allegedly require access to browsing history, to claim the “necessary to providing or improving your single purpose” exception. They also often implement safe browsing or ad blocking features, to claim the “protect against malware, spam, phishing” exception.

Chrome Web Store appears to interpret their policies as allowing the transfer of user data, if extensions claim Limited Use exceptions through their privacy policy or other user disclosures. Unfortunately, bad actors falsely claim these exceptions to sell user data to third parties.

This is despite the CWS User Data FAQ stating (emphasis ours):

  1. Can my extension collect web browsing activity not necessary for a user-facing feature, such as collecting behavioral ad-targeting data or other monetization purposes?
    No. The Limited Uses of User Data section states that an extension can only collect and transmit web browsing activity to the extent required for a user-facing feature that is prominently described in the Chrome Web Store page and user interface. Ad targeting or other monetization of this data isn’t for a user-facing feature. And, even if a user-facing feature required collection of this data, its use for ad targeting or any other monetization of the data wouldn’t be permitted because the Product is only permitted to use the data for the user-facing feature.

In other words, even if there is a “legitimate” feature that collects browsing history, the same data cannot be sold for profit.

Unfortunately, when we and other researchers ask Google to enforce these policies, they appear to lean towards giving bad actors the benefit of the doubt and allow the sale of user data obtained under false pretenses.

We have the receipts contracts, emails, and more to prove BIScience and partners transfer and sell user data in a “completely prohibited” manner, primarily for the purpose of “transferring or selling user data to third parties like advertising platforms, data brokers, or other information resellers” with intent to monetize the data.

BIScience extensions exception claims

Urban products (owned by BIScience) appear to provide ad blocking and safe browsing services, both of which may claim the “protect against malware, spam, phishing” exception. Their VPN products (Urban VPN, 1ClickVPN) may claim the “necessary to providing single purpose” exception.

These exceptions are abused by BIScience to collect browsing history data for prohibited purposes, because they also sell this user data to third parties through AdClarity and other BIScience products. There are ways to provide these services without processing raw URLs in servers, therefore they do not need to collect this data. They certainly don’t need to sell it to third parties.

Reputable ad blocking extensions, such as Adblock Plus, perform blocking solely on the client side, without sending every URL to a server. Safe browsing protection can also be performed client side or in a more privacy-preserving manner even when using server-side processing.

Partner extensions exception claims, guided by BIScience

Partner third-party extensions collect data under even worse false pretenses. Partners are encouraged by BIScience to implement bogus services that exist solely to collect and sell browsing history to BIScience. These bogus features are only added to claim the Limited Use policy exceptions.

We analyzed several third-party extensions that partner with BIScience. None have legitimate business or technical reasons to collect browsing history and sell it to BIScience.

BIScience provides partner extensions with two integration options: They can add the BIScience SDK to automatically collect data, or partners can send their self-collected data to a BIScience API endpoint or S3 bucket.

The consistent message from the documents and emails provided by BIScience to our sources is essentially this, in our own words: You can integrate our SDK or send us browsing history activity if you make a plausible feature for your existing extension that has nothing to do with your actual functionality that you have provided for years. And here are some lies you can tell CWS to justify the collection.

BIScience SDK

The SDKs we have observed provide either safe browsing or ad blocking features, which makes it easy for partner extensions to claim the “protect against malware, spam, phishing” exception.

The SDK checks raw URLs against a BIScience service hosted on sclpfybn.com. With light integration work, an extension can allege they offer safe browsing protection or ad blocking. We have not evaluated how effective this safe browsing protection is compared to reputable vendors, but we suspect it performs minimal functionality to pass casual examination. We confirmed this endpoint also collects user data to resell it, which is unrelated to the safe browsing protection.

Unnecessary features

Whether implemented through the SDK or their own custom integration, the new “features” in partner extensions were completely unrelated to the extension’s existing core functionality. All the analyzed extensions had working core functionality before they added the BIScience integrations.

Let’s look at this illuminating graphic, sent by BIScience to one of our sources:

A block diagram titled “This feature, whatever it may be, should justify to Google Play or Google Chrome, why you are looking for access into users url visits information.” The scheme starts with a circle labeled “Get access to user’s browsing activity.” An arrow points towards a rectangle labeled “Send all URLs, visited by user, to your backend.” An arrow points to a rhombus labeled “Does the particular URL meets some criteria?” An asterisk in the rhombus points towards a text passage: “The criteria could fall under any of your preferences: -did you list the URL as malware? -is the URL a shopping website? -does the URL contain sensitive data? -is the URL travel related? etc.” An arrow labeled “No” points to a rectangle labeled “Do nothing; just store the URL and meta data.” An arrow labeled “Yes” points to a rectangle labeled “Store URL and meta data; provide related user functionality.” Both the original question and yes/no paths are contained within a larger box labeled “User functionality” but then have arrows pointing to another rectangle outside that box labeled “Send the data to Biscience endpoint.”

Notice how the graphic shows raw URLs are sent to BIScience regardless of whether the URL is needed to provide the user functionality, such as safe browsing protection. The step of sending data to BIScience is explicitly outside and separate from the user functionality.

Misleading privacy policy disclosures

BIScience’s integration guide suggests changes to an extension’s privacy policy in an attempt to comply with laws and Chrome Web Store policies, such as:

Company does not sell or rent your personal data to any third parties. We do, however, need to share your personal data to run our everyday business. We share your personal data with our affiliates and third-party service providers for everyday business purposes, including to:

  • Detect and suggest to close malware websites;
  • Analytics and Traffic Intelligence

This and other suggested clauses contradict each other or are misleading to users.

Quick fact check:

  • Extension doesn’t sell your personal data: False, the main purpose of the integration with BIScience is to sell browsing history data.
  • Extension needs to share your personal data: False, this is not necessary for everyday business. Much less for veiled reasons such as malware protection or analytics.

An astute reader may also notice BIScience considers browsing history data as personal data, given these clauses are meant to disclose transfer of browsing history to BIScience.

Misleading user consent

BIScience’s contracts with partners require opt-in consent for browsing history collection, but in practice these consents are misleading at best. Each partner must write their own consent prompt, which is not provided by BIScience in the SDK or documentation.

As an example, the extension Visual Effects for Google Meet integrated the BIScience safe browsing SDK to develop a new “feature” that collects browsing history:

Screenshot of a pop-up titled “Visual Effects is now offering Safe-Meeting.” The text says: “To allow us to enable integrated anti-mining and malicious site protection for the pages you visit please click agree to allow us access to your visited websites. Any and all data collected will be strictly anonymous.” Below it a prominent button with the label “Agree” and a much smaller link labeled “Disagree.”

We identified other instances of consent prompts that are even more misleading, such as a vague “To continue using our extension, please allow web history access” within the main product interface. This was only used to obtain consent for the BIScience integration and had no other purpose.

Our hope for the future

When you read the Chrome Web Store privacy disclosures on every extension listing, you might be inclined to believe the extension isn’t selling your browsing history to a third party. Unfortunately, Chrome Web Store allows this if extensions pretend they are collecting “anonymized” browsing history for “legitimate” purposes.

Our hope is that Chrome Web Store closes these loopholes and enforces stricter parts of the existing Limited Use and Single Purpose policies. This would align with the Chrome Web Store principles of Be Safe, Be Honest, and Be Useful.

If they don’t close these loopholes, we want CWS to clarify existing privacy disclosures shown to all users in extension listings. These disclosures are currently insufficient to communicate that user data is being sold under these exceptions.

Browser extension users deserve better privacy and transparency.

Related reading

If you want to learn more about browser extensions collecting your browsing history for profit:

IOCs

The Secure Annex blog post publicly disclosed many domains related to BIScience. We have observed additional domains over the years, and have included all the domains below.

We have chosen not to disclose some domains used in custom integrations to protect our sources and ongoing research.

Collection endpoints seen in third-party extensions:

  • sclpfybn[.]com
  • tnagofsg[.]com

Collection endpoints seen in BIScience-owned extensions and software:

  • urban-vpn[.]com
  • ducunt[.]com
  • adclarity[.]com

Third-party extensions which have disclosed in their privacy policies that they share raw browsing history with BIScience (credit to Wladimir Palant for identifying these):

  • sandvpn[.]com
  • getsugar[.]io

Collection endpoints seen in online data, software unknown but likely in third-party software:

  • cykmyk[.]com
  • fenctv[.]com

Collection endpoint in third-party software, identified in 2019 DataSpii research:

  • pnldsk[.]adclarity[.]com

Don MartiClick this to buy better stuff and be happier

Here’s my contender for Internet tip of the year. It’s going to take under a minute, and will not just help you buy better stuff, but also make you happier in general. Ready? Here it is, step by step.

  1. Log in to your Google account if you’re not logged in already. (If you have a Gmail or Google Drive tab open in the browser, you’re logged in.)

  2. Go to My Ad Center.

  3. Find the Personalized ads control. It looks something like this.

Personalized ads on <figcaption>Personalized ads on</figcaption>
  1. Turn it off.
Personalized ads off <figcaption>Personalized ads off</figcaption>
  1. That’s it. Unless you have another Google account. If you do have multiple Google acccounts (like home, school, and work accounts) do this for each one.

This will affect the ads you get on all the Google sites and apps, including Google Search and YouTube, along with the Google ads on other sites. Google is probably going to show you some message to try to discourage you from doing this. When I checked this, I got the following message.

Ads may seem less relevant When your info isn’t used for ads, you may see fewer ads for products and brands that interest you. Non-personalized ads on Google are shown to you according to factors like the time of day, device type, your current search or the website you’re visiting, or your current location (based on your IP address or device permissions).

But what they don’t say is anything about how personalized ads will help you buy better products and services. And that’s because—and I’m going out on a limb here data-wise, but a pretty short and solid limb, and I’ll explain why—they just don’t. Choosing to turn off personalized ads somehow makes you a more satisfied shopper and better off.

How does this work?

I still don’t know how exactly how this tip works, but so far there have been a few theories.

1: lower fraud risk. It’s possible that de-personalizing the ads reduces the number of scam advertisers who can successfully reach you. Bian et al., in Consumer Surveillance and Financial Fraud, show that Apple App Tracking Transparency, which reduces the ability of apps to personalize ads, tended to reduce fraud complaints to the FTC.

We estimate that the reduction in tracking reduces money lost in all complaints by 4.7% and money lost reported in internet and data security complaints by 40.1%.

That’s a pretty big effect. De-personalizing ads might mean that your employer doesn’t get compromised by an ad campaign that delivers malware targeting a specific company, and you don’t get targeted for fake ads targeted to users of a software product. Even if the increase in fraud risk for users with personalization left on is relatively small, getting scammed has a big impact and can move the average money and happiness metrics a lot.

2: more mindful buying. Another possibility is that people who get fewer personalized ads are making fewer impulse purchases. Jessica Fierro and Corrine Reichert bought a selection of products from those Temu ads that seem to be everywhere, and decided they weren’t worth it. Maybe people without personalized ads are making fewer buying decisions but each one is better thought out.

3. buy more from higher quality vendors. Or maybe companies that put more money into personalized advertising tend to put less into improving product quality.ICMYI: Product is the P all marketers should strive to influence by Mark Ritson In Behavioral advertising and consumer welfare: An empirical investigation, Mustri et al. found that

targeted ads are more likely to be associated with lower quality vendors, and higher prices for identical products, compared to competing alternatives found in organic search results

In Why Your Brand Feels Like a Cheap Date: All Flash, No Substance in the World of Performance Marketing, Pesach Lattin writes,

Between 2019 and 2021, brands that focused on brand equity saw a 72% increase in value, compared to just 20% for brands that relied primarily on performance tactics. Ignoring brand-building not only weakens your baseline sales but forces you to spend more and more on performance marketing just to keep your head above water.

Brands that are over-focused on surveillance advertising might be forced to under-invest in product improvements.

4. limited algorithmic and personalized pricing. Personalized ads might be set up to offer the same product at higher prices to some people. The FTC was investigating, but from the research point of view, personalized pricing is really hard to tell apart from dynamic pricing. Even if you get volunteers to report prices, some might be getting a higher price because stock is running low, not because of who the individual is. So it’s hard to show how much impact this has, but hard to rule it out too.

5. it’s just a step on the journey. Another possibility is that de-personalizing the ads is a gateway to blocking ads entirely. What if, without personalization, the ads get gross or annoying enough that people tend to move up to an ad blocker? And, according to Lin et al. in The Welfare Effects of Ad Blocking,

[P]articipants that were asked to install an ad-blocker become less likely to regret recent purchases, while participants that were asked to uninstall their ad-blocker report lower levels of satisfaction with their recent purchases.

Maybe you don’t actually make better buying decisions while ads are on but personalization is off—but it’s a step toward full ad blocking where you do get better stuff and more happiness.

How do I know this works?

I’m confident that this tip works because if turning ad personalization off didn’t help you, Google would have said so a while ago. Remember the 52% paper about third-party cookies? Google made a big deal out of researching the ad revenue impact of turning cookie tracking on or off. And this ad personalization setting also has a revenue impact for Google. According to documents from one of Google’s Federal cases, keeping the number of users with ad personalization off low is a goal for Google—they make more money from you if you have personalization on, so they have a big incentive to try to convince you that personalization is a win-win. So why so quiet? The absence of a PDF about this is just as informative as the actual PDF would be.

And it’s not just Google. Research showing user benefits from personalized ads would be a fairly easy project not just for Google, but for any company that can both check a privacy setting and measure some kind of shopping outcome. Almost as long as Internet privacy tools have been a thing, so has advice from Internet Thought Leaders telling us they’re not a good idea. But for a data-driven industry, they’re bringing surprisingly little data—especially considering that for many companies it’s data they already have and would only need to do stats on, make graphs, and write (or have an LLM write) the abstract and body copy.

Almost any company with a mobile app could do research to show any benefits from ad personalization, too. Are the customers who use Apple iOS and turn off tracking more or less satisfied with their orders? Do banks get more fraud reports from app users with tracking turned on or off? It would be straightforward for a lot of companies to show that turning off personalization or turning on some privacy setting makes you a less happy customer—if it did.

The closest I have found so far is Balancing User Privacy and Personalization by Malika Korganbekova and Cole Zuber. This study simulated the effects of a privacy feature by truncating browsing history for some Wayfair shoppers, and found that people who were assigned to the personalized group and chose a product personalized to them were 10% less likely to return it than people in the non-personalized group. But that’s about a bunch of vendors of similar products that were all qualified by the same online shopping platform, not about the mix of honest and dishonest personalized ads that people get in total. So go back and do the tip if you didn’t already, enjoy your improved shopping experience, and be happy. More: effective privacy tips

Related

B L O C K in the U S A Ad blocking is trending up, and for the first time the people surveyed gave their number one reason as privacy, not annoyance or performance.

MimiOnuoha/missing-datasets: An overview and exploration of the concept of missing datasets. by Mimi Onuoha: That which we ignore reveals more than what we give our attention to. It’s in these things that we find cultural and colloquial hints of what is deemed important. Spots that we’ve left blank reveal our hidden social biases and indifferences.

The $16 hack to blocking ads on your devices for life (I don’t know about the product or the offer, just interesting to see it on a site with ads. Maybe the affiliate revenue is a much bigger deal than the programmatic ad revenue?)

personalization risks In practice, most of the privacy risks related to advertising are the result not of identifying individuals, but of treating different people in the same context differently.

Bonus links

Samuel Bendett and David Kirichenko cover Battlefield Drones and the Accelerating Autonomous Arms Race in Ukraine. Ukrainian officials started to describe their country as a war lab for the future—highlighting for allies and partners that, because these technologies will have a significant impact on warfare going forward, the ongoing combat in Ukraine offers the best environment for continuous testing, evaluation, and refinement of [autonomous] systems. Many companies across Europe and the United States have tested their drones and other systems in Ukraine. At this point in the conflict, these companies are striving to gain battle-tested in Ukraine credentials for their products.

Aram Zucker-Scharff writes, in The bounty hunter tendency, the future of privacy, and ad tech’s new profit frontier., The new generation of laws that are authorizing citizens to become bounty hunters are implicitly tied to the use of surveillance technology. They encourage the use of citizen vs citizen surveillance and create a dangerous environment that worsens the information imbalance between wealthy citizens and everyone else. (Is this a good argument against private right of action in privacy laws? It’s likely that troll lawyers will use existing wiretapping laws against legit news sites, which tend to have long and vulnerable lists of adtech partners.)

Scharon Harding covers TVs at CES 2025. On the one hand, TVs are adding far-field microphones which, um, yikes. But on the other hand, remember how the Microsoft Windows business and gaming market helped drive down the costs of Linux-capable workstation-class hardware? What is the big innovation that developers, designers, and architects will make out of big, inexpensive screens subsidized by the surveillance business?

The Servo BlogThis month in Servo: dark mode, keyword sizes, XPath, and more!

Servo now supports dark mode (@arthmis, @lazypassion, #34532), respecting the platform dark mode in servoshell and ‘prefers-color-scheme’ (@nicoburns, #34423, stylo#93) on Windows and macOS.

servoshell in dark mode, rendering the MDN article for ‘prefers-color-scheme’ in dark mode, when Windows is set to dark mode servoshell in light mode, rendering the MDN article for ‘prefers-color-scheme’ in light mode, when Windows is set to light mode
<figcaption>MDN article for ‘prefers-color-scheme’ in dark mode (left) and light mode (right), with --pref dom.resize_observer.enabled.</figcaption>

CSS transitions can now be triggered properly by script (@mrobinson, #34486), and we now support ‘min-height’ and ‘max-height’ on column flex containers (@Loirooriol, @mrobinson, #34450), ‘min-content’, ‘max-content’, ‘fit-content’, and ‘stretch’ in block layout (@Loirooriol, #34641, #34568, #34695), ‘stretch’ on replaced positioned elements (@Loirooriol, #34430), as well as ‘align-self: self-start’, ‘self-end’, ‘left’, and ‘right’ on positioned elements (@taniishkaaa, @Loirooriol, #34365).

Servo can now run Discord well enough to log in and read messages, though you can’t send messages yet. To get this working, we landed some bare-bones AbortController support (@jdm, @syvb, #34519) and a WebSocket fix (@jdm, #34634). Try it yourself with --pref dom.svg.enabled --pref dom.intersection_observer.enabled --pref dom.abort_controller.enabled!

Discord login screen in Servo, showing form input and a QR code that never finishes loading Discord loading screen in Servo, after logging in
Discord channel screen in Servo, showing a few of Diffie’s messages and attachments

We now support console.trace() (@simonwuelker, #34629), PointerEvent (@wusyong, #34437), and the clonable property on ShadowRoot (@simonwuelker, #34514). Shadow DOM support continues to improve (@jdm, #34503), including very basic Shadow DOM layout (@mrobinson, #34701) when enabled via --pref dom.shadowdom.enabled.

script underwent (and continues to undergo) major rework towards being more reliable and faster to build. We’ve landed better synchronisation for DOM tree mutations (@jdm, #34505) and continued work on splitting up the script crate (@jdm, #34366). We’ve moved our ReadableStream support into Servo, eliminating the maintenance burden of a downstream SpiderMonkey patch (@gterzian, @wusyong, @Taym95, #34064, #34675).

The web platform guarantees that same-origin frames and their parents can synchronously observe resizes and their effects. Many tests rely on this, and not doing this correctly made Servo’s test results much flakier than they could otherwise be. We’ve made very good progress towards fixing this (@mrobinson, #34643, #34656, #34702, #34609), with correct resizing in all cases except when a same-origin frame is in another script thread, which is rare.

We now support enough of XPath to get htmx working (@vlindhol, #34463), when enabled via --pref dom.xpath.enabled.

htmx home page in Servo, with the hero banner thing now working (it relies on XPath)

Servo’s performance continues to improve, with layout caching for flex columns delivering up to 12x speedup (@Loirooriol, @mrobinson, #34461), many unnecessary reflows now eliminated (@mrobinson, #34558, #34599, #34576, #34645), reduced memory usage (@mrobinson, @Loirooriol, #34563, #34666), faster rendering for pages with animations (@mrobinson, #34489), and timers now operating without IPC (@mrobinson, #34581).

servoshell nightlies are up to 20% smaller (@atbrakhi, #34340), WebGPU is now optional at build time (@atbrakhi, #34444), and --features tracing no longer enables --features layout-2013 (@jschwe, #34515) for further binary size savings. You can also limit the size of several of Servo’s thread pools with --pref threadpools.fallback_worker_num and others (@jschwe, #34478), which is especially useful on machines with many CPU cores.

We’ve started laying the groundwork for full incremental layout in our new layout engine, starting with a general layout caching mechanism (@mrobinson, @Loirooriol, #34507, #34513, #34530, #34586). This was lost in the switch to our new layout engine, and without it, every time a page changes, we have to rerun layout from scratch. As you can imagine, this is very, very expensive, and incremental layout is critical for performance on today’s highly dynamic web.

Donations

Thanks again for your generous support! We are now receiving 4329 USD/month (+0.8% over November) in recurring donations. With this money, we’ve been able to cover our web hosting and self-hosted CI runners for Windows, Linux, and now macOS builds (@delan, #34868), halving mach try build times from over an hour to under 30 minutes! Next month, we’ll be expanding our CI capacity further, all made possible thanks to your help.

Servo is also on thanks.dev, and already sixteen GitHub users that depend on Servo are sponsoring us there. If you use Servo libraries like url, html5ever, selectors, or cssparser, signing up for thanks.dev could be a good way for you (or your employer) to give back to the community.

4329 USD/month
10000

As always, use of these funds will be decided transparently in the Technical Steering Committee. For more details, head to our Sponsorship page.

The Rust Programming Language BlogAnnouncing Rust 1.84.0

The Rust team is happy to announce a new version of Rust, 1.84.0. Rust is a programming language empowering everyone to build reliable and efficient software.

If you have a previous version of Rust installed via rustup, you can get 1.84.0 with:

$ rustup update stable

If you don't have it already, you can get rustup from the appropriate page on our website, and check out the detailed release notes for 1.84.0.

If you'd like to help us out by testing future releases, you might consider updating locally to use the beta channel (rustup default beta) or the nightly channel (rustup default nightly). Please report any bugs you might come across!

What's in 1.84.0 stable

Cargo considers Rust versions for dependency version selection

1.84.0 stabilizes the minimum supported Rust version (MSRV) aware resolver, which prefers dependency versions compatible with the project's declared MSRV. With MSRV-aware version selection, the toil is reduced for maintainers to support older toolchains by not needing to manually select older versions for each dependency.

You can opt-in to the MSRV-aware resolver via .cargo/config.toml:

[resolver]
incompatible-rust-versions = "fallback"

Then when adding a dependency:

$ cargo add clap
    Updating crates.io index
warning: ignoring clap@4.5.23 (which requires rustc 1.74) to maintain demo's rust-version of 1.60
      Adding clap v4.0.32 to dependencies
    Updating crates.io index
     Locking 33 packages to latest Rust 1.60 compatible versions
      Adding clap v4.0.32 (available: v4.5.23, requires Rust 1.74)

When verifying the latest dependencies in CI, you can override this:

$ CARGO_RESOLVER_INCOMPATIBLE_RUST_VERSIONS=allow cargo update
    Updating crates.io index
     Locking 12 packages to latest compatible versions
    Updating clap v4.0.32 -> v4.5.23

You can also opt-in by setting package.resolver = "3" in the Cargo.toml manifest file though that will require raising your MSRV to 1.84. The new resolver will be enabled by default for projects using the 2024 edition (which will stabilize in 1.85).

This gives library authors more flexibility when deciding their policy on adopting new Rust toolchain features. Previously, a library adopting features from a new Rust toolchain would force downstream users of that library who have an older Rust version to either upgrade their toolchain or manually select an old version of the library compatible with their toolchain (and avoid running cargo update). Now, those users will be able to automatically use older library versions compatible with their older toolchain.

See the documentation for more considerations when deciding on an MSRV policy.

Migration to the new trait solver begins

The Rust compiler is in the process of moving to a new implementation for the trait solver. The next-generation trait solver is a reimplementation of a core component of Rust's type system. It is not only responsible for checking whether trait-bounds - e.g. Vec<T>: Clone - hold, but is also used by many other parts of the type system, such as normalization - figuring out the underlying type of <Vec<T> as IntoIterator>::Item - and equating types (checking whether T and U are the same).

In 1.84, the new solver is used for checking coherence of trait impls. At a high level, coherence is responsible for ensuring that there is at most one implementation of a trait for a given type while considering not yet written or visible code from other crates.

This stabilization fixes a few mostly theoretical correctness issues of the old implementation, resulting in potential "conflicting implementations of trait ..." errors that were not previously reported. We expect the affected patterns to be very rare based on evaluation of available code through Crater. The stabilization also improves our ability to prove that impls do not overlap, allowing more code to be written in some cases.

For more details, see a previous blog post and the stabilization report.

Strict provenance APIs

In Rust, pointers are not simply an "integer" or "address". For instance, a "use after free" is undefined behavior even if you "get lucky" and the freed memory gets reallocated before your read/write. As another example, writing through a pointer derived from an &i32 reference is undefined behavior, even if writing to the same address via a different pointer is legal. The underlying pattern here is that the way a pointer is computed matters, not just the address that results from this computation. For this reason, we say that pointers have provenance: to fully characterize pointer-related undefined behavior in Rust, we have to know not only the address the pointer points to, but also track which other pointer(s) it is "derived from".

Most of the time, programmers do not need to worry much about provenance, and it is very clear how a pointer got derived. However, when casting pointers to integers and back, the provenance of the resulting pointer is underspecified. With this release, Rust is adding a set of APIs that can in many cases replace the use of integer-pointer-casts, and therefore avoid the ambiguities inherent to such casts. In particular, the pattern of using the lowest bits of an aligned pointer to store extra information can now be implemented without ever casting a pointer to an integer or back. This makes the code easier to reason about, easier to analyze for the compiler, and also benefits tools like Miri and architectures like CHERI that aim to detect and diagnose pointer misuse.

For more details, see the standard library documentation on provenance.

Stabilized APIs

These APIs are now stable in const contexts

Other changes

Check out everything that changed in Rust, Cargo, and Clippy.

Contributors to 1.84.0

Many people came together to create Rust 1.84.0. We couldn't have done it without all of you. Thanks!

Wladimir PalantHow extensions trick CWS search

A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:

Screenshot of Chrome Web Store search results listing six extensions. While Norton Password Manager is at the top, the remaining search results like “Vytal - Spoof Timezone, Geolocation & Locale”, “Free VPN - 1VPN” or “Charm - Coupons, Promo Codes, & Discounts” appear completely unrelated. All extensions are marked as featured.

I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:

Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn’t be due to incompetence, right? What is it then?

Somebody suggested that the extensions somehow managed to pay Google for this placement which seems… well, rather unlikely. For reasons, I came back to this a few weeks ago and decided to take a closer look at the extensions displayed there. These seemed shady, with at least three results being former open source extensions (as in: still claiming to be open source but the code repository linked didn’t contain the current state).

And then I somehow happened to see what it looks like when I change Chrome Web Store language:

Screenshot of Chrome Web Store search results listing the same six extensions. The change in language is visible because the “Featured” badge is now called something else. All extension descriptions are still English however, but they are different. 1VPN calls itself “Browsec vpn urban vpn touch tunnelbear vpn 1click vpn 1clickvpn - 1VPN” and Vytal calls itself “Vytal - Works With 1click VPN & Hotspot VPN”.

Now I don’t claim to know Swahili but what happened here clearly wasn’t translating.

The trick

Google Chrome is currently available in 55 languages. Browser extensions can choose to support any subset of these languages, even though most of them support exactly one. Not only the extension’s user interface can be translated, its name and short description can be made available in multiple languages as well. Chrome Web Store considers such translations according to the user’s selected language. Chrome Web Store also has an extensive description field which isn’t contained within the extension but can be translated.

Apparently, some extension authors figured out that the Chrome Web Store search index is shared across all languages. If you wanted to show up in the search when people look for your competitors for example, you could add their names to your extension’s description – but that might come across as spammy. So what you do instead is sacrificing some of the “less popular” languages and stuff the descriptions there full of relevant keywords. And then your extension starts showing up for these keywords even when they are entered in the English version of the Chrome Web Store. After all, who cares about Swahili other than maybe five million native speakers?

I’ve been maintaining a Github repository with Chrome extension manifests for a while, uploading new snapshots every now and then. Unfortunately, it only contained English names and descriptions. So now I’ve added a directory with localized descriptions for each extension. With that data, most of the issues became immediately obvious – even if you don’t know Swahili.

Screenshot of a JSON listing. The key name is sw indicating Swahili language. The corresponding description starts with “Charm is a lightweight, privacy friendly coupon finder.” Later on it contains a sequence of newlines, followed by a wall of text along the lines of: “GMass: Powerful mail merge for GMail Wikiwand - Wikipedia, and beyond Super dark mode Desktopify”

Update (2025-01-09): Apparently, Google has already been made aware of this issue a year ago at the latest. Your guess is as good as mine as to why it hasn’t been addressed yet.

Who is doing it?

Sifting through the suspicious descriptions and weeding out false positives brought up 920 extensions with bogus “translations” so far, and I definitely didn’t get all of them (see the extension lists). But that doesn’t actually mean hundreds of extension developers. I’ve quickly noticed patterns, somebody applying roughly the same strategy to a large cluster of extensions. For example, European developers tended to “sacrifice” some Asian languages like Bengali whereas developers originating in Asia preferred European languages like Estonian. These strategies were distinctly different from each other and there wasn’t a whole lot of them, so there seems to be a relative low number of parties involved. Some I could even put a name on.

Kodice LLC / Karbon Project LP / BroCode LTD

One such cluster of extensions has been featured on this blog in 2023 already. Back then I listed 108 of their extensions which was only a small sample of their operations. Out of that original sample, 96 extension remain active in Chrome Web Store. And out of these, 81 extensions are abusing translations to improve their ranking in the extension search. From the look of it, all their developers are speaking Russian now – I guess they are no longer hiring in Ukraine. I’ve expanded on the original list a bit, but attribution is unfortunately too time consuming here. So it’s likely way more than the 122 extensions I now list for this cluster.

Back in 2023 some of these extensions were confirmed to spy on users, commit affiliate fraud or inject ads into web pages. The others seemed benign which most likely meant that they were accumulating users and would turn malicious later. But please don’t mention Kodice LLC, Karbon Project LP, BroCode LTD in the context of malicious extensions and Chrome Web Store spam, they don’t like that. In fact, they sent a bogus DMCA takedown notice in an attempt to remove my article from the search engines, claiming that it violates the copyright of the …checks notes… Hacker News page discussing that very article. So please don’t say that Kodice LLC, Karbon Project LP, BroCode LTD are spamming Chrome Web Store with their extensions which would inevitably turn on their users – they are definitely the good guys … sorry, good bros I mean.

PDF Toolbox cluster

Another extension cluster also appeared on this blog before. Back in 2023 an investigation that started with the PDF Toolbox extension brought up 34 malicious extensions. The extensions contained obfuscated code that was hijacking people’s searches and monetizing them by redirecting to Bing. Not that they were limited to it, they could potentially do way more damage.

Note: The PDF Toolbox extension is long gone from Chrome Web Store and unrelated to the extension with the same name available there now.

Google removed all the extensions I reported back then, but whoever is behind them kept busy of course. I found 107 extensions belonging to the same cluster, out of these 100 extensions are on my list due to abusing translations to improve their ranking. I didn’t have the time to do an in-depth analysis of these extensions, but at least one (not on the list) is again doing search hijacking and not even hiding it. The few others I briefly looked at didn’t have any obvious malicious functionality – yet.

Unfortunately, I haven’t come across many clues towards who is behind these extensions. There is a slight indication that these extensions might be related to the BroCode cluster, but that’s far from certain given the significant differences between the two. One thing is certain however: you shouldn’t believe their user numbers, these have clearly been inflated artificially.

ZingFront Software / ZingDeck / BigMData

There is one more huge extensions cluster that I investigated in 2023. Back then I gave up without publishing my findings, in part due to Google’s apparent lack of interest in fighting spam in their add-on store. Lots of websites, lots of fake personas and supposed companies that don’t actually exist, occasionally even business addresses that don’t exist in the real world. There are names like LinkedRadar, FindNiche or SellerCenter, and they aren’t spamming only Chrome Web Store but also mobile app stores and search engines for example. This is clearly a big operation, but initially all I could really tell was that this was the work of people speaking Chinese. Was this a bunch of AI enthusiasts looking to make a quick buck and exchanging ideas?

In the hindsight it took me too long to realize that many of the websites run on ZingFront infrastructure and ZingFront employees are apparently involved. Then things started falling into place, with the clues being so obvious: I found BigMData International PTE. LTD. linked to some of the extensions, ZingDeck Intl LTD. responsible for some of the others. Both companies are located at the same address in Singapore and obviously related. And both appear to be subsidiaries of ZingFront Software, an AI startup in Beijing. ZingDeck claims to have 120 employees, which is quite sufficient to flood Chrome Web Store with hundreds of extensions. Being funded by Baidu Ventures certainly helps as well.

Altogether I could attribute 223 extensions on my list to this cluster. For this article I could not really inspect the functionality of these extensions, but it seems that they are being monetized by selling subscriptions to premium functionality. Same seems to be true for the numerous other offers pushed out by these companies.

I asked ZingFront Software for a comment but haven’t heard back from them so far.

ExtensionsBox, Lazytech, Yue Apps, Chrome Extension Hub, Infwiz, NioMaker

The extension clusters ExtensionsBox, Lazytech, Yue Apps, Chrome Extension Hub, Infwiz and NioMaker produce very similar extensions and all seem to be run by Chinese-speaking developers. Some of those might actually be one cluster, or they might all be subdivisions of ZingDeck. Quite frankly, I didn’t want to waste even more time figuring out who is working together and who is competing, so I listed them all separately.

Free Business Apps

This is a large cluster which I haven’t noticed before. It has hundreds of extensions connected to websites like Free Business Apps, PDFWork, DLLPlayer and many more. It contributed “merely” 55 extensions to my list however because the developers of these extensions generally prefer to avoid awkward situations due to mismatched translations. So instead they force the desired (English) keywords into all translations of the extension’s description. This approach is likely aiming for messing up general search engines and not merely Chrome Web Store search. As it is out of scope for this article, only the relatively rare exceptions made my list here.

It isn’t clear who is behind this cluster of extensions. On the one edge of this cluster I found the Ukraine-based Blife LLC, yet their official extensions aren’t linked to the cluster. I asked the company for comment and got a confirmation of what I’ve already suspected after looking at a bunch of court decisions: a previous developer and co-owner left the company, taking some of the assets with him. He now seems to be involved with at least some of the people running this cluster of extensions.

The other edge of the cluster doesn’t seem to be speaking Russian or Ukrainian however, there are instead weak indications that Farsi-speakers are involved. Here I found the Teheran-based Xino Digital, developing some extensions with weak connections to this cluster. While Xino Digital specializes in “Digital Marketing” and “SEO & Organic Traffic,” they seem to lack the resources for this kind of operation. I asked Xino Digital for a comment but haven’t heard back so far.

The approaches

While all extensions listed use translations to mess with Chrome Web Store search, a number of different approaches can be distinguished. Most extensions combine a few of the approaches listed below. Some extension clusters use the same approaches consistently, others vary theirs. I’ve linked to the applying approaches from the extension list.

1. Different extension name

This approach is very popular, likely due to Chrome Web Store search weighting extension name more than its descriptions. So many extensions will use slight variations of their original name depending on the language. Some extensions even go as far as using completely different names, occasionally entirely unrelated to the extension’s purpose – all to show up prominently in searches.

2. Different short description

Similarly, some extensions contain different variants of their short description for various languages. The short description typically doesn’t change much and is only used to show up for a bunch of related search keywords. A few extensions replaced their short description for some languages with a list of keywords however.

3. Using competitors’ names

In some cases I noticed extensions using names of their competitors or other related products. Some would go as far as “rename” themselves into a competing product in some languages. In other cases this approach is made less obvious, e.g. when extension descriptions provide lists of “alternatives” or “compatible extensions.” I haven’t flagged this approach consistently, simply because I don’t always know who the competitors are.

4. Considerably more extensive extension description

Some extensions have a relatively short and concise English description, yet the “translation” into some other languages is a massive wall of text, often making little sense. Sometimes a translation is present, but it is “extended” with a lengthy English passage. In other scenarios only English text is present. This text only seems to exist to place a bunch of keywords.

Note that translation management in Chrome Web Store is quite messy, so multiple variants of the English translation aren’t necessarily a red flag – these might have simply been forgotten. Consequently, I tried to err in favor of extension authors when flagging this approach.

5. Keywords at the end of extension description

A very popular approach is taking a translation (or an untranslated English description), then adding a long list of keywords and keyphrases to the end of it in some languages. Often this block is visually separated by a bunch of empty lines, making sure people actually reading the description in this language aren’t too confused.

6. Keywords within the extension description

A more stealthy approach is hiding the keywords within the extension description. Some extensions will use slight variations of the same text, only differing in one or two keywords. Others use automated translations of their descriptions but place a bunch of (typically English) keywords in these translations. Occasionally there is a translation which is broken up by a long list of unrelated keywords.

7. Different extension description

In a few cases the extension description just looked like a completely unrelated text. Sometimes it seemed to be a copy of a description from a competing extension, other times it made no sense whatsoever.

And what should Google do about it?

Looking at Chrome Web Store policy on spam and abuse, the formulation is quite clear:

Developers must not attempt to manipulate the placement of any extensions in the Chrome Web Store.

So Google can and should push back on this kind of manipulation. At the very least, Google might dislike the fact that there are currently at least eleven extensions named “Google Translate” – at least in some languages. In fact, per the same policy Google isn’t even supposed to tolerate spam in Chrome Web Store:

We don’t allow any developer, related developer accounts, or their affiliates to submit multiple extensions that provide duplicate experiences or functionality on the Chrome Web Store.

Unfortunately, Google hasn’t been very keen on enforcing this policy in the past.

There is also a possible technical solution here. By making Chrome Web Store search index per-language, Google could remove the incentives for this kind of manipulation. If search results for Bengali no longer show up in English-language searches, there is no point messing up the Bengali translation any more. Of course, searching across languages is a feature – yet this feature isn’t worth it if Google cannot contain the abuse by other means.

Quite frankly, I feel that Google should go beyond basic containment however. The BroCode and PDF Toolbox clusters are known to produce malicious extensions. These need to be monitored proactively, and the same kind of attention might be worth extending to the other extension clusters as well.

The extensions in question

One thing up front: Chrome Web Store is messy. There are copycats, pretenders, scammers. So attribution isn’t always a straightforward affair, and there might occasionally be an extension attributed to one of the clusters which doesn’t belong there. It’s way more common that an extension isn’t sorted into its cluster however, simply because the evidence linking it to the cluster isn’t strong enough, and I only had limited time to investigate.

The user counts listed reflect the state on December 13, 2024.

Kodice / Karbon Project / BroCode

Name Weekly active users Extension ID Approaches
What Font - find font & color 125 abefllafeffhoiadldggcalfgbofohfa 1, 2, 4
Video downloader web 1,000,000 acmbnbijebmjfmihfinfipebhcmgbghi 1, 2, 4
Picture in Picture - Floating player 700,000 adnielbhikcbmegcfampbclagcacboff 1, 2, 4
Floating Video Player Sound Booster 600,000 aeilijiaejfdnbagnpannhdoaljpkbhe 1, 2, 4
Sidebarr - ChatGPT, bookmarks, apps and more 100,000 afdfpkhbdpioonfeknablodaejkklbdn 1, 2, 5
Adblock for Youtube™ - Auto Skip ad 8,000 anceggghekdpfkjihcojnlijcocgmaoo 1, 2
Cute Cursors - Custom Cursor for Chrome™ 1,000,000 anflghppebdhjipndogapfagemgnlblh 4
Adblock for Youtube - skip ads 800,000 annjejmdobkjaneeafkbpipgohafpcom 1, 2, 3, 4
Translator, Dictionary - Accurate Translate 800,000 bebmphofpgkhclocdbgomhnjcpelbenh 1, 2, 3, 4
Screen Capture, Screenshot, Annotations 500,000 bmkgbgkneealfabgnjfeljaiegpginpl 1, 2
Sweet VPN 100,000 bojaonpikbbgeijomodbogeiebkckkoi 1, 2
Sound Booster - Volume Control 3,000,000 ccjlpblmgkncnnimcmbanbnhbggdpkie 1, 2, 4, 6
Web Client for Instagram™ - Sidegram 200,000 cfegchignldpfnjpodhcklmgleaoanhi 1, 2
Paint Tool for Chrome 200,000 coabfkgengacobjpmdlmmihhhfnhbjdm 1, 2, 4
History & Cache Cleaner - Smart Clean 2,000 dhaamkgjpilakclbgpabiacmndmhhnop 1, 2
Screenshot & Screen Video Record by Screeny 2,000,000 djekgpcemgcnfkjldcclcpcjhemofcib 1, 2, 4
Video Downloader for U 3,000,000 dkbccihpiccbcheieabdbjikohfdfaje 4
Multi Chat - Messenger for WhatsApp 2,000,000 dllplfhjknghhdneiblmkolbjappecbe 1, 2, 3, 7
Night Shift Mode 200,000 dlpimjmonhbmamocpboifndnnakgknbf 1, 2, 4
Music Downloader - VKsaver 500,000 dmbjkidogjmmlejdmnecpmfapdmidfjg 1, 2, 4
Daily Tab - New tab with ChatGPT 1,000 dnbcklfggddbmmnkobgedggnacjoagde 1, 2, 4
Web Color Picker - online color grabber 1,000,000 dneifdhdmnmmlobjbimlkcnhkbidmlek 1, 3, 4
Paint - Drawings Easy 300,000 doiiaejbgndnnnomcdhefcbfnbbjfbib 1, 2, 4, 6
Block Site - Site Blocker & Focus Mode 2,000,000 dpfofggmkhdbfcciajfdphofclabnogo 1, 2, 3, 4
2048 Online Classic game 200,000 eabhkjojehdleajkbigffmpnaelncapp 1, 2
Gmail Notifier - gmail notification tool 100,000 ealojglnbikknifbgleaceopepceakfn 6
Volume Recorder Online 1,000,000 ebdbcfomjliacpblnioignhfhjeajpch 1, 2, 4, 6
Volume Booster - Sound & Bass boost 1,000,000 ebpckmjdefimgaenaebngljijofojncm 1, 2, 4, 6
Screenshot Tool - Screen Capture & Editor 1,000,000 edlifbnjlicfpckhgjhflgkeeibhhcii 1, 2, 4, 6
Tabrr Dashboard - New Tab with ChatGPT 300,000 ehmneimbopigfgchjglgngamiccjkijh 6
New Tab for Google Workspace™ 200,000 ehpgcagmhpndkmglombjndkdmggkgnge 1, 4, 5
Equalizer - Bass Booster Master 200,000 ejigejogobkbkmkgjpfiodlmgibfaoek 1, 2, 4, 6
Paint 300,000 ejllkedmklophclpgonojjkaliafeilj 1, 4
Online messengers in All-in-One chat 200,000 ekjogkoigkhbgdgpolejnjfmhdcgaoof 2, 4, 6
Ultimate Video Downloader 700,000 elpdbicokgbedckgblmbhoamophfbchi 2
Translate for Chrome -Translator, Dictionary 500,000 elpmkbbdldhoiggkjfpgibmjioncklbn 1, 2, 3
Color Picker, Eyedropper - Geco colorpick 2,000,000 eokjikchkppnkdipbiggnmlkahcdkikp 1, 2, 3, 4, 6
Dark Mode for Chrome 1,000,000 epbpdmalnhhoggbcckpffgacohbmpapb 1, 2, 4
VPN Ultimate - Best VPN by unblock 400,000 epeigjgefhajkiiallmfblgglmdbhfab 1, 2, 4
Flash Player Enabler 300,000 eplfglplnlljjpeiccbgnijecmkeimed 1, 2
ChitChat - Search with ChatGPT 2,000,000 fbbjijdngocdplimineplmdllhjkaece 1, 2, 3, 4
Simple Volume Booster 1,000,000 fbjhgeaafhlbjiejehpjdnghinlcceak 1, 2, 4, 6
Free VPN for Chrome - VPN Proxy 1click VPN 8,000,000 fcfhplploccackoneaefokcmbjfbkenj 1, 2
InSaverify - Web for Instagram™ 800,000 fobaamfiblkoobhjpiigemmdegbmpohd 1, 2, 4, 6
ChatGPT Assistant - GPT Search 900,000 gadbpecoinogdkljjbjffmiijpebooce 1, 2, 4, 6
Adblock all advertisement - No Ads extension 700,000 gbdjcgalliefpinpmggefbloehmmknca 1, 2, 3, 4
Web Sound Equalizer 700,000 gceehiicnbpehbbdaloolaanlnddailm 1, 2, 4, 6
Screenshot Master: Full Page Capture 700,000 ggacghlcchiiejclfdajbpkbjfgjhfol 1, 2, 4
Dark Theme - Dark mode for Chrome 900,000 gjjbmfigjpgnehjioicaalopaikcnheo 1, 2, 4
Cute Tab - Custom Dashboard 60,000 gkdefhnhldnmfnajfkeldcaihahkhhnd 1
Quick Translate: Reading & writing translator 100,000 gpdfpljioapjogbnlpmganakfjcemifk 1, 2, 4
HD Video Downloader 800,000 hjlekdknhjogancdagnndeenmobeofgm 1, 2
Web Translate - Online translator 1,000,000 hnfabcchmopgohnhkcojhocneefbnffg 1, 2, 3, 4, 6
QR Code Generator 300,000 hoeiookpkijlnjdafhaclpdbfflelmci 1, 2, 4
2048 Game 1,000,000 iabflonngmpkalkpbjonemaamlgdghea 4
Translator 100,000 icchadngbpkcegnabnabhkjkfkfflmpj 4, 6
Multilanguage Translator 1,000,000 ielooaepfhfcnmihgnabkldnpddnnldl 1, 2, 3, 4, 6
FocusGuard - Block Site & Focus Mode 400,000 ifdepgnnjpnbkcgempionjablajancjc 1, 2, 3, 7
Scrnli - Screen Recorder & Screen Capture App 1,000,000 ijejnggjjphlenbhmjhhgcdpehhacaal 1, 2, 4
Web Paint Tool - draw online 600,000 iklgljbighkgbjoecoddejooldolenbj 1, 2, 4, 5
Screen Recorder and Screenshot Tool 1,000,000 imopknpgdihifjkjpmjaagcagkefddnb 1, 2, 4
Free VPN Chrome extension - Best VPN by uVPN 1,000,000 jaoafpkngncfpfggjefnekilbkcpjdgp 1, 2, 7
Video Downloader Social 1,000,000 jbmbplbpgcpooepakloahbjjcpfoegji 1, 2, 4
Color Picker Online - Eyedropper Tool 189 jbnefeeccnjmnceegehljhjonmlbkaji 1, 2
Volume Booster, equalizer → Audio control 1,000,000 jchmabokofdoabocpiicjljelmackhho 1, 4
PDF Viewer 1,000,000 jdlkkmamiaikhfampledjnhhkbeifokk 1, 2, 4
Adblock Web - Adblocker for Chrome 300,000 jhkhlgaomejplkanglolfpcmfknnomle 1, 2, 3
Adblock Unlimited - Adblocker 600,000 jiaopkfkampgnnkckajcbdgannoipcne 1, 2, 3, 4
Hide YouTube distraction - shorts block 1,000 jipbilmidhcobblmekbceanghkdinccc 1, 2, 3
ChatGPT for Chrome - GPT Search 700,000 jlbpahgopcmomkgegpbmopfodolajhbl 1, 2, 3
Adblock for YouTube™ 2,000,000 jpefmbpcbebpjpmelobfakahfdcgcmkl 1, 2, 3, 4
User Agent Switcher 100,000 kchfmpdcejfkipopnolndinkeoipnoia 1
Speed Test for Chrome - WiFi speedtest 400,000 khhnfdoljialnlomkdkphhdhngfppabl 1, 2, 4, 6
Video Downloader professional 400,000 knkpjhkhlfebmefnommmehegjgglnkdm 1, 2, 4
Quick Translate 700,000 kpcdbiholadphpbimkgckhggglklemib 1, 2, 4, 6
Tab Suspender 100,000 laameccjpleogmfhilmffpdbiibgbekf 1
Adblock for Youtube - ad blocker tool 800,000 lagdcjmbchphhndlbpfajelapcodekll 1, 2, 3, 4
PDF Viewer - open in PDF Reader 300,000 ldaohgblglnkmddflcccnfakholmaacl 1, 2, 4
Moment - #1 Personal Dashboard for Chrome 200,000 lgecddhfcfhlmllljooldkbbijdcnlpe 1
Screen Video Recorder & Screenshot 400,000 lhannfkhjdhmibllojbbdjdbpegidojj 1, 2
Dark Theme - Dark Reader for Web 1,000,000 ljjmnbjaapnggdiibfleeiaookhcodnl 1, 2, 4, 6
Auto Refresh Page - reload page 500,000 lkhdihmnnmnmpibnadlgjfmalbaoenem 1, 2, 4, 6
Flash Player for Web 800,000 lkhhagecaghfakddbncibijbjmgfhfdm 1, 2, 4, 6
INSSAVE - App for Instagram 100,000 lknpbgnookklokdjomiildnlalffjmma 1, 2, 4, 6
Simple Translator, Dictionary, TTS 1,000,000 lojpdfjjionbhgplcangflkalmiadhfi 1, 2, 3, 4, 6
Web paint tool - Drawww 60,000 mclgkicemmkpcooobfgcgocmcejnmgij 6
Adblock for Twitch 200,000 mdomkpjejpboocpojfikalapgholajdc 1, 2, 3, 4
Infinite Dashboard - New Tab like no other 200,000 meffljleomgifbbcffejnmhjagncfpbd 1, 2, 4
ChatGPT Assistant for Chrome - SidebarGPT 1,000,000 mejjgaogggabifjfjdbnobinfibaamla 1, 2
Volume Max - Ultimate Sound Booster 1,000,000 mgbhdehiapbjamfgekfpebmhmnmcmemg 1, 2, 4
Good Video Downloader 400,000 mhpcabliilgadobjpkameggapnpeppdg 4
Video Downloader Unlimited 1,000,000 mkjjckchdfhjbpckippbnipkdnlidbeb 1, 2, 4
ChatGPT for Google: Search GPT 500,000 mlkjjjmhjijlmafgjlpkiobpdocdbncj 1, 2, 4, 6
Translate - Translator, Dictionary, TTS 1,000,000 mnlohknjofogcljbcknkakphddjpijak 1, 2, 3, 4, 5
Web Paint - Page Marker & Editor 400,000 mnopmeepcnldaopgndiielmfoblaennk 1, 2, 4, 6
Auto Refresh & Page Monitor 1,000,000 nagebjgefhenmjbjhjmdifchbnbmjgpa 1, 2, 4
VPN Surf - Fast VPN by unblock 800,000 nhnfcgpcbfclhfafjlooihdfghaeinfc 1, 2, 4
SearchGPT - ChatGPT for Chrome 2,000,000 ninecedhhpccjifamhafbdelibdjibgd 1, 2
Video Speed Controller for HTML videos 400,000 nkkhljadiejecbgelalchmjncoilpnlk 1, 2, 4, 6
Flash Player that Works! 300,000 nlfaobjnjbmbdnoeiijojjmeihbheegn 1, 2, 4, 6
Sound Booster - increase volume up 1,000,000 nmigaijibiabddkkmjhlehchpmgbokfj 1, 2, 4, 6
Voice Reader: Read Aloud Text to Speech (TTS) 500,000 npdkkcjlmhcnnaoobfdjndibfkkhhdfn 1, 2, 4, 5
uTab - Unlimited Custom Dashboard 200,000 npmjjkphdlmbeidbdbfefgedondknlaf 1, 4, 6
Flash Player for Chrome 600,000 oakbcaafbicdddpdlhbchhpblmhefngh 1, 2
Paint Tool by Painty 400,000 obdhcplpbliifflekgclobogbdliddjd 1, 2
Night Shift 200,000 ocginjipilabheemhfbedijlhajbcabh 1, 2
Editor for Docs, Sheets & Slides 200,000 oepjogknopbbibcjcojmedaepolkghpb 1, 2, 6
Accept all cookies 300,000 ofpnikijgfhlmmjlpkfaifhhdonchhoi 1, 2, 3, 4
The Cleaner - delete Cookies and Cache 100,000 ogfjgagnmkiigilnoiabkbbajinanlbn 1, 2
Screenshot & Screen Recorder 1,000,000 okkffdhbfplmbjblhgapnchjinanmnij 1, 2, 4
Cute ColorBook - Coloring Book Online 9,000 onhcjmpaffbelbeeaajhplmhfmablenk 1
What Font - font finder 400,000 opogloaldjiplhogobhmghlgnlciebin 1, 2, 4
Translator - Select to Translate 1,000,000 pfoflbejajgbpkmllhogfpnekjiempip 1, 2, 3, 4, 6
Custom Cursors for Chrome 800,000 phfkifnjcmdcmljnnablahicoabkokbg 1, 2, 4
Color Picker - Eyedropper Tool 100,000 phillbeieoddghchonmfebjhclflpoaj 1, 2, 4, 6
Text mode for websites - ReadBee 500,000 phjbepamfhjgjdgmbhmfflhnlohldchb 1, 2, 4, 6
Dark Mode - Dark Reader for Сhrome 8,000,000 pjbgfifennfhnbkhoidkdchbflppjncb 1, 2, 4, 6
Sound Booster - Boost My Bass 900,000 plmlopfeeobajiecodiggabcihohcnge 1, 2, 4
Sound Booster 100,000 pmilcmjbofinpnbnpanpdadijibcgifc 1, 2, 4
Screen Capture - Screenshot Tool 700,000 pmnphobdokkajkpbkajlaiooipfcpgio 1, 4
Floating Video with Playback Controls 800,000 pnanegnllonoiklmmlegcaajoicfifcm 1, 2
Cleaner - history & cache clean 100,000 pooaemmkohlphkekccfajnbcokjlbehk 1, 2, 4, 6

PDF Toolbox cluster

Name Weekly active users Extension ID Approaches
Stick Ninja Game 3,000,000 aamepfadihoeifgmkoipamkenlfpjgcm 4
Emoboard Emoji Keyboard 3,000,000 aapdabiebopmbpidefegdaefepkinidd 1, 2, 4
Flappy Bird Original 4,000,000 aejdicmbgglbjfepfbiofnmibcgkkjej 1, 2, 4
Superb Copy 4,000,000 agdjnnfibbfdffpdljlilaldngfheapb 1, 2, 4
Super Volume Booster 1,000,000 ahddimnokcichfhgpibgbgofheobffkb 4
Enlargify 2,000,000 aielbbnajdbopdbnecilekkchkgocifh 1, 2, 4
ImgGet 3,000,000 anblaegeegjbfiehjadgmonejlbcloob 1, 2, 4
Blaze VPN for Chrome 8,000,000 anenfchlanlnhmjibebhkgbnelojooic 1, 2, 4
Web Paint Smart 1,000,000 baaibngpibdagiocgahmnpkegfnldklp 1, 2, 4
Click Color Picker 4,000,000 bfenhnialnnileognddgkbdgpknpfich 1, 2, 4
Dino 3D 3,000,000 biggdlcjhcjibifefpchffmfpmclmfmk 1, 2, 4
Soundup Sound Booster 6,000,000 bjpebnkmbcningccjakffilbmaojljlb 1, 2, 7
Yshot 3,000,000 bkgepfjmcfhiikfmamakfhdhogohgpac 1, 2, 4, 7
VidRate 4,000,000 bmdjpblldhdnmknfkjkdibljeblmcfoi 1, 2, 4
Ultra Volume Booster 3,000,000 bocmpjikpfmhfcjjpkhfdkclpfmceccg 1, 2, 4
Supreme Copy 6,000,000 cbfimnpbnbgjbpcnaablibnekhfghbac 1, 2, 4
Lumina Night Mode 400,000 ccemhgcpobolddhpebenclgpohlkegdg 1, 2, 4
Amazing Screen Recorder 6,000,000 cdepgbjlkoocpnifahdfjdhlfiamnapm 1, 2, 4
BPuzzle 10,000 cgjlgmcfhoicddhjikmjglhgibchboea 1, 2, 4
Super Video Speed Controller 6,000,000 chnccghejnflbccphgkncbmllhfljdfa 1, 2, 4
Lensify 1,000,000 ckdcieaenmejickienoanmjbhcfphmio 1, 2, 4
FontSpotter 2,000,000 cncllbaocdclnknlaciemnogblnljeej 1, 2, 4, 6
ImageNest 2,000,000 dajkomgkhpnmdilokgoekdfnfknjgckh 1, 2, 4
Swift Auto Refresh 4,000,000 dbplihfpjfngpdogehdcocadhockmamf 1, 2, 4
StopSurf 2,000,000 dcjbilopnjnajannajlojjcljaclgdpd 1, 2, 4
PDF SmartBox 10,000,000 dgbbafiiohandadmjfcffjpnlmdlaalh 1, 2, 4
Dungeon Dodge 3,000,000 dkdeafhmbobcccfnkofedleddfbinjgp 1, 2, 4
Scope Master 2,000,000 dlbfbjkldnioadbilgbfilbhafplbnan 1, 2, 4
RazorWave 3,000,000 ecinoiamecfiknjeahgdknofjmpoemmi 1, 2, 4
TurboPlay 4,000,000 ehhbjkehfcjlehkfpffogeijpinlgjik 1, 2, 4
Emoji keyboard live 3,000,000 elhapkijbdpkjpjbomipbfofipeofedj 1, 2, 4
Flashback Flash Player 3,000,000 emghchaodgedjemnkicegacekihblemd 1, 2, 4
RampShield Adblock 2,000,000 engbpelfmhnfbmpobdooifgnfcmlfblf 1, 2, 3, 4
BackNav 2,000,000 epalebfbjkaahdmoaifelbgfpideadle 1, 2, 4
Spark blocker 5,000,000 gfplodojgophcijhbkcfmaiafklijpnf 1, 2, 7
EmuFlash 1,000,000 ghomhhneebnpahhjegclgogmbmhaddpi 1, 2, 4
Minesweeper Original 4,000,000 gjdmanggfaalgnpinolamlefhcjimmam 1, 2, 4
PixGrid Ruler 1,000,000 glkplndamjplebapgopdlbicglmfimic 1, 2, 4
Flexi PDF Reader 1,000,000 gmpignfmmkcpnildloceikjmlnjdjgdg 1, 2, 4
Dino Rush 2,000,000 hbkkncjljigpfhghnjhjaaimceakjdoo 1, 2, 4
Amazing color picker 4,000,000 hclbckmnpbnkcpemopdngipibdagmjei 1, 2, 4
ChatGPT Assistant Plus 6,000,000 hhclmnigoigikdgiflfihpkglefbaaoa 1, 2, 4
Bspace 3,000,000 hhgokdlbkelmpeimeijobggjmipechcp 1, 2, 4
Bomberman Classic Game 4,000,000 hlcfpgkgbdgjhnfdgaechkfiddkgnlkg 4
Inline Lingo 4,000,000 hmioicehiobjekahjabipaeidfdcnhii 1, 2, 4
Superpowers for Chatgpt 4,000,000 ibeabbjcphoflmlccjgpebbamkbglpip 1, 2, 4
Spark Auto Refresh 4,000,000 ifodiakohghkaegdhahdbcdfejcghlob 1, 2, 4
Video Speed Pro 6,000,000 iinblfpbdoplpbdkepibimlgabgkaika 1, 2, 4
Elysian EPUB Reader 10,000 ijlajdhnhokgdpdlbiomkekneoejnhad 1, 4
Smart Color Picker 1,000,000 ilifjbbjhbgkhgabebllmlcldfdgopfl 1, 2, 4
Ad Skip Master for Youtube 6,000,000 imlalpfjijneacdcjgjmphcpmlhkhkho 1, 2, 4, 7
Shopify spy scraper & parser 300,000 injdgfhiepghpnihhgmkejcjnoohaibm 1, 2, 4
Gloom Dark Mode 4,000,000 ioleaeachefbknoefhkbhijdhakaepcb 1, 2, 4
SnapTrans 3,000,000 jfcnoffhkhikehdbdioahmlhdnknikhl 1, 2, 4
DownloadAs PNG JPG 2,000,000 jjekghbhljeigipmihbdeeonafimpole 1, 2, 4
Umbra Dark Mode 3,000,000 jjlelpahdhfgabeecnfppnmlllcmejkg 1, 2, 4
Power Tools for ChatGPT 11,000,000 jkfkhkobbahllilejfidknldjhgelcog 1, 2, 4, 6
Image Formatter 7,000 kapklhhpcnelfhlendhjfhddcddfabap 1, 2, 4
Safum free VPN 6,000,000 kbdlpfmnciffgllhfijijnakeipkngbe 1, 2, 3, 4
TabColor color picker 500,000 kcebljecdacbgcoiajdooincchocggha 1, 2, 4
Tonalis Audio Recorder 3,000,000 kdchfpnbblcmofemnhnckhjfjndcibej 1, 2, 4
2048 Classic Game 6,000,000 kgfeiebnfmmfpomhochmlfmdmjmfedfj 4
Pixdownify 7,000 kjeimdncknielhlilmlgbclmkbogfkpo 1, 2, 4, 7
Avatar Maker Studio 3,000,000 klfkmphcempkflbmmmdphcphpppjjoic 1, 2, 4
TypeScan What Font Finder 2,000,000 klopcieildbkpjfgfohccoknkbpchpcd 1, 2, 4
Rad Video Speed Controller 1,000,000 knekhgnpelgcdmojllcbkkfndcmnjfpp 1, 2, 4
Sublime Copy 2,000,000 kngefefeojnjcfnaegliccjlnclnlgck 1, 2, 4
2048 Game 6,000,000 kopgfdlilooenmccnkaiagfndkhhncdn 4
Easy PDF Viewer 600,000 kppkpfjckhillkjfhpekeoeobieedbpd 1, 2, 4
Fullshot 900,000 lcpbgpffiecejffeokiimlehgjobmlfa 1, 2, 4
Page Auto Refresh 8,000,000 ldgjechphfcppimcgcjcblmnhkjniakn 1, 2, 4
Viddex Video Downloader 2,000,000 ldmhnpbmplbafajaabcmkindgnclbaci 1, 2, 4
Smart Audio Capture 3,000,000 lfohcapleakcfmajfdeomgobhecliepj 1, 2, 4
Readline 3,000,000 lgfibgggkoedaaihmmcifkmdfdjenlpp 1, 2, 4
Amazing Auto Refresh 6,000,000 lgjmjfjpldlhbaeinfjbgokoakpjglbn 1, 2, 4
Picture in Picture player 5,000,000 lppddlnjpnlpglochkpkepmgpcjalobc 1, 2, 4
Readwell 1,000,000 mafdefkoclffkegnnepcmbcekepgmgoe 1, 2, 4
Screenshot X 1,000,000 mfdjihclbpcjabciijmcmagmndpgdkbp 1, 2, 3, 4
TubeBlock - Adblock for Youtube 7,000,000 mkdijghjjdkfpohnmmoicikpkjodcmio 1, 2, 4
Shade Dark Mode 16,000,000 mkeimkkbcndbdlfkbfhhlfgkilcfniic 1, 2, 4
PDF Wizardry 3,000,000 moapkmgopcfpmljondihnidamjljhinm 1, 2, 4
ShieldSpan Adblock 2,000,000 monfcompdlmiffoknmpniphegmegadoa 1, 2, 3, 4
Snap Color Picker 6,000,000 nbpljhppefmpifoffhhmllmacfdckokh 1, 2, 4
Spelunky Classic 3,000,000 nggoojkpifcfgdkhfipiikldhdhljhng 4
Adkrig 6,000,000 ngpkfeladpdiabdhebjlgaccfonefmom 1, 2, 3, 4
Snap Screen Recorder 4,000 njmplmjcngplhnahhajkebmnaaogpobl 1, 2, 4
SharpGrip 3,000,000 nlpopfilalpnmgodjpobmoednbecjcnh 1, 2, 4
Block Site Ex 20,000 nnkkgbabjapocnoedeaifoimlbejjckj 1, 2, 4
PageTurn Book Reader 1,000,000 oapldohmfnnhaledannjhkbllejjaljj 1, 2, 4
FocusShield 4,000,000 ohdkdaaigbjnbpdljjfkpjpdbnlcbcoj 1, 2, 4
Loudify Volume Booster 7,000,000 ohlijedbbfaeobchboobaffbmpjdiinh 1, 2, 4
ChatGPT Toolkit 6,000,000 okanoajihjohgmbifnkiebaobfkgenfa 4
Pac Man Tribute 3,000,000 okkijechcafgdmbacodaghgeanecimgd 1, 2, 4
Wordle Timeless 3,000,000 pccilkiggeianmelipmnakallflhakhh 4
Web Paint Online 3,000,000 pcgjkiiepdbfbhcddncidopmihdekemj 1, 2, 4
Live Screen Recorder 4,000,000 pcjdfmihalemjjomplpfbdnicngfnopn 1, 2, 4
Screenshot Master 6,000,000 pdlmjggogjgoaifncfpkhldgfilgghgc 1, 2, 4
Emojet - Emoji Keyboard 4,000,000 pgnibfiljggdcllbncbnnhhkajmfibgp 1, 2, 4
Metric Spy 2,000,000 plifocdammkpinhfihphfbbnlggbcjpo 1, 2, 4
Tetris Classic 6,000,000 pmlcjncilaaaemknfefmegedhcgelmee 1, 2, 4

ZingFront / ZingDeck / BigMData

Name Weekly active users Extension ID Approaches
Download Telegram - TG Video Photo Download 1,000 aaanclnbkhoomaefcdpcoeikacfilokk 1
Open AI ChatGPT for Email - GMPlus 40,000 abekedpmkgndeflcidpkkddapnjnocjp 1, 5
AI Cover Letter Generator - Supawork AI 2,000 aceohhcgmceafglcfiobamlbeklffhna 1, 2
AI Headshot Generator - Supawork AI 5,000 acgbggfkaphffpbcljiibhfipmmpboep 1, 6
IG Follower Export Tool - IG Email Extractor 10,000 acibfjbekmadebcjeimaedenabojnnil 1
WA Sender - Bulk Message & WA Message & Bulk Sender Tool 3,000 aemhfpfbocllfcbpiofnmacfmjdmoecf 1, 5
Save Ins Comment - Export Ins Comments 1,000 afkkaodiebbdbneecpjnfhiinjegddco 1
Coursera Summary with ChatGPT and Take Notes 3,000 afmnhehfpjmkajjglfakmgmjcclhjane 1, 2, 5
Extension Manager for Chrome™ 966 ahbicehkkbofghlofjinmiflogakiifo 1, 5
Email Finder & Email Hunter - GMPlus 10,000 aihgkhchhecmambgbonicffgneidgclh 1, 5
Sora Video To Video - Arting AI 106 aioieeioikmcgggaldfknjfoeihahfkb 1, 2
ChatGPT for 知乎 415 ajnofpkfojgkfmcniokfhodfoedkameh 1, 2, 5
Walmart Finder&ChatGPT Review Analysis 457 akgdobgbammbhgjkijpcjhgjaemghhin 5
WA Bulk Message Sender - Premium Sender 1,000 amokpeafejimkmcjjhbehganpgidcbif 1
One-Click Search Aliexpress Similar Products 97 aobhkgpkibbkonodnakimogghmiecend 5
Summary with Bing Chat for YouTube 9,000 aohgbidimgkcolmkopencknhbnchfnkm 1, 5
Rakuten Customer Service Helper 42 apfhjcjhmegloofljjlcloiolpfendka 5
ChatBot AI - ChatGPT & Claude & Bard & Bing 883 apknopgplijcepgmlncjhdcdjifhdmbo 4, 5
NoteGPT: YouTube Summary, Webpages & PDF Summary 200,000 baecjmoceaobpnffgnlkloccenkoibbb 5
Dimmy - Discord Chat Exporter 252 bbgnnieijkdeodgdkhnkildfjbnoedno 1
Gmail Notes - Add notes to email in Gmail 1,000 bbpgdlmdmlalbacneejkinpnpngnnghj 5
Sora Image To Video - Arting AI 372 bdhknkbhmjkkincjjmhibjeeljdmelje 1, 2
Tiktok Customer Service Helper 66 bdkogigofdpjbplcphfikldoejopkemf 5
TikClient - Web Client for TikTok™ 10,000 beopoaohjhehmihfkpgcdbnppdeaiflc 1, 2, 6
One-Click Search Amazon Similar Products 146 bfeaokkleomnhnbhdhkieoebioepbkkb 5
Custom New Tab Page 864 bfhappcgfmpmlbmgbgmjjlihddgkeomd 5
Shopee Downloader - Download Videos & Images 3,000 bfmonflmfpmhpdinmanpaffcjgpiipom 1, 2, 5
Product Photography - Ai Background Generator For Prouduct Photos 46 bgehgjenjneoghlokaelolibebejljlh 1, 2
TikGPT: Tiktok Listing Optimizer 665 bhbjjhpgpiljcinblahaeaijeofhknka 5
Find WhatsApp Link - Group Invite Link 2,000 biihmgacgicpcofihcijpffndeehmdga 1, 5
VideoTG - Download & Save telegram Videos Fast & one time! 4,000 bjnaoodhkicimgdhnlfjfobfakcnhkje 1
Etsy™ AI Review Analysis & Download 8,000 bjoclknnffeefmonnodiakjbbdjdaigf 5
iGoo Helper - Security Privacy Unblock VPN 20,000 bkcbdcoknmfkccdhdendnbkjmhdmmnfc 5
TikTok Analytics & Sort Video by Engagement 1,000 bnjgeaohcnpcianfippccjdpiejgdfgj 5
Rakuten AI Listing editor 68 cachgfjiefofkmijjdcdnenjlljpiklj 5
Invite All Friends for Facebook™ in one click 10,000 cajeghdabniclkckmaiagnppocmcilcd 5
EbayGPT: ChatGPT Ebay listing optimization 2,000 cbmmciaanapafchagldbcoiegcajgepo 5
Comment Exporter 10,000 cckachhlpdnncmhlhaepfcmmhadmpbgp 1, 2
Twitch Danmaku(NicoNico style) 646 cecgmkjinnohgnokkfmldmklhocndnia 5
Easy Exporter - Etsy order exporter 2,000 cgganjhojpaejcnglgnpganbafoloofa 5
Privacy Extension for WhatsApp Privacy 100,000 cgipcgghboamefelooajpiabilddemlh 1, 2
Group Extractor for social media platform 1,000 chldekfeeeaolinlilgkeaebbcnkigeo 6
Sales Sort for eBay™ Advanced Search 4,000 cigjjnkjdjhhncooaedjbkiojgelfocc 1, 2, 3, 5
Amazon Customer Service Helper 70 cmfafbmoadifedfpkmmgmngimbbgddlo 5
Currency Conversion Calculator 2,000 cmkmopgjpnjhmlgcpmagbcfkmakeihof 5
LinkedRadar-Headline Generator for LinkedIn™ 1,000 cnhoekaognmidchcealfgjicikanodii 1, 5
AllegroGPT:ChatGPT for Allegro Open AI Writer 163 coljimimahbepcbljijpimokkldfinho 5
ai voice cover 518 cpjhnkdcdpifokijolehlmomppnfflop 1
WA Contacts Extractor 30,000 dcidojkknfgophlmohhpdlmoiegfbkdd 1
Twitch chat overlay on fullscreen 832 dckidogeibljnigjfahibbdnagakkiol 5
Privacy Extension for WhatsApp Privacy 660 dcohaklbddmflhmcnccgcajgkfhchfja 1
LINE App Translator Bot - LINE Chat 1,000 dimpmploihiahcbbdoanlmihnmcfjbgf 5
Etsy Image Search 1,000 dkgoifbphbpimdbjhkbmbbhhfafjdilp 5
AliExpress & eBay - Best price 575 dkoidcgcbmejimkbmgjimpdgkgilnncj 5
AliGPT: Aliexpress Listing Optimize 1,000 dlbmngbbcpeofkcadbglihfdndjbefce 5
Best ASO Tools for Google Play Store 10,000 doffdbedgdhbmffejikhlojkopaleian 5
NoteGPT: AI Flashcard for Quizlet and Cram 10,000 eacfcoicoelokngmcgkkdakohpaklgmk 1, 2, 5
ChatSider AI Copilot : ChatGPT & Claude 2,000 ecnknpjoomhilbhjipoipllgdgaldhll 6
Mercadolivre Customer Service Helper with GPT 19 edhpagpcfhelpopmcdjeinmckcjnccfm 5
WA Contacts Extractor Free Extension 30,000 eelhmnjkbjmlcglpiaegojkoolckdgaj 1, 6
Unlimited Summary Generator for YouTube™ 70,000 eelolnalmpdjemddgmpnmobdhnglfpje 1, 2, 5
AdLibNote: Ad Library Downloader Facebook™ 10,000 efaadoiclcgkpnjfgbaiplhebcmbipnn 1, 2
Ebay Kundendiensthelfer mit GPT 123 efknldogiepheifabdnikikchojdgjhb 5
Extension Manager 8,000 efolofldmcajcobffimbnokcnfcicooc 5
Send from Gmail - Share a Link Via Email 5,000 egefdkphhgpfilgcaejconjganlfehif 1, 3, 5
Followers Exporter for Ins 100,000 ehbjlcniiagahknoclpikfjgnnggkoac 1, 2
Website Keyword Extractor & Planner Tool 10,000 eiddpicgliccgcgclfoddoiebfaippkj 6
AMZ Currency Converter —— Amazon TS 457 ekekfjikpoacmfjnnebfjjndfhlldegj 1
eCommerce Profit Calculator 3,000 elclhhlknlgnkbihjkneaolgapklcakh 1, 2, 5
ChatGPT for Google (No Ads) 30,000 elnanopkpogbhmgppdoapkjlfigecncf 1, 3, 5
AI Resume Builder - Supawork AI 9,000 epljmdbeelhhkllonphikmilmofkfffb 1, 4
aliexpress image video download 1,000 epmknedkclajihckoaaoeimohljkjmip 5
InstaNote: Download and Save Video for IG 10,000 fbccnclbchlcnpdlhdjfhbhdehoaafeg 1, 2, 5
Ebay Niche Finder&ChatGPT Review Analysis 419 fencfpodkdpafgfohkcnnjjepolndkoc 5
One-Click Search Etsy Similar Products 83 fffpcfejndndidjbakpmafngnmkphlai 5
WA Link Generator 315 fgmmhlgbkieebimhondmhbnihhaoccmj 1
AI Script Writer & Video to Text for TikTok 9,000 fhbibaofbmghcofnficlmfaoobacbnlm 1, 2, 5
WA Bulk Message Sender 100,000 fhkimgpddcmnleeaicdjggpedegolbkb 1, 5
Free VPN For Chrome - HavenSurf VPN 3,000 fnofnlokejkngcopdkaopafdbdcibmcm 5
McdGPT: Mercadolivre AI Listing edit 340 fpgcecmnofcebcocojgbnmlakeappphj 5
CRM Integration with LinkedIn for Salesforce 411 fpieanbcbflkkhljicblgbmndgblndgh 5
Online Photoshop - Photo Editor Tool 577 fplnkidbpmcpnaepdnjconfhkaehapji 1, 2, 5
Telegram Private Video Downloader 20,000 gdfhmpjihkjpkcgfoclondnjlignnaap 1, 2
AI Signature Generator - SignMaker 74 gdkcaphpnmahjnbbknailofhkdjgonjp 1, 2, 5
Privacy Extension for WhatsApp Web 2,000 gedkjjhehhbgpngdjmjoklficpaojmof 1
One-Click Search Shein Similar Products 232 gfapgmkimcppbjmkkomcjnamlcnengnp 5
Summary with ChatGPT for Google and YouTube 10,000 gfecljmddkaiphnmhgaeekgkadnooafb 1, 2, 5
ESale - Etsy™ SEO tool for seller 10,000 ghnjojhkdncaipbfchceeefgkkdpaelk 5
Twitter Video Downloader 10,000 giallgikapfggjdeagapilcaiigofkoe 1, 2, 5
Video Downloader and Summary for TikTok 3,000 gibojgncpopnmbjnfdgnfihhkpooodie 1, 2, 5
Audio Recorder Online - Capture Screen Audio 3,000 gilmhnfniipoefkgfaoociaehdcmdcgk 1, 2, 5
WalmartGPT:ChatGPT for Walmart Open AI Writer 682 gjacllhmphdmlfomfihembbodmebibgh 5
ChatShopee - AI Customer Service Helper 88 glfonehedbdfimabajjneobedehbpkcf 5
Magic VPN - Best Free VPN for Chrome 5,000 glnhjppnpgfaapdemcpihhkobagpnfee 5
Translate and Speak Subtitles for YouTube 40,000 gmimaknkjommijabfploclcikgjacpdn 1, 2, 3, 5
Messenger Notifier 3,000 gnanlfpgbbiojiiljkemdcampafecbmk 5
One-Click Search Walmart Similar Products 103 golgjgpiogjbjbaopjeijppihoacbloi 5
TikTok Hashtags Tool - Hashtags Analytics 779 haefbieiimgmamklihjpjhnhfbonfjgg 1, 5
Gmail Checker - Multi Account Gmail Notifier 9,000 hangbmidafgeohijjheoocjjpdbpaaeh 1, 5
Bulk Message Sender for wa 281 hcbplmjpaneiaicainjmanjhmdcfpeji 2
APP For IG DM 10,000 hccnecipbimihniebnopnmigjanmnjgh 1, 2, 5
Likes Exporter 6,000 hcdnbmbdfhhfjejboimdelpfjielfnde 1, 2
ChatsNow: ChatGPT AI Sidebar ( GPT, Claude , Gemini) 20,000 hcmiiaachajoiijecmakkhlcpagafklj 1, 2, 5
iTextMaster - ChatPDF & PPT AI with ChatGPT 6,000 hdofgklnkhhehjblblcdfohmplcebaeg 1, 2, 3, 5
Shopify™ Raise - Shopify™ store analysis tool 10,000 hdpfnbgfohonaplgnaahcefglgclmdpo 1, 2, 3
ShopeeGPT - Optimize Titles & Descriptions 713 hfgfkkkaldbekkkaonikedmeepafpoak 5
Telegram Desktop - Telegram Online Messenger 4,000 hifamcclbbjnekfmfgcalafnnlgcaolc 5
CommentGPT - Shopee review analysis assistant 321 hjajjdbieadchdmmifdjgedfhgdnonlh 5
Vimeo™ Downloader and chatGPT Video Summary 40,000 hobdeidpfblapjhejaaigpicnlijdopo 1, 2, 5
IG Comment Export Tool 4,000 hpfnaodfcakdfbnompnfglhjmkoinbfm 1, 2, 5
SEO Search Keyword Tool 40,000 hpmllfbpmmhjncbfofmkkgomjpfaocca 5
IG Video Downloader - SocialPlus 5,000 iaonookehgfokaglaodkeooddjeaodnc 1, 2, 5
AdLibNote: Video Downloader for Facebook™ 10,000 icphfngeemckldjnnoemfadfploieehk 1, 2, 5
IGExporter - IG Follower Export Tool 2,000 iffbofdalhbflagjclkhbkbknhiflcam 1, 2, 5
Wasup Translator - Translate WhatsApp Messages 328 ifhamodfnpjalblgmnpdidnkjjnmkbla 1, 5
Free VPN For Chrome - HavenSurf VPN 1,000 ihikodioopffhlfhlcjafeleemecfmab 5
TelePlus - Multi-Accounts Sender 8,000 ihopneheidomphlibjllfheciogojmbk 1, 2, 5
Keywords Explorer For Google Play Store (ASO) 2,000 ijegkehhlkpmicapdfdjahdmpklimdmp 6
Mass follow for Twitter 1,000 ijppobefgfjffcajmniofbnjkooeneog 1, 5
Etsy Customer Service Helper with ChatGPT 506 ikddakibljikfamafepngmlnhjilbcci 5
Telegram Group and Channel Search Tool 7,000 ilpgiemienkecbgdhdbgdjkafodgfojl 1, 2, 5, 7
NoteGPT: Udemy Summary with ChatGPT & Claude 8,000 indcipieilphhkjlepfgnldhjejiichk 1, 2, 5
Volume booster - Volumax 2,000 ioklejjbhddpcdgmpcnnpaoopkcegopp 6
AmzGPT: Amazon listing edit 4,000 jijophmdjdapikfmbckmhhiheghkgoee 5
TTNote: Video Downloader and Saver 30,000 jilgamolkonoalagcpgjjijaclacillb 1, 2, 5
GS Helper For Google Search Google Scholar 2,000 jknbccibkbeiakegoengboimefmadcpn 5
WASender - WA Bulk Message Sender 1,000 jlhmomandpgagmphfnoglhikpedchjoa 1
ai celebrity voice clone 572 jlifdodinblfbkbfmjinkpjieglkgfko 1
WAPlus CRM - Best WhatsApp CRM with AI 60,000 jmjcgjmipjiklbnfbdclkdikplgajhgc 1
Save Webpage As PDF 10,000 jncaamlnmeladalnajhgbkedibfjlmde 5
Etsy™ Reviews Extractor 1,000 jobjhhfnfkdkmfcjnpdjmnmagepnbifi 5
AI Image Generator: Get AI Art with Any Input 1,000 jojlhafjflilmhpakmmnchhcbljgmllh 5
TG Sender - TG bulk message send and invite 20,000 kchbblidjcniipdkjlbjjakgdlbfnhgh 1, 2, 5
QR Code Generator 25 kdhpgmfhaakamldlajaigcnanajekhmp 1
Browser VPN - Free and unlimited VPN proxy 7,000 kdjilbflpbbilgehjjppohpfplnapkbp 5
Summary Duck Assistant 1,000 kdmiipofdmffkgfpkigioehfdehcienf 1, 2
FindNiche - aliexpress™ dropshipping & analytics tool 1,000 kgggfelpkelliecmgdmfjgnlnhfnohpi 2, 3, 5
LinkedRadar - Email Finder for LinkedIn ™ 50,000 kgpckhbdfdhbkfkepcoebpabkmnbhoke 1, 5
WA - Download Group Phone Numbers 4,000 khajmpchmhlhfcjdbkddimjbgbchbecl 1, 5
WA Self Sender for WhatsApp Web(Easy Sender) 10,000 khfmfdepnleebhonomgihppncahojfig 1
GPT for Ecom: Product Listing optimizer 20,000 khjklhhhlnbeponjimmaoeefcpgbpgna 1, 2, 5
IG Follower Export Tool - IG Tools 100,000 kicgclkbiilobmccmmidfghnijgfamdb 1, 2, 5
WhatsApp Realtime Translate&Account Warm Up&Voice message Transcript 1,000 kifbmlmhcfecpiidfebchholjeokjdlm 1, 5
WA Group Sender 10,000 kilbeicibedchlamahiimkjeilnkgmeo 5
FindNiche - Shopify™ store traffic analysis 7,000 kiniklbpicchjlhhagjhchoabjffogni 1, 2, 3, 5, 7
Telegram Restricted Content Downloader 7,000 kinmpocfdjcofdjfnpiiiohfbabfhhdd 1, 2
website broken link and 404 error checker 10,000 kkjfobdnekhdpmgomkpeibhlnmcjgian 1, 2, 5
TG Content Downloader - download telegram restricted files 983 kljkjamilbfohkmbacbdongkddmoliag 1, 5
Comment Assistant In LinkedIn™ 978 kmchjegahcidgahijkjoaheobkjjgkfj 5
Tab Manager - Smart Tab By NoteGPT AI 7,000 kmmcaankjjonnggaemhgkofiblbjaakf 1, 2, 5
WA Number Checker 5,000 knlfobadedihfdcamebpjmeocjjhchgm 1, 2
Telegram downloader - TG Video Photo Download 4,000 kofmimpajnbhfbdlijgcjmlhhkmcallg 1
WA Group Link Finder 2,000 kpinkllalgahfocbjnplingmpnhhihhp 1, 2
One-Click Search Ozon Similar Products 96 laoofjicjkiphingbhcblaojdcibmibn 5
WADeck - WA AI ChatBot &WhatsApp Sender 40,000 lbjgmhifiabkcifnmbakaejdcbikhiaj 1, 5
AliNiche Finder&ChatGPT Review Analysis 484 ldcmkjkhnmhoofhhfendhkfmckkcepnj 5
Fashion Model-AI Model Generator For Amazon 1,000 ldlimmbggiobfbblnjjpgdhnjdnlbpmo 1, 5
WhatsApp Group Management Pro - Export, Broadcast & Monitor Suite 20,000 ldodkdnfdpchaipnoklfnfmbbkdoocej 1, 2, 5
Photo download & Save image 8,000 leiiofmhppbjebdlnmbhnokpnmencemf 5
Aliexpress Customer Service Helper 191 lfacobmjpfgkicpkigjlgfjoopajphfc 5
Find WhatsApp Link - Group Invite Link 10,000 lfepbhhhpfohfckldbjoohmplpebdmnd 5
Yahoo - optimize listing & AI Writer 69 lgahpgiabdhiahneaooneicnhmafploc 5
Amazon Finder&ChatGPT Review Analysis 821 lgghbdmnfofefffidlignibjhnijabad 5
AI Resume Builder - LinkedRadar 10,000 lijdbieejfmoifapddolljfclangkeld 1, 4
Article Summary with ChatGPT and Take Notes 8,000 llkgpihjneoghmffllamjfhabmmcddfh 1, 2, 5
AliNiche - AliExpress™ Product Research Tool 30,000 lmlkbclipoijbhjcmfppfgibpknbefck 1, 2, 5
ModelAgents - AI Fashion Models Generator 5,000 lmnagehbedfomnnkacohdhdcglefbajd 5
Gmail Address Check & Send Verify Tool 2,000 lmpigfliddkbbpdojfpbbnginolfgdoh 5
WA Number Checker - Check & Verify WA Number 5,000 lobgnfjoknmnlljiedjgfffpcbaliomk 1
Free AI Voice: Best Text to Speech Tool 1,000 lokmkeahilhnjbmgdhohjkofnoplpmmp 5
IG Email Extractor - Ins Followers Exporter 3,000 lpcfhggocdlchakbpodhamiohpgebpop 1, 5
WA Bulk Sender 5,000 mbmlkjlaognpikjodedmallbdngnpbbn 1
YouTube Comment Summary with ChatGPT OpenAI 3,000 mcooieiakpekmoicpgfjheoijfggdhng 5
Ad Library - Ads Spy Tool For YouTube™ 2,000 mdbhllcalfkplbejlljailcmlghafjca 5
Schedule Email by Gmail 862 mdndafkgnjofegggbjhkccbipnebkmjc 1, 5
Feature Graphic Downloader for Play Store 546 meibcokbilaglcmbboefiocaiagghdki 5
One-Click Search eBay Similar Products 75 mjibhnpncmojamdnladbfpcafhobhegn 5
Twiclips - Twitch Clip Downloader 8,000 mjnnjgpeccmgcobgegepeljeedilebif 1, 2, 5
Auto Connect for LinkedIn™ - LeadRadar 1,000 mliipdijmfmbnemagicfibpffnejhcki 1
Easy Web Data Scraper 40,000 mndkmbnkepbhdlkhlofdfcmgflbjggnl 1, 2, 3, 5
wa privacy 68 nccgjmieghghlknedlgoeljlcacimpma 1
Ad Library - Ads Spy Tool For Pinterest™ 2,000 ndopljhdlodembijhnfkididjnahadoj 5
Universal Keyword Planner box 5,000 niaagjifaifoebkdkkndbhdoamicolmj 1, 2, 5
AdLibNote: Ad Library Downloader Facebook™ 30,000 niepmhdjjdggogblnljbdflekfohknmc 1, 2
WA Group Sender & Group Link Scraper 1,000 nimhpogohihnabaooccdllippcaaloie 1, 2
Ad Library - Ads Spy Tool For Twitter™ 1,000 nkdenifdmkabiopfhaiacfpllagnnfaj 5
TikTok Video Tags Summary with ChatGPT 860 nmccmoeihdmphnejppahljhfdggediec 5
Image Zoom Tool 5,000 nmpjkfaecjdmlebpoaofafgibnihjhhf 1, 2, 5
ChatSider:Free ChatGPT Assistant(GPT4) 1,000 nnadblfkldnlfoojndefddknlhmibjme 7
Telegram Channels - TG Channel Link Search 1,000 nnbjdempfaipgaaipadfgfpnjnnflakl 5
H1B Sponsor Checker, Job Seek - LinkedRadar 463 noiaognlgocndhfhbeikkoaoaedhignb 1, 4, 5
WAContactSaver 7,000 nolibfldemoaiibepbhlcdhjkkgejdhl 1
vk video downloader - vkSaver 10,000 npabddfopfjjlhlimlaknekipghedpfk 1, 2, 5
Multi Chat - All Chat In One For You - SocialPlus 1,000 oaknbnbgdgflakieopfmgegbpfliganc 1, 2, 5
Twitch Channel Points Auto Claimer -Twiclips 3,000 ocoimkjodcjigpcgfbnddnhfafonmado 5
WalmartHunt-Walmart Dropshipping Tools 4,000 oeadfeokeafokjbffnibccbbgbjcdefe 1, 2, 5
TTAdNote: Download and Save Ad No Watermark 8,000 oedligoomoifncjcboehdicibddaimja 1, 2, 5
Discordmate - Discord Chat Exporter 20,000 ofjlibelpafmdhigfgggickpejfomamk 5
Social Media Downloader - SocialPlus 4,000 ofnmkjeknmjdppkomohbapoldjmilbon 1
NoteGPT: ChatGPT Summary for Vimeo 5,000 oihfhipjjdpilmmejmbeoiggngmaaeko 1, 2, 5
Aliexpress search by image 5,000 ojpnmbhiomnnofaeblkgfgednipoflhd 1, 2, 5
Privacy Extension for WhatsApp Web 4,000 okglcjoemdnmmnodbllbcfaebeedddod 1
Denote: Save Ads TikTok & FB Ad Library 40,000 okieokifcnnigcgceookjighhplbhcip 1, 2
Allegro Customer Service Helper with Open AI 13 olfpfedccehidflokifnabppdkideeee 5
LinkedRadar - LinkedIn Auto Connect Tool 198 onjifbpemkphnaibpiibbdcginjaeokn 1
WAPI - Send personalized messages 20,000 onohcnjmnndegfjgbfdfaeooceefedji 1
Entrar for Gmail™ 5,000 oolgnmaocjjdlacpbbajnbooghihekpp 5
Group exporter 2 19 opeikahlidceaoaghglikdpfdkmegklg 1
Keyword Finder-SEO keywords Tool 5,000 oppmgphiknonmjjoepbnafmbcdiamjdh 5
Search Engine Featuring ChatGPT - GPT Search 775 pbeiddaffccibkippoefblnmjfmmdmne 1, 5
Amazon Price History Tracker - AmzChart 737 pboiilknppcopllbjjcpdhadoacfeedk 5
Shopify Wise - Shopify analytics & Dropship tool 762 pckpnbdneenegpkodapaeifpgmneefjd 5
Vimeo™ Video Downloader Pro 70,000 penndbmahnpapepljikkjmakcobdahne 5
DealsUpp - Contact Saver for WA 2,000 pfomiledcpfnldnldlffdebbpjnhkbbl 1, 5
Profile Scraper - Leadboot 2,000 pgijefijihpjioibahpfadkabebenoel 1
-com Remove Background 105 pgomkcdpmifelmdhdgejgnjeehpkmdgl 1
EasyGood - Free Unlimited VPN Proxy 1,000 pgpcjennihmkbbpifnjkdpkagpaggfaa 5
FindNiche - AliExpress™ Data Exporter 114 pjjofiojigimijfomcffnpjlcceijohm 5
Share Preview Save to Social 419 pkbmlamidkenakbhhialhdmmkijkhdee 1, 3
Voice Remaker - The Best AI Generator 10,000 pnlgifbohdiadfjllfmmjadcgofbnpoi 1, 5
Pincase-Pinterest Video & Image Downloader 10,000 poomkmbickjilkojghldlelgjmgaabic 5
Ad Library - Ad Finder & Adspy Tool 30,000 ppbmlcfgohokdanfpeoanjcdclffjncg 5
YouTube Video Tags Summary with ChatGPT 908 ppfomhocaedogacikjldipgomjdjalol 1, 5

ExtensionsBox

Name Weekly active users Extension ID Approaches
Amazon Reviews Extractor 1,000 aapmfnbcggnbcghjipmpcngmflbjjfnb 1, 2
Target Images Downloader 100 adeimcdlolcpdkaapelfnacjjnclpgpb 2
Airbnb Images Downloader 433 alaclngadohenllpjadnmpkplkpdlkni 1, 2
eBay Reviews Extractor 200 amagdhmieghdldeiagobdhiebncjdjod 2
Lazada Images Downloader 363 bcfjlfilhmdhoepgffdgdmeefkmifooo 1, 2
Shopify2Woo - Shopify to WooCommerce 543 bfnieimjkglmfojnnlillkenhnehlfcj 1, 2
Group Extractor 3,000 bggmbldgnfhohniedfopliimbiakhjhj 1, 2
Shein Reviews Extractor - Scrape Data to CSV 388 bgoemjkklalleicedfflkkmnnlcflnmd 1, 2
Airbnb Reviews Extractor 86 bklllkankabebbiipcfkcnmcegekeagj 1, 2
eBay Images Downloader 863 bkpjjpjajaogephjblhpjdmjmpihpepm 1, 2
Indeed Scraper 2,000 bneijclffbjaigpohjfnfmjpnaadchdd 1, 2
Shein to Shopify CSV Exportor 130 cacbnoblnhdipbdoimjhkjoonmgihkec 1, 2
Justdial Scraper 1,000 ccnfadfagdjnaehnpgceocdgajgieinn 1, 2
AI Review Summarizer - Get ChatGPT Review Analysis in One Click 24 cefjlfachafjglgeechpnnigkpcehbgf 2
Booking Hotel Scraper 123 cgfklhalcnhpnkecicjabhmhlgekdfic 1, 2
Contact Extractor for wa 2,000 chhclfoeakpicniabophhhnnjfhahjki 2
AI Reviews Summary for Google Maps 17 cmkkchmnekbopphncohohdaehlgpmegi 2
AliExpress Images Downloader 938 cpdanjpcekhgkcijkifoiicadebljobn 1, 2
Shopy - Shopify Spy 2,000 dehlcjmoincicbhdnkbnmkeaiapljnld 1, 2
Profile Scraper for LinkedIn™ 473 dmonpchcmpmiehffgbkoimkmlfomgmbc 1, 2
Trustpilot Reviews Extractor 481 eikaihjegpcchpmnjaodjigdfjanoamn 1, 2
Indeed Review Extractor 17 ejmkpbellnnjbkbagmgabogfnbkcbnkb 1, 2
AliExpress Reviews Extractor 409 elcljdecpbphfholhckkchdocegggbli 1, 2
Etsy Reviews Extractor 306 fbbobebaplnpchmkidpicipacnogcjpk 2
Post Scraper 34 fcldaoddodeaompgigjhplaalfhgphfo 2
Images Downloader for WM 707 fdakeeindhklmojjbfjhgmpodngnpcfk 1, 2
Twitch Chat Downloader 132 fkcglcjlhbfbechmbmcajldcfkcpklng 1, 2
Costco Images Downloader 35 fpicpahbllamfleebhiieejmagmpfepi 1, 2
Etsy Images Downloader 1,000 gbihcigegealfmeefgplcpejjdcpenbo 2
Yelp Scraper 347 gbpkfnpijffepibabnledidempoaanff 2
Lazada Reviews Extractor 102 gcfjmciddjfnjccpgijpmphhphlfbpgl 1, 2
Shopee Reviews Extractor 484 gddchobpnbecooaebohmcamdfooapmfj 2
Comments Exporter for Ins 47 gdhcgkncekkhebpefefeeahnojclbgeg 1, 2
Wayfair Images Downloader 169 ggcepafcjdcadpepeedmlhnokcejdlal 2
Amazon Images Downloader 1,000 ggfhamjeclabnmkdooogdjibkiffdpec 1, 2
Shein Images Downloader 3,000 ghnnkkhikjclkpldkbdopbpcocpchhoi 1, 2
Reviews Extractor for WM 369 gidbpinngggcpgnncphjnfjkneodombd 2
Zillow Scraper - Agent & Property Export 308 gjhcnbnbclgoiggjlghgnnckfmbfnhbb 2
G2 Reviews Extractor 189 hdnlkdbboofooabecgohocmglocfgflo 1, 2
X Jobs Scraper 35 hillidkidahkkchnaiikkoafeaojkjip 1, 2
Booking Reviews Extractor 201 iakjgojjngekfcgbjjiikkhfcgnejjoa 1, 2
Shein Scraper 1,000 ibbjcpcbjnjlpfjinbeeefbldldcinjg 1, 2
Shopee Images Downloader 966 idnackiimdohbfkpcpoakocfkbenhpdf 2
Yellow Pages Scraper 2,000 iijgmfjjmcifekbfiknmefbkgbolonac 1, 2
Booking Images Downloader 27 ilcbmjpkggalcdabgpjacepgmkpnnooh 1, 2
Likes Exporter for Ins 126 jdfpnhobcnlokhaoihecmgmcnpjnhbmm 1, 2
Job Scraper for LinkedIn™ 1,000 jhmlphenakpfjkieogpinommlgjdjnhb 2
Wayfair Reviews Extractor 186 jjmejjopnabkbaojcijnfencoejjaikb 1, 2
XExporter - Export Twitter Followers 908 kfopfmdjhlpocbhhddjmhhboigepfpkg 1, 2
Costco Reviews Extractor 31 lbihigmoeinmajbmkbibikknphemncdl 1, 2
Pinterest Images Downloader - Pinterest Video Downloader 2,000 lephhdmcccfalhjdfpgilpekldmcahbb 1, 2
Shein to Woo CSV Exportor 66 lhjakenfnakjjfgfcoojdeblfmbpkocf 1, 2
Image & Video Downloader for Ins 358 ljgaknjbenmacaijcnampmhlealmbekk 2
Comments Exporter 307 llcgplklkdgffjmhlidafnajbhbohgen 1, 2
Yelp Reviews Extractor 59 mnmjkjlaepijnbgapohecanhklhoojbh 1, 2
TKCommentExport - Export TikTok Comments 1,000 monfhkhegpjfhcmjaklhnckkhlalnoml 1, 2
Chats Backup for wa 1,000 najkpicijahenooojdcnfdfncbaidcei 2
Slack™ Member Extractor 497 nbhjfblpkhiaiebipjcleioihpcclaea 1, 2
Glassdoor Scraper 387 ndnomcanokhgenflbdnkfjnhaioogmdk 1, 2
Maps Scraper & Leads Extractor 646 nhefjmaiappfgfcagoimkgmaanbimphd 1, 2
Followers Exporter for Thread 174 nhlcgpbandlddfdmabpjinolcgfbmkac 2
Bulk Barcode Generator 105 odipjjckdnfbhnnkdacknhpojbabaocb 1, 2
Followers Tracker for Ins 7,000 ohfgngkhbafacegaaphcinpgmnmjknff 1, 2
Airbnb Scraper 124 ohgfipogdmabijekgblippmcbfhncjgn 2
TripAdvisor® Review Scraper 1,000 pkbfojcocjkdhlcicpanllbeokhajlme 2
Bulk QR Code Generator 154 pnmchlmkjhphkjnbjehfgdagonbjpipg 1, 2

Lazytech

Name Weekly active users Extension ID Approaches
Twitter Comment Export Tool 1,000 ajigebgoglcjjjkleiiomgbogggihibe 1, 2
AliExpress Images Downloader 1,000 ajnfoalglmknolmaaipgelpbdpcopjci 1, 2
Slack Translator Pro 475 ajoplaibmnoheaigdnfbagfchnnjkicc 1, 2
Whatsapp Translator Pro 2,000 bnbighhfhbnkoinbakcadadhjhjhnogo 1, 2
Discord Translator Pro 2,000 bpgmpnpdklkcdgiemflkhfhbcibbimhh 1, 2
Threads Followers Exporter 447 cackmcfbjdjnicnoifjcbpbidfnodfid 1, 2
Telegram™ Translator - Immersive Translation 1,000 cadnjdgggbmgmiokgmbngklhlldabhom 1, 2
Twitter Auto Unfollow Tool 1,000 cdejkfmlkpdipdjlookbmifhlihdefld 1, 2
FB Group Export Tool 1,000 cfkelnkpomgldoeoadoghdjcejdknilb 1, 2
Etsy Images Downloader 367 clcjlefnlochgjgmhkkmggojbcckloel 1, 2
Snapchat Translator Pro 58 degekmdjhceighgpmeociiolpbpdfmkk 1, 2
Skype Translator Pro 30 dheinobepcdickihlphioifoadnnlddn 1, 2
YouTube™ Comment Translator Pro 2,000 dkleeapinhlpifbijbppjcbgiolpagjd 1, 2
IG Followers Exporter 2,000 dncpodlbhbfeckciihiifmfpepleaked 1
Contact Saver for WhatsApp 2,000 dnoeodfoipnecbnnjhgoopnheicjlemm 1, 2
FB Messenger™ Translator - Immersive Translation 1,000 eeagfonlpjdegifbbipcnbhljledonnc 1, 2
Twitter AutoFollow Pro 1,000 elnglbaphfoebenjdbkalpgghijpnklp 1, 2
IG Auto Liker 1,000 fajlpeonkickmgcbmpnmdofghngjphac 1, 2
IG Auto Unfollow 1,000 fcapaeipdkdbongbphfbccnegbcbilah 1, 2
Indeed Scraper 44 fedomnahgimendnjeifhhgehimjidnof 1, 2
Lazada Images Downloader 1,000 fgefgonmnflpghpipmaajgagfekcdljp 1, 2
IG HashTag Export Tool 1,000 gddkmjkdanijaiogljcfnhaolephjfcj 1, 2
FB Messenger Translator Pro 1,000 gfmklfdiaiefelfoklndfcchmdopjcke 1, 2
TG Downloader - Photos, Videos, Audios 1,000 gihehopmfgnaknmbabddbkkebbaopeee 1, 2
Bumble Swipe Bot - Auto Filter & Swipe 955 gikinafmdccpecjbmnbjkeiadcabffpb 1, 2
Twitter Followers Exporter 1,000 giplfbjnmilhalcaehoblaegpkgembpi 1
Twitch Translator Pro 1,000 gmaglilejboehglachimajmepgjckjng 1, 2
Shein Images Downloader 1,000 hamgafmfcmaipelffjbdgikejedlnbmm 1, 2
eBay Images Downloader 1,000 hedppplfdackfbdjienfgbmecbnldijl 1, 2
IGEmail - Instagram Email Scraper 1,000 hgonoojgigfaikonjkhchoklgjoiphio 1, 2
Twitter Follower Export Tool - Export Followers / Following 1,000 hncbinceehncflccpnanfdnbinhjlleh 1, 2
IGFollower - IG Follower Export Tool 2,000 iindafjcdjddenmiacdelomccfblfllm 1, 2
FB Comments Export Tool 1,000 inooeahlmjlhjdblojocgcoohmpjbhif 1, 2
IG Auto Follower - Auto Follow / Unfollow 1,000 ipmahbofhgomnebimjlocmemobaamnfp 1, 2
Apollo Exporter 867 joainhjiflchdkpmfadbencgeedodiib 1, 2
Temu Images Downloader 1,000 jonloekipbhbjfcdpicecchjhhoidncn 1, 2
TikTok Follower Export Tool 1,000 kcoglbpmmjallcceanhiafgdlhofocml 1, 2
Twitter Comments Exporter 1,000 kdcgillnpmlfacikljeafiikgcpdjiha 1
IG Growth Pro - Auto Follow & Unfollow 2,000 kdibmenfbafnmjineglfmlbnmckhceej 1
Telegram Translator Pro 1,000 kkafjojibijigkcpgiidnphfnhdnopnf 1, 2
Twitter Auto Unfollow 1,000 lfofoljipingdgmjdmleonbnkecfbjli 1
Discord Chat Export Tool 1,000 lmoceiadfbnpofjbmgemloenlfkhhbhl 1, 2
Amazon Images Downloader 1,000 mjkalljfgchhnjekdgkennpimdobfjfa 1, 2
Twitter Auto Follower - Auto Follow / Unfollow 1,000 mmaekkgncaflnfaimjaefjohpgneagnh 1, 2
Twitch™ Translator - Immersive Translation 1,000 ndjfdohpdlajffmmhdlifafoihibnokb 1, 2
Discord™ Translator - Immersive Translation 1,000 nenhidhfpjbccpbikiceenfnchkhljmd 1, 2
IG Comment Export Tool 1,000 ngigmhodcdcjohafngokbkmleidkigfn 1, 2
IG Comments Exporter 1,000 nogopabibhapbfcnlfeandndkalcjkik 1
Slack™ Translate 253 ogeieigjomecilgfebkdbgdckfpbjfah 1, 2
IGEmail - Email Extractor and Scraper for Ins 1,000 ohhcmiegflabbcfihgjkkndpgijmpghk 1
IG Auto Like Tool 1,000 ohocmgfknbibgiiijhokjifkhpgpahbb 1, 2
IG HashTags Exporter 1,000 pgbenbeencahnighlkhingagogpjjdbh 1, 2
Whatsapp™ Translator - Immersive Translation 1,000 phafeggjhdhfcmlanhmgbmcbgocapnik 1, 2
TikTok Comment Export Tool 1,000 pjjldehmkcnmmkldjielbonlnmbkomlm 1, 2
IG Unfollow Pro 1,000 pmlkkhcpimkhgalapkfpiknklhalkoeo 1
Tinder Swipe Bot - Auto Filter & Swipe 644 poocdjijjpnkcmhjecpeicdhljbmgddc 1, 2

Yue Apps

Name Weekly active users Extension ID Approaches
Etsy Images Downloader 115 aakfimfbjikfkfeokmamllkomlejnpdi 1, 2
Export Twitter Follower 1,000 amflfbkcoeanhfcdcbebeimpjnoebakn 1, 2
Export TikTok Followers 378 bdhcflkeglekljebdpanedpgeojpfefj 1, 2
IG Auto Follow 19 cpfdfhmnheohcfiddlpjgjjdhgmnnali 1
Twitter Unfollower 536 eilkgadngbcjchnpmndgafhaihmohfho 1, 2
Twitter Auto Follow-Unfollow 447 fmkhphcddlhkmggaldkibecjmgpkbpdl 1, 2
Shein Scraper 26 gpbhomcniappgbcehfedaliofagbfado 1, 2
IG Auto Like 1,000 hmgfjlghckknhafggpnnniffdiggdmpd 1, 2
IG Follower Export Tool 3,000 iacchdhbljnmihoeeelcgljnajfafpkh 1, 2
IG Auto Follow 928 icjfkeibgfjfkdfjjgafpkpfplpnbidc 2
Contacts Exporter for WhatsApp 28 ifhjahdgkdcpeofnamflcpdkadijbifl 1
IG Auto Follow 5,000 iiaohnpoogjkomcdkhdfljgpglejpaad 1, 2
Shein Images Downloader 1,000 lphjpapkpnhhffgobpekcmeanpompeka 1, 2
IG Auto Unfollow 77 mpmpkpbmimeinhimdkbcecbbmgcacndp 1, 2
TwExport - Export Tweets From Any Account 972 nahaggbplpekgcbbnemjlpnnmpmhnfkh 1, 2
Export Group Members for Facebook 40 oakdlcfhapgllacidemajdmmdcjfbiig 2
Unfollowers Pro 3,000 onkeebndjchpacfplcfojadeedlfdime 1, 2, 7
Export Tweet From Any Account 167 opbkmlokpjccgjmffhpndbjahhkbnhon 1

Chrome Extension Hub

Name Weekly active users Extension ID Approaches
TG Sender - telegram messages bulk sender 462 baghjmiifdlhbnfiddfkoomfkhmiamle 1, 2
IGEmail - Email Extractor and Scraper 1,000 cnjelbflcpdehnljcmgolcbccfhgffbn 1
Ins Comment Bot - instagram automated comment bot 22 dlfigaihoneadjnenjkikkfehnpgbepo 1, 2
IGFollow - Follower Export Tool 546 efjeeadgcomeboceoedbfnnojodaonhj 1, 2
IGCommentsExport - Export Comment for IG 39 fahielldgamgakbecenbenagcekhccoj 1
Unsubscriby for Youtube 42 gcmfheliiklfcjlbnmeahfhmcbjglncl 1, 2
Airbnb Scraper 32 ioblhofpjfjbfffbibgkjiccljoplikf 1, 2
TG Downloader - Telegram Video Download 2,000 kockkcmeepajnplekamhbkgjomppgdhp 1, 2
IGPost - Export Instagram photos and videos 70 mdhgjlmpioeeainbfmodgcaajgchapnm 1, 2

Infwiz

Name Weekly active users Extension ID Approaches
WAAutoReply - Web Automatic Reply Assistant 47 bilbhjhphaepddlmheloebigdkafebmg 1, 2
Reaction Exporter - Extract Like, Love, etc. 168 cddgoecgoedcodpohjphbhfdhojlpfik 1, 2
WAChecker - Check, Verify & Filter Number 3,000 cmelkcfmckopkllanachmbnlfpkhnjal 1, 2
IGGrowth - auto follow and unfollow 1,000 eggdbehenjijmhlbiedecgkehgeilemo 1, 2
IGCommentsExport - Export Comment for IG 5,000 ejneclajijjhnnelphnggambomegmcpd 1
Jobs Scraper for Indeed 16 fbncpljgpiokofpgcedbfmbnpdmaofpj 2
Job Scraper for LinkedIn™ 64 hhddcmpnadjmcfokollldgfcmfemckof 1, 2
Social Profile Info - User Info Lookup From URLs & IDs 47 jcmhjgllmdnlfabkppegglnmkmlheopp 1, 2
Chewy Reviews Scraper - Images 8 jhgpmldoffheafnogmaihhgjpoecmgea 1, 2
Comment Exporter - Extract Comments 866 knpbmoflfeeokanhpkiofaoaohpgfbjh 1, 2
Message Sender - Web Sender 7,000 ldhmkpfefdgmbgmmcldnnjokfjjnldmf 1
Download Group Phone Numbers 8,000 mhlmhjlkpioopoipgbmcmiblopmmecjc 1
Friend Exporter - Extract friends list 993 ncekbecnpnoiapeghdneaihmeokakpdp 1, 2
Zillow Scraper - Extract Data from Zillow 2,000 nlieamdebnjhijflpbkbaijnjpdpieoh 1, 2
Friend Requests Sender 201 padhkflcigakphahffhcgfnfiddimngo 1, 2
IGFollow - Follower Export Tool 100,000 pkafmmmfdgphkffldekomeaofhgickcg 1, 2

NioMaker

Name Weekly active users Extension ID Approaches
Friend Requests Sender 113 bgdjlbjaemhokfkkjiplclhjjbmlhlof 1, 2
Lead Exporter for Apollo 2,000 fhlfdnhddefmfmmehofnbnkmcbgdlohn 1
Yelp Scraper: Scrape Yelp business data 46 fnoknmcjgfgepgngbkeefjgeikbdenki 1, 2
Followers Everywhere for LinkedIn™️ 38 kdopjbndoijfnnfijfkfponmllfomibn 1

FreeBusinessApps

Name Weekly active users Extension ID Approaches
Twitch Chat for Full Screen 4,000 bgopmpphpeghjpififijeoaojmmaiibh 6
Free Time Clock for Google Chrome™ 3,000 bhcdneenlaehgbonacefkpjddbomfpkj 6
SQLite Viewer 9,000 bpedjnknnoaegoaejefbodcdjmjkbbea 5
ESports Tournament Schedule 111 caocacliklpndkcbdcbfcjnelfaknioi 6
Volume Booster 1,000 cejhlkhieeooenehcfmcfgpcfjdhpkop 1, 2
Sketchpad for Google Chrome 7,000 dbhokcpgjhfjemonpglekkbmmjnkmolf 6
Audio Equalizer for Youtube™ 20,000 dcjnokfichnijppmkbgpafmdjghibike 1
Notepad - Take Notes And Weekly Planner 10,000 dfiojogmkjifkcckhabcedniponnmifp 6
Rubiks Cube for Google Chrome 9,000 dlabgdldanmcjlmnifgogbnffionmfki 6
CSS Selector 10,000 dobcgekgcmhjmfahepgbpmiaejlpaalc 6
Icon Finder 1,000 eblcidnbagkebkmakplgppmgecigpaef 5
Enable JavaScript 10,000 egljjlhdimceghlkloddalnlpgdgkboj 6
Page Marker for Google Chrome™ 6,000 ejfomipinjkencnfaaefmhgkipphodnc 6
Customized Scrollbar 977 elchgoiagofdppjcljnecjmekkkgjhhi 6
Compress Video Files 10,000 gbffnccbjahakeeailfjmdbhnccklcgp 6
Password Generator 4,000 gbgffmpdbclmicnofpdbdmmikppclhmf 6
Speaker Booster 8,000 gkfjamnmcjpbphincgfnagopcddfeakd 1
Fast Search for Google Drive™ 443 glhpjfhpachnbgipcookemmoocedfjgp 6
Dark Mode for Messenger 273 hajjeoobbdpmbicdnkpoggllfebkmbfb 6
Earth 3D View Map 8,000 hfnflfnjflibmhoopdbndehehbhgjcem 6
Reactions for Google Meet 40,000 hicfolagolebmjahkldfohbmphcoddoh 6
Date Time 7,000 hjiajhckbofggdeopalpnpmapekkjcmi 6
Image Editor 10,000 hpiicbccakkjfojofhjcjhbljnafdfbg 4
Picture in Picture for Videos 20,000 icmpjbkbjlbfpimllboiokakocdgfijb 6
Mute Tabs 2,000 ijidbphagpacfpkhgcjfbdjohkceanea 6
Copy To Clipboard 8,000 imjkddkepakidnmolhmpfldheaiakojj 6
Tab manager 3,000 iofngkkljgebpllggmdpcldpifhdckkg 6
Online Radio for Google Chrome™ 4,000 jlfegkfcihbbpiegahcpjjidojbhfglo 6
Custom Dark Mode 3.0 for Youtube, Facebook 795 jpgkbhploimngoikjnmggchkcekleehi 1, 2
Make Text Readable for Google Chrome™ 1,000 kicekkepbmfbaiagdcflfghmnnachmdg 6
Online Download Manager 10,000 kilhigaineblocfbpikplhgaacgigfnb 6
Gmail Adblocker 1,000 kkddllkaglcicbicjlobbhmjjangamjh 5
Testing Reading Speed 4,000 kmkdgnfgallnjpdldcmplbggbmkgcgdl 6
User Agent Switcher 1,000 lbdmdckajccnmklminnmlcabkilmhfel 5
Highlighter for Google Chrome™ 50,000 lebapnohkilocjiocfcaljckcdoaciae 6
Free Spell Checker for Google Chrome™ 20,000 ljgdcokhgjdpghmhdkbolccfcfdbklpo 6
IMDB Ratings on Netflix 314 lkfapihkchheoddiodedjlapfdnmgkio 6
Adjust Screen Brightness for Browser 5,000 lkomnldkbflfbkebenomadllalainpec 6
Timer for Google Meet 10,000 lmkdehdoopeeffkakbbkfcmmhmeoakpk 6
Make Screenshot for Chrome™ 1,000 mhnppmochppgeilojkicdoghhgfnaaig 1
Full Page Screenshot for Google Chrome™ 10,000 mieibeigpaehbjcbibakjcmkocngijjl 6
Custom Progress Bar for YouTube™ 300,000 nbkomboflhdlliegkaiepilnfmophgfg 6
Chrome Bookmarks 4,000 nhcaihbjbbggebncffmeemegdmkamppc 6
Tab Snooze 336 nomolokefbokmolefakehdnicdpjbmnm 5
History & Cache Cleaner 10,000 oiecpgbfcchalgdchgoplichofjadhmk 5
View Chrome History 40,000 oiginoblioefjckppeefcofmkkhgbdfc 6
Meme Maker for Google Chrome 2,000 oipbnbggobjonpojbcegcccfombkfoek 6
Bass Boost for Google Chrome™ 20,000 omobmjpbljcbgdppgjfmmennpjpgokch 6
Knit Patterns 181 pfeenapookpacnhhakoilppnmbohncml 6
Tic Tac Toe 3,000 pfghhddjhifjcneopigibnkifacchpgh 6
Clear History & Web Cache 3,000 pjhgdolnnlcjdngllidooanllmcagopf 6
Citation Manager for Google Chrome™ 20,000 pkbcbgfocajmfmpmecphcfilelckmegj 6
Full screen your Videos 3,000 pkoeokeehkjghkjghoflddedkjnheibp 6
iCloud Dashboard 10,000 pnncnbibokgjfkolhbodadgcajeiookc 6
Responsive Tester 30,000 ppbjpbekhmnekpphljbmeafemfiolbki 6

Everything else

Most extensions listed below either belong to one of the clusters above but haven’t been attributed, or the cluster they belong to wasn’t important enough to be listed separately. In a few cases these could however be extensions by individual developers who went overboard with search engine optimization.

Name Weekly active users Extension ID Approaches
Simple = Select + Search 20,000 aagminaekdpcfimcbhknlgjmpnnnmooo 6
AI Chat Bot 1,000 abagkbkmdgomndiimhnejommgphodgpl 1
ChatGPT Translate 20,000 acaeafediijmccnjlokgcdiojiljfpbe 1
The AllChat - ChatGPT, WhatsApp, Messenger 1,000 adipcpcnjgifgnkofmnkdbebgpoamobf 1, 4
save ChatGPT history to evernote 1,000 afcodckncacgaggagndhcnmbmeofppok 3
Sound Booster 1,000 ahhoaokgolapmhoeojcfbgpfknpmlcaj 1, 2, 4
Dictionary - Synonyms, Definition, Translator 40,000 ahjhlnckcgnoikkfkfnkbfengklhglpg 1, 3, 4
ContentBlockHelper 20,000 ahnpejopbfnjicblkhclaaefhblgkfpd 6
Video Speed Controller 250 aiiiiipaehnjdjgokjencohlidnopjgd 4
Black Jack Play Game 20,000 akclccfjblcngnchpgekhijggnibifla 5
Free VPN - 1VPN 600,000 akcocjjpkmlniicdeemdceeajlmoabhg 1, 3, 5
Browser Boost - Extra Tools for Chrome 80,000 akknpgblpchaoebdoiojonnahhnfgnem 5
Comet - Reddit Comments on YouTube & Webpages 9,000 amlfbbehleledmbphnielafhieceggal 1, 2, 5
Hololive Wallpaper 2,000 anjmcaelnnfglaikhmfogjlppgmoipld 6
Roblox Wallpaper 9,000 ankmhnbjbelldifhhpfajidadjcammkg 5
Video Downloader Global - videos & streams 20,000 baajncdfffcpahjjmhhnhflmbelpbpli 1, 2
super cowboy play game 472 bconhanflbpldbpagecadkknihjmlail 5
Paint Tool for Web 3,000 bcpakobpeakicilokjlkdjhhcbepdmof 5
Sound booster by AudioMax 900,000 bdbedpgdcnjmnccdappdddadbcdichio 1, 2, 4
Save to Face Book. From web to Saved FB 63 bdhnoaejmcmegonoagjjomifeknmncnb 1, 2, 6, 7
Save ChatGPT to Obsidian markdown file 641 bdkpamdmcgamabdeaeehfmaiaejcdfko 7
Full Page Screenshot: ScreenTool.io 6,000 bfhiekdkiilhblilanjoplmoocmbeepj 1, 5
Downloader for Instagram - ToolMaster 100,000 bgbclojjlpkimdhhdhbmbgpkaenfmkoe 1, 2
Aqua VPN 20,000 bgcmndidjhfimbbocplkapiaaokhlcac 1, 2, 3, 4, 7
ChatGPT Assistant - Smart Search 178 bgejafhieobnfpjlpcjjggoboebonfcg 1, 2, 4, 7
Xiaojinshu - Xiaohongshu material downloader (video, picture) 2,000 bhmbklgihbfcpbnaidlcanmbekbjoopg 1
Save ChatGPT to Notion 5,000 bknieejaaomeegoflpgcckagimnbbgdp 3
Football Wallpapers 1,000 blaajilgooofbbpfhdicinfblmefiomn 6
Image downloader - picture and photos saver 500,000 cbnhnlbagkabdnaoedjdfpbfmkcofbcl 1, 2, 4, 6
IG Follower Export Tool - IG Email Extractor 1,000 cekalgbbmdhecljbanbdailpkbndbbgj 1, 2
Happy Chef Bubble Game 668 celnnbmadnnifmnaekgeiipiadahpide 5
midjourney to notion 1,000 ceoifmkmbigkoodehbhfeegbngoomiae 3, 4
Dragon Ball Z Wallpaper 10,000 cepfoomofdcijdlpinanbciebkdmmddm 5
Change Default Search Engine 7,000 cfikbclbljhmmokgdokgjhnpinnmihkp 5
Indeed Scraper 425 cgelphinochnndbeinkgdjolojgdkabc 1
Story Space. Anonymous viewer for IG and FB 10,000 cicohiknlppcipjbfpoghjbncojncjgb 1, 2
Classic Dark Theme for Web 700,000 ckamlnkimkfbbkgkdendoedekcmbpmde 1, 2, 4
ai platform 687 cklkofkblkhoafccongdmdpeocoeaeof 1
AI Art Generator 697 cllklgffiifegpgbpaemekbkgehbeigh 6
Twitter Algorithm Rank Validator - Free Tool 31 cmgfmepnimobbicpnjhfojjibhjdoggo 1
Adblock - adblocker for Youtube 700,000 cohnbaldpeopekjhfifpfpoagfkhdmeo 1, 2, 3, 7
Bass Booster - Сontrol your sound 800,000 coobjpohmllnkflglnolcoemhmdihbjd 1, 2, 4, 6
SearchGPT Powered 30,000 cpmokfkkipanocncbblbdohjginmpdjn 1, 2
Maps Scraper & Leads Data Extractor 800 dahoicbehnalbeamhcpghhoelifghbma 6
Wasup WA Sender 4,000 dcmcongoliejhianllkdefemgiljjdjl 5
Popup Blocker - Adblock Pop up 10,000 ddbjkeokchfmmigaifbkeodfkggofelm 1, 2, 3, 4
AI Avatar Generator 528 ddjeklfcccppoklkbojmidlbcfookong 6
Telegram Video Downloader 10,000 ddkogamcapjjcjpeapeagfklmaodgagk 1, 2
GetJam - find Coupons and Promo codes 10,000 deamobbcdpcfhkiepmjicnlheiaalbbe 1, 2, 3, 7
WiFi speedtest & Internet Connection Test 10,000 deofojifdhnbpkhfpjpnjdplfallmnbf 1, 2, 4
Audio Master mini 900,000 dfffkbbackkpgmddopaeohbdgfckogdn 1, 2, 4
Geometry Dash Wallpaper 1,000 dghokgbfkiebbjhilmjmpiafllplnbok 5
ExportShopify 63 dgofifcdecfijocmjmdhiiabmocddleb 5
Bass Booster Lite 1,000 dhempgjfckmjiblbkandmablebffigdj 1, 2, 4
IG Follower Export Tool - Export Follower List Instagram - IG Tools 343 dhmgjkbkpjikopbkgagkldnoikomgglo 1, 2
Custom Youtube 64 dieglohbkhiggnejegkcfcpolnblodfj 1, 2
Math AI 10,000 dioapkekjoidbacpmfpnphhlobnneadd 1, 2, 7
Batch Save ChatGPT to Notion 176 djefhicmpbpmmlagbgooepmbobdhajgn 7
Night Theme for Web 786 djkdplhjjhmonmiihoaipopjfjalelkb 1, 2, 4
TickerIQ 200,000 dlaajbpfmppphhflganljdalclmcockl 1, 2, 4
Screen Recording 10,000 dlcelhclgobpnegajplgemdhegfiglif 1, 4
Retro Video Downloader 3,000 dnbonfnabpogidccioahmeopjhbcojoe 1, 2, 4
View Instagram Stories - InstaStory 288 dpckdamgkbgkhifgpealdkekennmkjln 1
City Bike Racing Champion Game FEEP 471 dpkpeppcigpkhlceinenjkdalhmemljn 5
ChatGPT for WhatsApp 7,000 eacpodndpkokbialnikcedfbpjgkipil 5
Vibn AI - ChatGPT: AI-Powered Browsing 20 ealomadpdijnflpgabddhepkgcjjeiha 2
sync evernote to notion 72 edppbofcdhkllmbbhnocaenejjlcjoga 2, 4, 7
Email Extract Pro - Simplify Lead Generation with Notion 606 eebaoaeanohonldcbkpnjfkdlcbcaond 2, 3, 7
Bass Booster - Sound Master Pro 200,000 eejonihdnoaebiknkcgbjgihkocneico 1, 2, 4
Ever2Notion 148 efolkkdddgjcnnngjefpadglbliccloo 3
Claude to Obsidian 217 ehacefdknbaacgjcikcpkogkocemcdil 1
Auto Tab Saver Pro 14 ehdnfngedccloodopehbfgliancjekhi 1, 3
Tricky Craby Html5 Game 7,000 eifmecggecobbcjofbkkobpbjbdifemc 5
Dark Mode - Dark Reader for Chrome 60,000 eiionlappbmidcpaabhepkipldnopcch 1, 2
Beautiful Nature Pictures Wallpaper 1,000 eilemfgfflhnndcaflanfgmohfjgbgof 6
Email extract 400,000 ejecpjcajdpbjbmlcojcohgenjngflac 1, 2, 4
Screen recorder - Recorder Tool 84 ekgimgflikldcmjmeeecnkdenimhamch 5
Soccer Online Game Football - HTML5 Game 40,000 eknjiacpaibimgjdeldfhepofgjkngck 6
Crazy Cursors - Custom Cursors with Trails 14 enncggclkhfdeoaglhjkieeipkboaecd 1, 3
Lumberjack River Game 1,000 fbgkmgkcneoolclpopjahcdogpbndkcl 5
Vroxy - Spoof Time Zone, Geolocation & Locale 1,000 fcalilbnpkfikdppppppchmkdipibalb 1, 5
Linkedin Job Scraper - scraper.plus 948 fcfbdnejkoelajenklbcndfokempkclk 3
Music Equalizer for Chrome 500,000 fedoeoceggohfajbhbadkfhgckjkieop 1, 2, 4, 6
Safety Web - Adblock for Web 2,000 ffafhlldnfofnegdfhokdaohngdcdaah 4, 5
IG Likes Export 1,000 fiefnmddjghnmdjfedknoggjfcfejllm 2
Free YouTube Comment Finder - EasyComment 1,000 fifgmgcoibgcehfbpeifpipjnmfdjcoi 1, 5
Classic Brick Game 80th 7,000 filjhgipogkkmalceianiopidelcacam 1, 2, 4, 6
IG Follower Export Tool - IG Lead Scraper 48 fimgpffhikpemjcnfloodfdjfhjkoced 5
Instagram Photos Download - InstaPhotos 381 fjccfokbikcaahpgedommonpjadhdmfm 1
Save Twitter&Linkedin People to Notion CRM 61 fjhnpnojmkagocpmdpjpdjfipfcljfib 1, 2, 3
Life HD Wallpapers New Tab 787 flbglpgpbekkajkkolloilfimbaemigj 1
INSORT - Sort Reels for IG 334 fmdndpmffplgenajipolmpfhflmgdpla 5
Indeed Scraper 467 fnmcgefncfbmgeafmdelmjklpblodpnc 1, 2
Grand Commander 1,000 fnpedebmmbanjapadpnoiogjjhnggdca 5
Succubus HD Wallpapers New Tab Theme 126 gahampmajaohlicbcpdienlhclhkdgcg 1, 6
Attack On Titan Live Wallpapers 6,000 gajcknbeimpoockhogknhfobnblpkijk 6
Red And Black Shards 9,000 gamplddolbodndilnmooeilfcmdjkjfn 6
Free VPN Proxy - NoName VPN 1,000 gceoelahanekobagpkcelbhagpoaidij 4, 5
GPT Booster - ChatGPT File Uploader & Chats Saver 9,000 gcimiefinnihjibbembpfblhcmjclklo 1, 2, 6
GPT Sidebar - Search with ChatGPT 900,000 gcmemiedfkhgibnmdljhojmgnoimjpcd 1, 2, 3, 4, 6
IG Reel Download - InsReels 194 gcofmhbhbkmagfcdimaokhnhjfnllbek 1
Chrome Capture - screenshot & GIF 300,000 ggaabchcecdbomdcnbahdfddfikjmphe 4
Audio Equalizer 551 ggcffjkfphpojokoapldgljehpkiccck 1, 2, 4
GPTs Store Search and Favorite GPTs 735 ggelblabecfgdgknhkmeffheclpkjiie 3
League of Legends Wallpaper 1,000 giidhjojcdpaicnidflfmcfcnokgppke 5
Video Downloader Button 9,000 gjpdgbkjopobieebkmihgdoinbkicjck 1, 2, 5
Screen Virtual Keyboard- specific needs tool 9,000 gkiknnlmdgcmhmncldcmmnhhdiakielc 4, 6
Just Video Downloader 5,000 gldhgnbopkibmghhioohhcjcckejfmca 1, 2, 4
Picture in Picture - floating video player 1,000,000 gmehookibnphigonphocphhcepbijeen 1, 2, 4
Sound Booster 10,000 gmpconpjckclhemcaeinfemgpaelkfld 1, 2
Hive - Coupons, Promo Codes, & Discounts 2,000 godkpmhfjjbhcgafplpkaobcmknfebeh 1, 2, 3
Profile Picture Maker - AI PFP Maker 202 gonmpejcopjdndefhgpcigohdgjkjbjc 6
Traffic Car Racing Game 10,000 gpchpdllicocpdbbicbpgckckbkjdago 6
Mass Delete Tweets - Tweet Deleter 1,000 gpeegjjcnpohmbfplpkaiffnheloeggg 1, 5
Microsoft Word Translator - Translate Word online 974 gphocmbdfjkfghmmdcdghoemljoidkgl 3
Better Color Picker - pick any color in Chrome 20,000 gpibachbddnihfkbjcfggbejjgjdijeb 5
Popup and Ads Blocker 20 hadifnjapmphiajmfpfgfhaafafchjgh 1, 2, 3
Sound Equalizer 50,000 hckjoofeeogkcfehlfiojhcademfgigc 1, 2, 4
Multi Ad Blocker Complete for Youtube™ 4,000 hdoblclnafbfgihfnphjhadfpgcmohkp 1
Video Downloader pro 1,000,000 hebjaboacandjnlnhocfikmaghgbfjlp 1, 2, 4
WAFilter - Check & Verify WA Number 5,000 hhfjicmmlbnmbobgpfmdkodfjkibogog 1, 5
Translator - Click to Translate 10,000 hhmocdjpnopefnfaajgfihmpjpibkdcj 1, 2, 3, 4, 5
Funny Tweet Generator 241 hhpmgfhnfdifcjgmgpgfhmnmgpiddgbg 1, 5
Winamp Classic Equalizer 1,000 hibihejapokgbbimeemhclbhheljaahc 1, 4
ChatGPT plugin search 893 hjdhbhggcljjjfenfbdbbhhngmkglpkl 3
ReminderCall Chrome Ext. 287 hlblflbejmlenjnehmmimlopeljbfkea 1, 3
Automatic ChatGPT Translator: Prompt Genie 1,000 hlkbmbkcepacdcimcanmbofgcibjiepm 3
AI Editor For Xiaohongshu™ - XHSPlus 2,000 hmeohemhimcjlegdjloglnkfablbneif 1
Cute Dog Wallpaper HD Custom New Tab 10,000 iaaplcnlmmnknnbhhpedcaiiohdepiok 6
Adblocker for Web 3,000 icegiccppplejifahamjobjmebhaplio 1, 2, 3, 4
Email scraper & Email Extract 73 ichccchniaebdhjehjcpmiicifhccpem 1, 5
Tomba - Email Finder & Email Extractor Plus 9,000 icmjegjggphchjckknoooajmklibccjb 5
Comment Exporter - Export Ins Comments 454 idfcdgofkeadinnejohffdlbobehndlf 1, 2
Get Color Palette from Website 75 idhdojnaebbnjblpgcaneodoihmjpdmo 1
Itachi Live Wallpaper 9,000 ihmlfoinmmfmcdogoellfomkcdofflfj 6
Eclincher 905 iicacnkipifonocigfaehlncdmjdgene 5
QRCodie - QR Code Generator 20 iioddhggceknofnhkdpnklfopkcahbkc 1, 2
Shorts blocker for Youtube 100,000 iiohlajanokhbaimiclmahallbcifcdj 1, 2, 4, 6
App Client for Instagram™ - InLoad 800,000 ikcgnmhndofpnljaijlpjjbbpiamehan 1, 2, 4, 6
FollowFox - IG Follower Export Tool (Email) 970 imoljjojcgjocfglobcbbhfbghpdjlfn 1, 2
chatgpt partner - Your AI Assistant 778 infgmecioihahiifibjcidpgkbampnel 4
Zombie Shooter Play 5,000 iohppfhpbicaflkcobkfikcjgbjjjdch 5
Adblock for YouTube & Chrome - All Block 400,000 jajikjbellknnfcomfjjinfjokihcfoi 1, 2, 3
AdBlocker - Ultimate Ads Blocker 1,000 jchookncibjnjddblpndekhkigpebmnn 1, 2, 3
Emoji Keyboard New 1,000 jddhjkckjlojegjdjlbobembgjoaobfc 6
Candy Match 3 Puzzle Games 2,000 jdffnpgoekmmkfgfflnpmonkldllfmbh 5
Genius PRO : Adblocker +Total Web Security 20,000 jdiegbdfmhkofahlnojgddehhelfmadj 3
Night Theme - Dark Mode 4,000,000 jhhjdfldilccfllhlbjdlhknlfbhpgeg 1, 2, 4
Jarvis AI: Chat GPT, Bing, Claude, Bard, BOT 10,000 kbhaffhbhcfmogkkbfanilniagcefnhi 1, 2
AI GPT 30,000 kblengdlefjpjkekanpoidgoghdngdgl 1
Dark Mode Chrome 300,000 kdllaademhdfbdhmphefcionnblmobff 1, 2, 4, 6
Pubg Wallpaper 1,000 kealimbjilfbnmolgombldemenlddfaa 5
Dark Shade 97 kfgpocchpfefpnecphkcjoammelpblce 1, 2
WA Contacts Extractor - wabulk.net 9,000 kfjafldijijoaeppnobnailkfjkjkhec 1
Video Downloader 10,000 kghcdbkokgjghlfeojcpeoclfnljkbdk 1, 2
ChatGPT of OpenAI for Google 10,000 kglajnlchongolikjlbcchdapioghjib 1, 2, 4, 6
Global Video & Audio Downloader 827 kglebmpdljhoplkjggohljkdhppbcenn 1, 2
Emoji keyboard online - copy&past your emoji. 1,000,000 kgmeffmlnkfnjpgmdndccklfigfhajen 1, 2, 4
Volume Booster - Increase sound 700,000 kjlooechnkmikejhimjlbdbkmmhlkkdd 1, 2, 4, 6
Yummi Fusion Game for Chrome 313 kknfaoaopblmapedlbhhicbnpdhlebff 5
Total Adblock 1,000 knnnjdihapcnbggclbihkkainodlapml 1, 2, 3, 7
Adblocker for Web 10,000 kojabglmkbdlpogbnenbdegoifgobklj 1, 2, 3, 4, 5
Simple Translator - Dictionary 800,000 koleblagfjjlhlkpacidojjnkhobeikd 1, 2, 3, 4, 6
Goku Ultra Instinct 40,000 kpehlpkidnkpifjmdgajdhhmcgdigjjn 6
Volume Booster - Increase Sound Effect 20,000 laldfbfjhaogodemgonegbingpmjldnh 1, 6
Zumba Mania Game - HTML5 Game 4,000 lckmeckmnopdeeelhglffajlfgodhoad 1
Comments Exporter 2,000 ldhjpljmgnggmkpcgaicmocfoefbcojl 1, 2
AdBlocker for LinkedIn® 100 leabdgiabfjhegkpomifpcfjfhlojcfh 3
Charm - Coupons, Promo Codes, & Discounts 366 lfbiblnhjmegapjfcbbodacjajhcgnbe 1, 2, 3, 5
Site Blocker: Stay focused & Block websites 2,000 lfbpllmokmhinnopfchemobgglipfini 1, 2
Youtube Ad Blocker 226 lfcgcabhmgenalfgamodjflggklmaldd 1, 2, 3
Video Downloader - Save m3u8 to MP4 10,000 lfdconleibeikjpklmlahaihpnkpmlch 1, 2
Contact Saver For WA & Download Group Phone Numbers - WPPME.COM 26 lfopjgadjgdlkjldhekplmeggobolnej 1, 6
ChatGenie for Chatgpt 8,000,000 lgfokdfepidpjodalhpbjindjackhidg 1, 2, 4
Mook: AI Tweet Generator With Chat GPT 259 lglmnbmfkbpfpbipjccjlkcgngekdhjk 1, 5
Anime Live Wallpapers 100,000 lgpgimkhbokanggfjjafplmjcdoclifl 6
ai logo creator 491 ljgimpibhgleapaoedngmcicjoifojea 1, 6
QR Code Generator 3,000,000 lkdokbndiffkmddlfpbjiokmfkafmgkm 1, 2, 4, 6
PDF Converter Online 10,000 lmgofgkjflllbmfdpamdjjmdjhohibpc 1, 2, 4
Video downloader by NNT 2,000 loiebadnnjhhmnphkihojemigfiondhf 1, 2, 6
WhichFont 75 lpamdogjnihpkoboakafmaiopljkhoib 5
Video Downloader Plus 100,000 lpcbiamenoghegpghidohnfegcepamdm 1, 2, 4
Summer Match 3 Game 613 lpfcolgfiohmgebkekkdakcoajfoeadn 5
Privacy Extension For WhatsApp Web - WABULK 90,000 mbcghjiodcjankhkllfohcgnckhdbkmi 1
Volume Booster + 800,000 mbdojfbhgijnafkihnkhllmhjhkmhedg 1, 2, 4, 6
Flux AI Image Generator 1,000 mblmjcogbjicpmhhjmpgjeiaophchpji 3
WA Group Number Exporter 5,000 mbmldhpfnohbacbljfnjnmhfmecndfjp 1, 5
Claude to Evernote 59 mekebjmippjiaajoaeeiemdcfngnnnkm 7
WA Number Checker - wabulk.net 8,000 meppipoogaadmolplfjchojpjdcaipgj 1
WA Number Checker 1,000 mgbpamnoiegnkologgggccldjenfchmc 1, 2
Translator - Click to Translate 451 mghganlaibcgnnooheoaebljgfbghpdl 1, 2, 4
ChatGPT Summary - summarize assistant 300,000 mikcekmbahpbehdpakenaknkkedeonhf 1, 2, 4, 6
Escape From School Game FEEP 2,000 mjkdllcbnonllpedjjmgdhkjnjmcigpo 5
Alfi Adventure Game 220 mkonckdeijcimlecklibjbnapmhnbpji 5
Allow Copy - Select & Enable Right Click 900,000 mmpljcghnbpkokhbkmfdmoagllopfmlm 1, 2
Save image to PDF 114 mpdpidnikijhgcbemphajoappcakdgok 5
Screensy - screen recording 3,000 mpiihicgfapopgaahidedijlddefkedc 1, 2
WhatsApp Salesforce integration 345 nacklnnkbcphbhgodnhfgnbdmobomlnm 5
Easy Ad Blocker 100,000 naffoicfphgmlgikpcmghdooejkboifd 3
Anime Girls Wallpaper 10,000 nahgmphhiadplbfoehklhedcbbieecak 5
PiP (Picture in picture) 800,000 nalkmonnmldhpfcpdlbdpljlaajlaphh 1, 2, 6
Vytal - Spoof Timezone, Geolocation & Locale 50,000 ncbknoohfjmcfneopnfkapmkblaenokb 1, 3, 5
Bass Booster Extreme - It Works! 10,000 ndhaplegimoabombidcdfogcnpmcicik 1, 2, 4
ProTranslator - Translator for All web 54 nemnbfdhbeigohoicapnbdecdlkcpmpj 1, 2, 4, 6
Adblock for Ytube 3,000 nendakennfmpoplpmpgnmcbpfabkibki 6
AI Image Generator - Text to Image Online 20,000 nfnkkmgbapopddmomigpnhcnffjdmfgo 1
Night Shift - Dark Theme for WEB 155 ngocaaiepgnlpdlpehhibnpmecaodfpk 1, 2, 4
Mad Shark HTML 5 Game 1,000 nhbckdjhkcjckhfgpmicgaiddbfdhhll 5
Screen Recorder 5,000 nhmaphcpolbbanpfhamgdpjlphbcnieh 1, 4
IgComment - IG Comments Export 545 nilbploiiciajeklaogbonjaejdjhfao 1
InReach - LinkedIn B2B Email Finder 1,000 nloekplnngjkjohmbfhmhjegijlnjfjk 5
Full Page Screenshot - Screen Capture 1,000 nmbngkjfkglbmmnlicoejhgaklphedcg 1, 2, 4
Exporter for Followers 400,000 nmnhoiehpdfllknopjkhjgoddkpnmfpa 1, 2
Flash Player - flash emulator 400,000 nohenbjhjbaleokplonjkbmackfkpcne 1, 2, 4, 6
Dark Mode Wallpapers 1,000 npmjehopohdlglmehokclpmbkgpfckcd 6
WhatsApp Audio & Voice Message to Text 112 npojienggkmiiemiolplijhfdmppacik 1, 6
Your Emoji Keyboard 1,000 obekkkgdekegaejajmdpaodefomoomfk 6
Adblock for Spotify - Skip ads on music 10,000 obiomemfgclpnflokpjjfokafbnoallb 1, 2
Manual Finder 2024 256 ocbfgbpocngolfigkhfehckgeihdhgll 5
Flash Player Enable - flash emulator swf 300,000 ocfjjghignicohbjammlhhoeimpfnlhc 1, 2
GT Cars Mega Ramp Game FEEP 630 ociihgpflooiebgncjgjkcaledmkhakk 5
Stick Panda Play Game 5,000 ocmbglodnmkcljocboijoemgceokifgg 5
Garena Free Fire Wallpaper 10,000 ocnnnfbblcadccdphieemnmbljdomdgl 5
Dictionary for Google Chrome - Synonyms, Definition 21 ocooohinghhdfcpfdonkjhhankdolpab 1, 3
Presto lead extractor for Bing Maps and OSM 300,000 oilholdcmnjkebdhokhaamalceecjbip 1, 2, 4
Dark Mode - Dark Theme for Chrome 60,000 okcnidefkngmnodelljeodakdlfemelg 1, 6
FastSave & Repost for Instagram 700,000 olenolhfominlkfmlkolcahemogebpcj 1, 2, 4, 6
ClaudeAI Copilot 449 olldnaaindiifeadpdmfggognmkofaib 1, 4, 5
Roblox Wallpaper 6,000 omamcjggpkjhgbkadieakplbieffjimf 5
Dark Reader for Chrome 10,000 omfeeokgnjnjcgdbppmnijlmdnpafmmp 1, 4
Browsec VPN - Free VPN for Chrome 6,000,000 omghfjlpggmjjaagoclmmobgdodcjboh 1, 2, 7
ChatGPT Sidebar 3,000 oopjmodaipafblnphackpcbodmgoggdo 1, 2, 3, 5
Music Equalizer - Improve Sound for everyone 900,000 paahdfldanmapppepgbflkhibebaeaof 1, 2, 4, 6
Space Pinball Game 968 pakghdcedniccgdfjjionnmoacelicmf 7
Find Font 2,000 pbeodbbpdamofbpkancdlfnegflmhkph 6
Web Client for Xiaohongshu 1,000 pcbppejbcaaoiaiddaglpphkmfkodhkn 1, 5
Classic Dark Theme - Night Mode 2,000,000 pdpfhanekfkeijhemmfbnnjffiblgefi 1, 2, 4, 6
Shopify Scraper - Shopify Store Scraper & spy 1,000 pehfmekejnhfofdjabaalbnanmpgjcdn 1, 2, 3
Screen Editor 869 pehmgdedmhpfophbaljpcloeaihhnkhk 6
Bulk WA Number Checker & Validator & Search & lookup 310 pepdpaiacpcgjoapmhehgmjcicninpgf 1, 6
Email Extractor 2,000 pgckgjnbljjlgbedbicefldnkpeehgdo 1, 3
Adblock for YouTube™ 30,000 pginoclcfbhkoomedcodiclncajkkcba 3, 4
Site Blocker - Block Site & Focus Mode 1,000,000 pgoeobojimoocdnilcajmjihiabcmabn 1, 2, 4, 5
Dark Mode - Midnight Chrome 1,000 pidmkmoocippkppbgebgjhnmgkhephlb 1, 2, 4, 5
Save Image As PNG 1,000 piigjafeabajlmjkcmcemimcoaekbjmh 1, 2
ChatGPT-The Future 2,000 pijagnpcnegcogimkghghdihobbeaicn 4, 6
Safe3 safe browsing 900,000 pimlkaibgdfmbenlhmbjllfkbcfhfnjg 1, 2
Fishing Frenzy Games 4,000 pkanjcjckofmachobaedghimjboglcjf 6
Fortnite Wallpapers 7,000 pnmfgeifakoehoojepggpigbkkfolbmk 6
Best Cursors - Bloom of Custom Cursor 100,000 pnpapokldhgeofbkljienpjofgjkafkm 1, 2, 4
Naruto Live Wallpaper 10,000 ppemmflajcphagebjphjfoggjcbmgpim 6

This Week In RustThis Week in Rust 581

Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tag us at @ThisWeekInRust on X (formerly Twitter) or @ThisWeekinRust on mastodon.social, or send us a pull request. Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub and archives can be viewed at this-week-in-rust.org. If you find any errors in this week's issue, please submit a PR.

Want TWIR in your inbox? Subscribe here.

Updates from Rust Community

Newsletters
Project/Tooling Updates
Observations/Thoughts
Rust Walkthroughs
Miscellaneous

Crate of the Week

This week's crate is terminal-colorsaurus, a small library to detect whether the terminal is in light or dark mode.

Thanks to Tau for the self-suggestion!

Please submit your suggestions and votes for next week!

Calls for Testing

An important step for RFC implementation is for people to experiment with the implementation and give feedback, especially before stabilization. The following RFCs would benefit from user testing before moving forward:

RFCs
  • No calls for testing were issued this week.
Rust
Rustup
  • No calls for testing were issued this week.

If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

Call for Participation; projects and speakers

CFP - Projects

Always wanted to contribute to open-source projects but did not know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

CFP - Events

Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.

If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

Updates from the Rust Project

375 pull requests were merged in the last week

Rust Compiler Performance Triage

A quiet week with not much going on. A small regression was caused by a bugfix related to traits, but it was somewhat offset by a cargo update that brought a small perf. win.

Triage done by @kobzol. Revision range: 93722f7e..0f1e965f

Summary:

(instructions:u) mean range count
Regressions ❌
(primary)
0.4% [0.1%, 1.1%] 20
Regressions ❌
(secondary)
0.4% [0.1%, 2.5%] 19
Improvements ✅
(primary)
-0.4% [-1.6%, -0.2%] 8
Improvements ✅
(secondary)
-1.3% [-1.7%, -0.2%] 13
All ❌✅ (primary) 0.1% [-1.6%, 1.1%] 28

0 Regressions, 2 Improvements, 4 Mixed; 4 of them in rollups 51 artifact comparisons made in total

Full report here

Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

  • No RFCs were approved this week.
Final Comment Period

Every week, the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now.

RFCs
Tracking Issues & PRs
Rust Cargo Language Team
  • No Language Team Proposals entered Final Comment Period this week.
Language Reference
  • No Language Reference RFCs entered Final Comment Period this week.
Unsafe Code Guidelines
  • No Unsafe Code Guideline Tracking Issues or PRs entered Final Comment Period this week.
New and Updated RFCs
  • No New or Updated RFCs were created this week.

Upcoming Events

Rusty Events between 2025-01-08 - 2025-02-05 🦀

Virtual
Asia
Europe
North America

If you are running a Rust event please add it to the calendar to get it mentioned here. Please remember to add a link to the event too. Email the Rust Community Team for access.

Jobs

Please see the latest Who's Hiring thread on r/rust

Quote of the Week

Also, there is often a trade-off between accuracy and education. For example, when I correct my toddler that the Sun is actually not moving, but we are rotating. That's wrong, the Sun is moving, but arguably less wrong than his impression. (I once tried to give him the full explanation, but halfway through he ran away to play with his trains.)

Not that readers of the Rust book are toddlers, but the principle generalizes in my experience.

Andrew Gallant a.k.a. @BurntSushi on rust-users

Thanks to Aleksander Krauze for the suggestion!

Please submit quotes and vote for next week!

This Week in Rust is edited by: nellshamrell, llogiq, cdmistman, ericseppanen, extrawurst, U007D, joelmarcey, mariannegoldin, bennyvasquez, bdillo

Email list hosting is sponsored by The Rust Foundation

Discuss on r/rust

Firefox Developer ExperienceFirefox WebDriver Newsletter 134

WebDriver is a remote control interface that enables introspection and control of user agents. As such it can help developers to verify that their websites are working and performing well with all major browsers. The protocol is standardized by the W3C and consists of two separate specifications: WebDriver classic (HTTP) and the new WebDriver BiDi (Bi-Directional).

This newsletter gives an overview of the work we’ve done as part of the Firefox 134 release cycle.

Contributions

Firefox – including our WebDriver implementation – is developed as an open source project, and everyone is welcome to contribute. If you ever wanted to contribute to an open source project used by millions of users, or are interested in some experience in software development, jump in.

In Firefox 134, after working on bug fixes and improvements in previous releases, Dan (temidayoazeez032) implemented a completely new WebDriver BiDi command: browser.getClientWindows. Read more about this new feature in the detailed WebDriver BiDi updates below.

WebDriver code is written in JavaScript, Python, and Rust so any web developer can contribute! Read how to setup the work environment and check the list of mentored issues for Marionette, or the list of mentored JavaScript bugs for WebDriver BiDi. Feel free to join our chatroom if you can’t see a bug that appeals to you, we can probably find a good task to get you started 🙂

WebDriver BiDi

Implemented the browser.getClientWindows command

Thanks again to Dan (temidayoazeez032) for this contribution. The browser.getClientWindows command allows clients to retrieve information about the currently opened browser windows. This command does not take any parameter and will return a payload with a clientWindows property containing a list of browser.ClientWindowInfo objects.

The example below shows the output of the browser.getClientWindows command when 2 browser windows are opened.

-> {
  "method": "browser.getClientWindows",
  "params": {},
  "id": 2
}

<- {
  "type": "success",
  "id": 2,
  "result": {
    "clientWindows": [
      {
        "active": false,
        "clientWindow": "8caf6a5d-944a-4709-ad0f-694418e3d262",
        "height": 971,
        "state": "normal",
        "width": 1280,
        "x": 4,
        "y": 38
      },
      {
        "active": true,
        "clientWindow": "be7dc2ed-d9ba-41d9-b864-dd9a6fabb9bf",
        "height": 971,
        "state": "normal",
        "width": 1280,
        "x": 26,
        "y": 60
      }
    ]
  }
}

This command will be especially useful in upcoming releases when the browser.setClientWindowState command is implemented, in order to update the dimensions of specific windows.

Support for initiatorType and destination fields in network events

The network.RequestData present in all network events now includes two new fields: initiatorType and destination. They are both strings, defined in the fetch specification (see: initiator type, destination). The initiatorType allows to know what triggered the request, and the destination field to know how the response will be used. Both fields are strings, and you can refer to the fetch specification to learn about the various values that they might be set to.

As an example, if a CSS file defines a background-image property for an element pointing to a url(), the corresponding request will have initiatorType set to "css" and destination set to "image".

Bug fixes

Marionette

Install and uninstall addons on GeckoView

The Addon:Install and Addon:Uninstall commands are now available for GeckoView. This will make it easier to test extensions on the mobile versions of Firefox.

Added Private Browsing mode support to Addon:Install

The Addon:Install command can now be used to install extensions enabled in Private Browsing mode. Clients can pass an optional boolean allowPrivateBrowsing to Addon:Install. When true, the extension will be installed in Private Browsing mode.

Adrian GaudebertL'état de l'Adrian 2024

Une sortie de jeu, enfin un peu d'argent pour Arpentor Studio, et une fin d'année difficile : c'est l'heure du bilan de mon année 2024 !

Projets principaux

Arpentor Studio

Le bilan d'Arpentor Studio sur 2024 est mitigé : d'un côté, nous avons réussi à sortir notre premier jeu, Dawnmaker, et c'est un petit miracle. De l'autre, nous avons généré un chiffre d'affaire d'environ 9 000€, et c'est très, très loin d'être suffisant pour faire tourner une entreprise. Il y a eu malgré tout quelques bonnes nouvelles en fin d'année, qui ouvrent des perspectives pour 2025.

Reprenons dans l'ordre. La première moitié de l'année a été totalement centrée sur finir et sortir Dawnmaker. Il a fallut faire quelques démarches administratives pour ouvrir un compte Steam et créer une page pour le jeu. Faire des demandes de solde pour les deux aides que nous avions reçues en 2022 (la BPI) et 2023 (la région Auvergne-Rhône-Alpes). Et bien sûr faire la gestion courante de l'entreprise, remonter les factures, mettre à jour le budget, ce genre de choses. Comme l'année précédente, Arpentor Studio ne m'a pas demandé trop de temps de travail.

Le temps fort de 2024, ce fût bien évidemment la sortie de Dawnmaker, le 31 juillet. Comme prévu vu le nombre de wishlists que nous avions avant la sortie, le jeu est un échec commercial, avec environ 5 000€ de chiffre d'affaire le premier mois — c'est-à-dire, 5k€ qui sont réellement rentrés dans les caisses d'Arpentor Studio, mais sur lesquels on devra payer des impôts. En revanche, le jeu a été très bien accueilli par la critique sur Steam, avec un score de 93% de review positives. Je ne m'attendais pas à un tel score, et c'est une surprise qui fait du bien au moral. J'ai écrit un (long) billet de post-mortem de Dawnmaker que je vais publier courant janvier, dans lequel je reviens en détail sur tout ce qui touche au jeu.

Passée la sortie de Dawnmaker, il a fallut déterminer ce que nous allions faire d'Arpentor Studio. Alexis (mon associé) et moi avons décidé de ne pas continuer à travailler ensemble, et j'ai fait la proposition de lui racheter l'entreprise. Ce n'est pas encore acté mais nous avons trouvé un accord : Arpentor deviendra une entreprise unipersonnelle début 2025, dès que les démarches administratives seront faites. J'ai l'intention de garder l'entreprise et de continuer à sortir des jeux comme activité principale, avec peut-être de la prestation à droite à gauche pour faire entrer un peu d'argent.

Cependant, il s'est passé quelque chose de totalement inattendu en octobre : un éditeur m'a contacté pour reprendre en main la promotion de Dawnmaker ! C'est quelque chose qui n'arrive quasiment jamais, tant la sortie d'un jeu est le moment clé où il génère de l'argent. J'étais donc assez sceptique sur cette proposition, mais après deux mois de négociations, nous avons trouvé un accord ! J'ai donc le plaisir de vous annoncer que depuis le 12 décembre, Dawnmaker est sous la gestion de Acram Digital, éditeur polonais spécialisé dans les jeux de plateau numériques.

L'équipe d'Acram a repris en main la gestion et la promotion de Dawnmaker. Ils sont responsables de sa page Steam, ils l'ont ajouté à leurs différents bundles et outils de promotion, en échange de quoi ils prennent un pourcentage sur les ventes du jeu. Mais ils financent également le portage mobile du jeu, portage que je vais faire pendant les trois premiers mois de 2025. Dawnmaker devrait donc arriver sur vos téléphones portables au printemps ! Ce contrat est une excellente nouvelle pour Arpentor Studio et pour moi : ça fait rentrer de l'argent qui va permettre de stabiliser financièrement l'entreprise, ça me permettra de me payer un peu — ce qui n'est pas arrivé depuis plusieurs années — et ça va également me donner un peu plus de budget pour le développement de mon prochain jeu !

J'entame donc 2025 avec une situation plus stable qu'avant : Dawnmaker va continuer à faire entrer de l'argent, pas beaucoup mais pas beaucoup c'est toujours mieux que pas du tout, et j'ai un plan pour sortir un jeu dans l'année. Ça va être sportif, j'ai beaucoup de choses à faire et peu de temps pour les faire, mais j'ai la ferme intention de ne pas refaire la même erreur que sur Dawnmaker, à savoir passer deux ans et demi sur un jeu qui ne rapporte pas d'argent. Mon objectif pour 2025, c'est donc de faire un jeu en environ 6 mois, de le sortir, et d'espérer qu'il rapporte un peu plus que le précédent, juste assez pour que je puisse en faire un autre, et ainsi de suite. Et qui sait, peut-être qu'un jour j'en ferai un qui rapportera assez pour passer au stade supérieur ?

Dawnmaker

Ça y est : vous pouvez acheter Dawnmaker !!! ???? (Comment ? Vous ne l'avez pas encore fait ? Foncez ! )

En 2024, j'ai travaillé sur beaucoup de domaines autour du jeu :

  • Promotion — j'ai créé la page Steam du jeu, j'ai posté à de nombreuses reprises sur les réseaux sociaux, notamment reddit, j'ai envoyé des emails à des youtubeurs, j'ai rédigé plusieurs billets pour le blog et la newsletter, entre autres choses.
  • Game design — les quatre grands chantiers sur le jeu en 2024 ont été de rendre compréhensible le Smog (l'adversaire du joueur), d'ajouter un tutoriel, de finaliser la boucle de méta-progression en ajoutant une carte du monde et un marché, et de concevoir deux nouveaux personnages avec leurs decks et répertoires respectifs.
  • Programmation — il a fallu bien sûr implémenter tout ce que j'ai cité juste avant, mais également ajouter énormément de polish au jeu, des feedbacks et du juice, corriger des bugs, et améliorer plein de choses en se basant sur les retours des joueurs. J'ai d'ailleurs ajouté un formulaire dans le jeu pour que ceux-ci puissent facilement nous faire part de leurs commentaires.
  • Gestion de communauté — une fois le jeu sorti, nous avons reçu de nombreux commentaires de joueurs sur Steam et sur notre discord. J'ai répondu à autant de ces commentaires que possible, et j'ai aussi tenu au courant nos joueurs des mises à jour du jeu.

Nous avons sorti le jeu le 31 juillet, puis nous avons travaillé sur une mise à jour de contenu, dans laquelle nous avons ajouté plusieurs personnages jouables et plein de nouvelles cartes et bâtiments. On a sorti cette mise à jour le 7 octobre, avec l'intention que ça soit le dernier ajout de contenu du jeu. Depuis, j'ai publié une mise à jour mineure pour corriger des bugs et améliorer certains points frustrants. Je pensais que ça serait plus ou moins terminé pour Dawnmaker, mais non ! Comme je l'ai annoncé dans la section précédente, le jeu va sortir sur plateformes mobiles, j'ai donc encore plusieurs mois de travail pour implémenter le support des téléphones.

Malgré tout, c'est le résultat de plus de deux ans et demi de travail, avec deux personnes à temps plein et une dizaine d'autres qui ont participé ponctuellement. J'en suis ressorti épuisé, à la fois physiquement et mentalement. Les derniers mois de 2024 ont été laborieux pour moi, tant il était difficile de me remettre au travail, notamment dès qu'il s'agissait d'être créatif. Mais on a sorti un jeu, un jeu qui plait à une partie conséquente de son public, qui a fini par trouver, aussi incroyable que ça puisse être, un éditeur. Un jeu dont je suis très fier.

Le Grand Œuvre

Vous découvrez en exclusivité de nom de code de mon prochain jeu vidéo. Le Grand Œuvre, ou Magnum Opus, c'est le processus de création de la Pierre Philosophale, l'objectif ultime de l'alchimie. Et ça sera le thème de ce prochain jeu : vous y incarnerez un alchimiste qui, pour se soigner d'un poison mortel, cherche à créer la véritable Pierre Philosophale. Le jeu sera un deckbuilder solo, sans combat, à mi-chemin entre Dominion et Balatro. Il sera question de jouer ses cartes pour obtenir des ressources, améliorer ses caractéristiques, et utiliser une forge pour créer de nouvelles cartes et des pierres magiques. Le jeu aura une structure de roguelite : quand vous perdrez, vous devrez recommencer de zéro, mais à chaque fois avec quelques améliorations, de nouvelles cartes débloquées, une forge plus performante, etc.

Le jeu est actuellement en phase de conception, c'est-à-dire que j'ai écrit le document de vision (avec les piliers, le thème, la fantasy… ) et créé quelques prototypes pour valider le cœur du gameplay. J'attaque bientôt la préproduction, avec la création d'un prototype complet du jeu. Je vais pouvoir reprendre pas mal de choses que j'ai codées pour Dawnmaker, notamment l'éditeur de contenu, et je devrais donc pouvoir avancer assez rapidement sur ce jeu. Et il le faut, parce que mes deadlines sont serrées ! Le but, c'est d'avoir terminé le jeu entièrement en septembre de cette année. Dans 8 mois !

J'ai la chance d'avoir une petite équipe qui est motivée pour m'accompagner sur ce projet, deux artistes et un programmeur. J'ai hâte de vous montrer ce qu'on va créer ensemble ! Stay tuned!

Projets secondaires

Souls

Malheureusement, Souls est toujours en pause. Je l'ai ressorti le temps d'une partie cet été, pour me rappeler tous les défauts de la version actuelle, mais je n'ai pas pris le temps de retravailler dessus. Ça reste mon projet de cœur et j'ai bon espoir d'un jour me remettre dessus !

Blog

J'ai publié 7 articles sur mon blog en 2024, et j'en ai écrit un 8e qui n'est pas encore publié — le post-mortem de Dawnmaker, mon plus long article à ce jour avec plus de 7 000 mots. L'objectif de 6 articles publiés est donc atteint, et même dépassé ! La plupart de ces articles a fait double-emploi avec la newsletter, c'est du win-win.

Voici les articles que j'ai publiés cette année :

  1. L'état de l'Adrian 2023
  2. Dawnmaker a une page Steam ET un trailer
  3. Killing two birds with one deck in Dawnmaker
  4. The challenges of teaching a complex game
  5. The frustration of (never really) finishing Dawnmaker
  6. 18 days of selling Dawnmaker
  7. How much did Dawnmaker really cost?

J'ai trouvé un système qui fonctionne, maintenant il faut tenir ce rythme en 2025 !

Bourgade

Après Dawnmaker, j'ai voulu me remettre dans le bain de la création en reproduisant quelque chose que j'avais déjà fait en 2020 : une game jam en solo. Bon, ça n'a pas marché : la semaine en question, j'ai reçu un coup de fil d'un certain éditeur qui s'intéressait à un certain jeu… Mais si je n'ai pas réussi à me mettre à fond sur ce jeu pendant une semaine, j'ai tout de même continué par ci par là pendant un peu plus d'un mois, et j'ai produit un jeu, disons, jouable, à défaut d'autre chose. Je ne l'ai pas encore publié parce qu'il n'y a aucune explication nulle part, mais je compte prendre le temps de le mettre en ligne, ne serait-ce pour qu'il ne tombe pas dans l'oubli de mon disque dur.

Ça s'appelle Bourgade et c'est un jeu de construction de village incrémental. Vous construisez des bâtiments qui produisent des ressources en temps réel, et que vous pouvez améliorer. Plus ils montent de niveau, plus ils produisent, mais plus ils coûtent cher. J'ai ajouté là-dessus une carte du monde sur laquelle vous pouvez envoyer des soldats piller des oasis, des héros qui partent en aventure, et des philosophes qui produisent des points de culture, la ressource qui permet de gagner une partie. Le jeu manque de contenu et de profondeur dans les systèmes, et surtout d'explications, mais le cœur est là. Reste à voir si ce cœur est plaisant et trouve un public, et si ça vaut le coup de continuer à développer Bourgade. Réponse dès que je prends le temps de faire des playtests !

Autres jeux

J'ai complètement laissé de côté tous mes autres projets créatifs en 2024. Parmi les jeux dont j'ai parlé l'année dernière, celui de « Cube Light », inspiré par l'expérience d'un draft de Magic: The Gathering a le plus de potentiel, ou en tout cas, c'est celui sur lequel j'ai le plus envie de revenir. J'ai également plusieurs autres idées dans les tiroirs que j'aimerais prototyper, mais j'ai du mal à voir comment je vais faire ça vu le planning que je m'impose sur l'année à venir pour terminer et sortir Le Grand Œuvre. Qui sait, peut-être que j'arriverais à faire quelques pauses créatives ?

Mes recommandations de l'année

Voilà pour mon bilan de ce que j'ai fait en 2024 ! Il est l'heure de terminer ce billet sur une note plus légère, avec mes recommandations culturelles de l'année.

Mon jeu vidéo de l'année

Sans aucun conteste, Balatro est mon jeu de l'année. C'est un jeu incroyable qui réussit l'exploit d'avoir des systèmes parfaitement équilibrés. C'est une assiette en équilibre sur une aiguille.

Si vous n'en avez pas entendu parlé, Balatro est un roguelite de poker. Vous commencez chaque partie avec un deck de 52 cartes classiques (2 à 10, valet, dame, roi, as) et vous devez réussir à faire des scores de plus en plus élevés en faisant des figures de poker. Trois cartes de même valeur pour un brelan, cinq cartes de même famille pour une couleur, etc. Évidemment il y a un twist : vous obtiendrez au fur et à mesure de la partie des jokers, qui vont vous donner des bonus de points en fonction de nombreux paramètres. L'un vous donnera plus de jetons chaque fois que vous jouerez une paire, l'autre multipliera par 2 votre score si vous avez un carré, etc. Ajoutez à ça des cartes de tarot pour modifier les cartes de votre deck, des planètes pour améliorer le score de vos combinaisons, et plein d'autres choses encore, pour faire un jeu incroyable que je vous recommande chaudement.

Mon jeu de plateau de l'année

J'ai peu joué à des nouveaux jeux cette année, mais les deux que j'ai préférés, je les ai reçu pour Noël. Autant vous dire qu'au moment où j'écris ces mots, je n'ai pu y jouer beaucoup, mais c'est l'un d'eux que je nomme quand même : Legacy of Yu.

Legacy of Yu, c'est un jeu vidéo en jeu de plateau. C'est un jeu solo (mais on y joue ensemble avec ma compagne) avec une structure de roguelite : vous recommencez chaque partie de zéro, mais à chaque fois avec quelques changements. Au fil des parties, un livre des récits vous indique de retirer telle carte et d'ajouter telles autres, modifiant ce sur quoi vous pourrez tomber aux prochaines parties. On incarne un fonctionnaire chinois chargé de mettre fin aux crues dévastatrices du Fleuve Jaune. On y recrute des villageois qu'on pourra utiliser pour obtenir des ressources ou de la main d'œuvre, on affronte des bandits, et on doit creuser des canaux le long du fleuve avant que la crue ne nous rattrape. Le jeu se déroule en campagne, chaque nouvelle partie étant influencée par les précédentes, jusqu'à ce qu'on gagne 7 fois ou perde 7 fois.

Du haut de mes deux parties, je suis très fan des sensations du jeu. On construit son moteur de génération de ressources, on sent la pression constante de la crue et des bandits, on planifie son tour et on anticipe les suivants. Il y a beaucoup de choix, et les ajouts obtenus vont tantôt faciliter le jeu en nous donnant un pouvoir supplémentaire, tantôt le rendre plus difficile en ajoutant des événements négatifs ou des brigands plus puissants. J'étais sceptique de jouer à un jeu de plateau solo, tant la pratique est liée à son aspect social pour moi, mais ça marche vraiment très bien.

Ma BD de l'année

Je me rends compte en rédigeant ces recommandations que j'ai, en fait, simplement moins consommé d'œuvres culturelles en 2024. Au moment de choisir un jeu de plateau, j'ai pris le dernier auquel j'ai joué, et au moment de choisir une BD, je constate que j'en ai lu vraiment très peu cette année. Il y en a une que j'ai tout de même trouvée mieux que les autres : La Cuisine des Ogres – Trois Fois Morte.

C'est l'histoire d'une petite fille abandonnée qui se fait enlever par le Croque Mitaine. Elle en réchappe miraculeusement, mais se retrouve coincée dans le pays magique où vivent ogres, chats qui parlent, kraken et autres créatures mystiques. L'histoire est prenante et le dessin superbe. Ce n'est pas une BD très ambitieuse, mais elle fait très bien le plus important : raconter une belle histoire.

Mon livre de l'année

Le Dieu d'Automne et d'Hiver n'est pas le livre que j'ai préféré cette année — ce privilège revient à Je suis Pilgrim — mais c'est celui que j'ai le plus envie de recommander, pour trois raisons. D'abord, parce que c'est quand même une lecture que j'ai adorée : c'est de la bonne Fantasy, le personnage principal est attachant, l'histoire sur fond d'enquête policière est bien ficelée, et le système de magie, très soft, fonctionne parfaitement avec le reste sans qu'il n'y ait de deus ex machina ou autre ressort « TG c'est magique ».

La deuxième raison, c'est que c'est écrit par une autrice française, Pauline Sidre, qui monte en niveau. Le précédent roman que j'ai lu d'elle, Rocaille, était déjà très bien, mais avait quelques lacunes. Ici on sent que la qualité est montée d'un cran, et c'est très agréable.

Et enfin, c'est publié par Sillex, un petit éditeur qui cherche à faire mieux dans ce milieu difficile, notamment en rémunérant mieux les autrices et auteurs. L'occasion de soutenir des gens biens !

Conclusions sur l'année 2024

2024 se termine sur une note difficile. Il y a eu l’énorme fatigue après la sortie de Dawnmaker, cumulée avec trois mois chaotiques où se sont chamboulées réflexions sur le prochain jeu, négociations avec un éditeur, prototypage d'un nouveau jeu et vacances plus ou moins reposantes.

2025 s'ouvre sur un challenge important : apprendre de mes erreurs et faire mieux. Ma plus grosse frustration avec Dawnmaker, c'est d'avoir passé beaucoup trop longtemps dessus. Je compte sur moi pour ne pas reproduire ça avec Le Grand Œuvre, et le terminer en 8 mois. On en reparle tout au long de l'année ! D'ici là, merci encore de suivre mes aventures, prenez soin de vous, et à très vite.

Don Martiads.txt for a site with no ads

This site does not have programmatic ads on it.

But just in case, since there’s a lot of malarkey in the online advertising business, I’m putting up this file to let the advertisers know that if someone sold you an ad and claimed it ran on here, you got burned.

That’s the ads.txt file for this site. The format is defined in a specification from the IAB Tech Lab (PDF). The important part is the last line. The placeholder is how you tell the tools that are supposed to be checking this stuff that you don’t have ads.

In other news, selling info on US citizens to North Korean murder robots is illegal now so we’ve got that going for us which is nice. See Justice Department Issues Final Rule Addressing Threat Posed by Foreign Adversaries’ Access to Americans’ Sensitive Personal Data

Related

Rachel explains Web page annoyances that I don’t inflict on you here in a handy list of web antipatterns. Removing more of these could be a good start to making a less frustrating, more accessible, higher performing site.

More useful things to check for security and performance: Securing your static website with HTTP response headers by Matt Hobbs. I have some of these set already but it’s helpful to have them all in one place. A browser can do a lot of stuff that a blog like this one won’t use, so safer to tell it not to.

Chris Coyier suggest that a list of Slash Pages could be a good list of blogging ideas. (That is a good idea. I made a list at /slashes and will fill it in. Ads.txt is technically not a page I guess since it’s just text but I’m counting it.)

Elie Berreby follows up on his search engine that’s forgotten how to search post with a long look at Search engines think I plagiarized my own content! My Hacker News Case Study. One of many parts that interests me about this whole issue is the problem of how much more money certain companies can make when returning a page on a sketchy infringing site than on the original. Typically an original content site is able to get a better ad deal than an illegal site that has to settle for scraps and leave more of the ad revenue for Google.

Simon Willison says, I still don’t think companies serve you ads based on spying through your microphone. For the accusation to be true, Apple would need to be recording those wake word audio snippets and transmitting them back to their servers for additional processing (likely true), but then they would need to be feeding those snippets in almost real time into a system which forwards them onto advertising partners who then feed that information into targeting networks such that next time you view an ad on your phone the information is available to help select the relevant ad. That is so far fetched. He’s totally right if you define your microphone as the microphone on your cell phone, which has limited battery energy and bandwidth. But most people own microphones, plural, and a smart TV or kitchen appliance is typically plugged in so the juice to process ambient audio for keywords is there.

Bonus links

In The long goodbye for Tim Cook, Manton Reece writes, Tim Cook gives $1 million to Trump’s inauguration committee. I think this event will be a turning point in how we view the Apple CEO. (imho the real turning point was the saga with the Chaos Monkeys guy. Cook intended to hire a high-profile former Facebook exec, and when it didn’t work he got surveillance-bro-pilled. Related: turn off advertising measurement in Apple Safari. Maybe if people are mad at Apple now, mice would like the VR goggles thing better?)

Chris Castle has a must-read update on Social Media Addiction Multidistrict Litigation–the return of Joe Camel in the sleeper case that could break Silicon Valley. Yes, the Big Tech companies filed a motion to dismiss because Section 230, but it was granted in part and denied in part (PDF). Here’s the case site: In re: Social Media Adolescent Addiction/Personal Injury Products Liability Litigation (MDL No. 3047) | United States District Court, Northern District of California

Dean W. Ball covers the Texas Responsible AI Governance Act in Texas Plows Ahead. (This bill doesn’t have a national defense exception the way the EU’s AI Act does, which is strange.)

I’m looking forward to the new Charles Stross novel that past me thoughtfully pre-ordered from Books Inc. for near future me. In A Conventional Boy a man was sentenced to prison for playing Dungeons and Dragons in the 1980s, and many years later he’s putting his escape plan into action…

Don MartiLinks for 4 Jan 2025: news from the low-trust society

Aram Zucker-Scharff writes, in Never Forgive Them,

If this year has revealed anything about the tech billionaires it is that they have a very specific philosophy other than just growth and that philosophy is malicious…I don’t think we can really take on the obstacle of, let’s call it more accurately, the scam economy without acknowledging this is all part of the design. They think they are richer than you and therefore you must be stupid and because you are stupid you should be controlled…

Read the whole thing. A lot of tech big shots want to play the rest of us like a real-time strategy game. (Ever notice that the list of skills in the we don’t hire US job applicants because the culture doesn’t value the following skills tweets is the same as the list of skills in the our AI has achieved human-level performance in the following skills tweets?) I predicted that low-trust society will trend in 2025, and I agree with Aram that a big part of that is company decision-makers deliberately making decisions that make it harder to trust others. I’m working on a list of known good companies. (Work in progress, please share yours if you have one.)

And yes, my link collecting tool as queued up a bunch of links about the shift towards a lower-trust society along with ways that people are adapting to it or trying to shift things back.

Opinion: We Need More Consequences for Reckless Driving. But That Doesn’t Mean More Punishment — Streetsblog USA (a lot of this is reactions to reactions to app-driven rat running through neighborhoods. Bollards can be a way to game the algorithm.)

Judge blocks parts of California bid to protect kids from social media (the ban on addictive feeds without consent is still there)

Self-Own (bullshit about economics, explained)

The Cows in the Coal Mine (bullshit about health, only getting worse)

This Year in Worker Conquests

Boeing strike ends after workers vote to accept “life-changing” wage increase

Steinar H. Gunderson: git.sesse.net goes IPv6-only (coping with AI scrapers)

OpenAI’s Board, Paraphrased: ‘To Succeed, All We Need Is Unimaginable Sums of Money’

Namma Yatri is a rideshare app that offers a better deal to drivers. Daily or per-trip flat rates, not a percentage

5 Rideshare Strategies That Are Complete BS

How to block Chrome from signing you into a Google account automatically

Leave Me Alone.

Firefox-maker Mozilla’s boosted revenue significantly in 2023, but the financial report may also raise concern

Google Cuts Thousands of Workers Improving Search After Search Results Scientifically Shown to Suck (a lot of the bullshit problem is downstream from Google’s labor/management issues)

Why is it so hard to buy things that work well? (imho Mark Ritson still explained it best—companies over-emphasize the promotion P of marketing, trying to find people slightly more likely to buy the product as is, over the product refinements that would tend to get more buyers. George Tannenbaum on destroying brand trust with too much of one P, too little of another: Ad Aged: Leave Me Alone.)

Why Big Business May Wind Up Missing Lina Khan

An ad giant wants to run your next TV’s operating system

Yes, your phone is tracking you via advertising ID, and companies are using it to sell your location and identity to anyone. Protect yourself by disabling this feature on your device.

Meta beats suit over tool that lets Facebook users unfollow everything (I guess now it turns out you can’t unfollow the AI bots anyway?)

Sweet Dreams and Sour Deals: How White-Noise Apps Are Playing Advertisers

NFL Player Uses Pirate Streaming Site to Watch His Own Team

Missouri AG claims Google censors Trump, demands info on search algorithm

Ex-coiner Y Combinator startup bro: ‘dawg i chatgpt’d the license, can’t be bothered with legal’

Steam adds the harsh truth that you’re buying “a license,” not the game itself

Mozilla Localization (L10N)Mozilla Localization in 2024

A Year in Data

2024 was a year with plenty of achievements for the Mozilla localization community (here’s the 2023 report in case you missed it, or want to check how we fared against our original plans). Let’s start with the numbers first:

  • 30 projects (-2 compared to last year) and 369 locales (+111) set up in Pontoon.
  • 4,991 new user registrations
  • 1,202 active users, submitting at least one translation (on average 222 users per month)
  • 466,187 submitted translations
  • 385,722 approved translations
  • 20,931 new strings to translate

While the overall number of projects decreased, this is mostly due to removal of obsolete projects (we actually added a new one in November). The astounding increase in the number of locales is driven once again by Common Voice, which has 318 locales enabled in Pontoon.

Thank you to all the volunteers who contributed their time, passion, and expertise to Mozilla’s localization over the last 12 months.

Pontoon Development

At the start of the year, we focused on improving Pontoon’s performance — a less glamorous but essential part of maintaining an effective platform: if the platform doesn’t perform well, users can quickly lose motivation and stop contributing. To assess the current state, we used the Apdex score, a standard measure of user satisfaction for web application performance. Between January and March, we successfully raised the average score for our lowest performing transactions from 0.77 to 0.87, making significant progress toward achieving what is considered a “good” performance level. Later in the year, we also moved to a larger database plan to further improve performance.

Animated GIF showing Pontoon's LLM integration in the machinery tab.In May, we launched our first LLM integration. Users now have additional options if they’re not satisfied with the suggestion provided by Google Translate. They can choose from three actions: Rephrase, to generate an alternative version; Make formal, to adjust the tone to a more formal register; and Make informal, to create a more casual version. These options are especially valuable for languages like German or Spanish, where tone can significantly impact translation quality and consistency.

Between May and December 2024, this feature has been used 2,571 times across 69 locales, with approximately 35% of the generated text being copied into the editor. This adoption rate suggests that the feature is delivering good-quality results and meeting user needs effectively, and that we should look into expanding its use.

Screenshot of Pontoon advanced search options.In October, we introduced advanced search options, giving users more flexibility and precision in finding the content they need. By default, Pontoon now searches through source text, approved translations, and pending suggestions. However, users still retain the option to expand their search to include identifiers, rejected translations, or further refine results by matching case or whole words.

For more details on how to use this feature, check out our documentation. We’re currently analyzing the usage data to understand if we should change the default options, and exploring how to make the feature more discoverable.

Screenshot of translation memory management in PontoonDecember was an especially busy month for releasing new features. We kicked things off with the long-awaited ability to edit translation memory (TM) entries, addressing one of the most frequently requested enhancements from our users. Shortly after, we introduced another powerful feature: the ability to upload custom translation memories in TMX format, giving locales even more control over their localization workflows.

Image showing achievement badges available in Pontoon.We also launched our first glimpse of gamification! Users can now earn three different types of badges for translating, reviewing, and promoting other contributors. The goal isn’t just to recognize and celebrate the invaluable efforts of volunteers but also to encourage positive behaviors. These include reviewing others’ work and promoting promising contributors, helping communities grow and encouraging effective participation across the platform.

Available user banners in Pontoon.As part of this work we also introduced user banners to help clarify roles within a locale or project.

Finally, we wrapped up the year by enhancing Pontoon’s ability to keep users informed. Users can now opt to receive notifications via email, choosing between daily or weekly updates. Additionally, we introduced a Monthly Activity Summary — a digest that highlights both their personal contributions and their team’s activity. If you’re a locale manager, we highly recommend enabling this feature to stay on top of your community’s progress and engagement.

Email options in Pontoon's profile settings.If you check your settings, you’ll find a new option for News and Updates. We highly encourage users to enable this checkbox to stay informed about online events, new features, surveys, and more. The content will be strictly focused on Mozilla Localization and Pontoon, and you can opt out or change your preferences at any time.

Lastly, a lot of work happened behind the scenes to improve Pontoon’s functionality and stability. We introduced the Messaging Center, a new feature that enables program managers to communicate with users more effectively through targeted notifications or emails.

In addition, we’ve been rewriting the code responsible for syncing Pontoon with repositories. This foundational work lays the groundwork for a broader set of initiatives planned for 2025. We also implemented measures to mitigate DDoS attacks, ensuring the platform remains stable, secure, and reliable for all users.

Community

This year, we collaborated with members of the community and other community-focused teams at Mozilla to improve our existing documentation and create comprehensive community guidelines aimed at building vibrant and sustainable communities. These guidelines address key topics, such as the expectations for managers and translators, and provide clear processes for assigning permissions to new contributors when existing leaders are not available.

Unfortunately, the situation around in-person community events hasn’t changed. We know how important these gatherings are for you — and for us — but in the meantime, we continued to focus on organizing online events. You can find all the recordings for the 2024 events here. We’ve also recorded an Introduction to Pontoon, designed to help onboard new contributors and familiarize them with the platform.

What’s coming in 2025

While we made significant strides in improving Pontoon’s performance this year, we believe that we’ve reached the limits of our current setup. As we move into the new year, our focus will shift to exploring alternative deployment solutions. Our goal is to make Pontoon faster, more reliable, and better equipped to meet the needs of our users.

We aim to make mobile projects (Android and iOS) first-class citizens in our localization ecosystem. The first step is introducing support for plural forms, which will significantly enhance the localizability of these projects. This improvement will enable more natural-sounding content in English and other languages, ensuring a better experience for both contributors and end users.

Talking about Pontoon, we’re committed to improving translation memory utilization, particularly for handling multi-value strings commonly found in Fluent. Currently, Pontoon only suggests translations for a single value within these strings. Moving forward, we aim to provide suggestions or translation memory matches for entire strings, ensuring a more comprehensive and efficient translation experience.

We plan to work on a Mozilla Language Portal — a unified hub that highlights Mozilla’s unique approach to localization while serving as a comprehensive resource for translators. This webpage will feature searchable translation memories, a rich repository of documentation, best practices, blogs, and more, fostering knowledge-sharing and collaboration across the global translation community.

Finally, we will continue exploring innovative ways to engage our community and strengthen its connections. As part of this work, we will keep advocating for increased investment in community building at the organization level, emphasizing its critical role in driving our mission forward.

If you have any thoughts or ideas about this plan, let us know on Mastodon or Matrix!

Thank you!

As we step into 2025, we’re constantly reminded of the transformative power of localization. Together, we’ll continue to break down barriers, and create a digital world that speaks everyone’s language. Thank you for being part of this journey.

This Week In RustThis Week in Rust 580

Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tag us at @ThisWeekInRust on X (formerly Twitter) or @ThisWeekinRust on mastodon.social, or send us a pull request. Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub and archives can be viewed at this-week-in-rust.org. If you find any errors in this week's issue, please submit a PR.

Want TWIR in your inbox? Subscribe here.

Updates from Rust Community

Foundation
Project/Tooling Updates
Observations/Thoughts
Rust Walkthroughs

Crate of the Week

This week's crate is fake, a library (and recently console utility) to generate fake data of various types.

Thanks to llogiq for the half-self-suggestion!

Please submit your suggestions and votes for next week!

Calls for Testing

An important step for RFC implementation is for people to experiment with the implementation and give feedback, especially before stabilization. The following RFCs would benefit from user testing before moving forward:

RFCs
  • No calls for testing were issued this week.
Rust
  • No calls for testing were issued this week.
Rustup
  • No calls for testing were issued this week.

If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

Call for Participation; projects and speakers

CFP - Projects

Always wanted to contribute to open-source projects but did not know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

CFP - Events

Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.

If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

Updates from the Rust Project

331 pull requests were merged in the last week

Rust Compiler Performance Triage

A pretty quiet week, with the exception of a significant improvement due to landing LTO for C / C++ programs compiled as part of the build.

Triage done by @simulacrum. Revision range: 0eca4dd3..93722f7e

0 Regressions, 1 Improvements, 1 Mixed; 0 of them in rollups 53 artifact comparisons made in total

Full report here

Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

  • No RFCs were approved this week.
Final Comment Period

Every week, the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now.

RFCs
  • No RFCs entered Final Comment Period this week.
Tracking Issues & PRs
Rust
  • No RFCs entered Final Comment Period this week.
Cargo
  • No Cargo Tracking Issues or PRs entered Final Comment Period this week.
Language Team
  • No Language Team Proposals entered Final Comment Period this week.
Language Reference
  • No Language Reference RFCs entered Final Comment Period this week.
Unsafe Code Guidelines
  • No Unsafe Code Guideline Tracking Issues or PRs entered Final Comment Period this week.
New and Updated RFCs

Upcoming Events

Rusty Events between 2025-01-01 - 2025-01-29 🦀

Virtual
Asia
Europe
North America

If you are running a Rust event please add it to the calendar to get it mentioned here. Please remember to add a link to the event too. Email the Rust Community Team for access.

Jobs

Please see the latest Who's Hiring thread on r/rust

Quote of the Week

Hear, hear! Rust is the real deep state. They knew all along that memory-related bugs would dominate the Vulnerability Rating Taxonomy. Coincidence? I think not. 🐛🔧

@amoghavarsha@infosec.exchange on mastodon

Thanks to llogiq for the suggestion!

Please submit quotes and vote for next week!

This Week in Rust is edited by: nellshamrell, llogiq, cdmistman, ericseppanen, extrawurst, U007D, joelmarcey, mariannegoldin, bennyvasquez, bdillo Email list hosting is sponsored by The Rust Foundation

Discuss on r/rust

Don Martipredictions for 2025

(looks like I had enough notes for an upcoming event to do A-Z this year…)

Ad blocking will get bigger and more widely reported on. Besides the usual suspects, the current wave of ad blocking is also partly driven by professional, respectable security vendors. Malwarebytes Labs positions their ad blocker as an security tool and certain well-known companies are happy to help them with their content marketing by running malvertising. (example: Malicious ad distributes SocGholish malware to Kaiser Permanente employees) Silent Push is another security vendor helping to make the ads/malware connection. And, according to research by Lin et al., users who installed an ad blocker reported fewer regrets with purchases and an improvement in subjective well-being. Some of those users who installed an ad blocker reluctantly because of security concerns will be hard to convince to turn it off even if the malvertising situation improves.

Bullshit is going to be everywhere, and more of it. In 2025 it won’t be enough to just ignore the bullshit itself. People will also have to ignore what you might think of as a bullshit Smurf attack, where large amounts of content end up amplifying a small amount of bullshit. Some politician is going to tweet something about how these shiftless guys today need to pull up their pants higher, and then a bunch of mainstream media reporters are going to turn in their diligently researched 2000-word think pieces about the effect of higher pants on the men’s apparel market and human reproductive system. And by the time the stories run, the politician has totally forgotten about the pants thing and is bullshitting about something else. The ability to ignore the whole cycle will be key. So people’s content discovery habits are going to change, we just don’t know how.

Chrome: Google will manage to hang on to their browser, as prospective buyers don’t see the value in it. Personally I think there are two logical buyers. The Trade Desk could rip out the janky Privacy Sandbox stuff and put in OpenPass and UID2. Not all users would leave those turned on, but enough would to make TTD the dominant source for user identifiers in web ads. Or a big bank could buy Chrome as a fraud protection play and run it to maximize security, not just ad revenue. At the scale of the largest banks, protecting existing customers from Internet fraud would save the bank enough money to pay for browser development. Payment platform integration and built-in financial services upsell would be wins on top of that.

Both possible Chrome buyers would be better off keeping open-source Chromium open. Google would keep contributing code even if they didn’t control the browser 100%. They would feel the need to hire or sponsor people to participate on a legit open-source basis to support better interoperability with Google services. They wouldn’t be able to get the anticompetitive shenanigans back in, but the legit work would continue—so the buyer’s development budget would be lower than Google’s, long term. But that’s not going to happen. So far, decision makers are convinced that the only way to make money with the browser is with tying to Google services, so they’re going to pass up this opportunity.

Development tools will keep getting more AI in them. It will be easier to test new AI stuff in the IDE than to not test it. But a flood of plausible-looking new code that doesn’t necessarily work in all cases or reflect the unwritten assumptions of the project means a lot more demand for testing and documentation. The difference between a software project that spends 2025 doing self-congratulatory AI productivity win blog posts and one that has an AI code catastrophe is going to be how much test coverage they started with or were able to add quickly.

Environmental issues: we’re in for more fires, floods, and storms. Pretty much everybody knows why, but some people will only admit it when they have to. A lot of homeowners won’t be able to renew their insurance, so will end up selling to investors who are willing to demolish the house and hold the land for eventual resale. More former house occupants will pivot to #vanlife, and 24-hour health clubs will sell more memberships to people who mainly need the showers.

Firefox will keep muddling through. There will be more Internet drama over their ill-advised adfraud in the browser thing, but the core software will be able to keep going and even pick up a few users on desktop because of the ad blocking trend. The search ad deal going away won’t have much effect—Google pays Firefox to exist and limit the amount of antitrust trouble it’s in, not for some insignificant number of search ad clicks. If they can’t pay Firefox for default search engine placement, they’ll find some other excuse to send them enough cash to keep going. Maybe not as high on the hog as they have been used to, but enough to keep the browser usable.

Google Zero, where Google just stops sending traffic to a site, will arrive for a significant minority of sites. But not even insiders at Google know which. (I Attended Google’s Creator Conversation Event, And It Turned Into A Funeral | GIANT FREAKIN ROBOT, Google, the search engine that’s forgotten how to search)

Homeschooling will increase faster because of safety concerns, but parents will feel uncomfortable about social isolation and seek out group activities such as sports, crafts, parent-led classes, and group playdates. Homeschoooling will continue to be a lifestyle niche that’s relatively easy to reach with good influencer and content creator connections, but not well-covered by the mainstream media.

Immigration into the USA will continue despite high-profile deportations and associated human rights violations. But whether or not a particular person is going to be able to make it in, or be able to stay, is going to be a lot less predictable. If you know who the person is who might be affected by immigration policy changes, you might be able to plan around it, but what’s more likely from the business decision-making point of view is the person affected is an employee of some supplier of your supplier, or a family member, and you can’t predict what happens when their life gets disrupted. Any company running in lean or just-in-time mode, and relying on low disruption and high predictability, will be most at a disadvantage. Big Tech companies will try to buy their way out of the shitstorm, but heavy reliance on networks of supplier companies will mean they’re still affected in hard-to-predict ways.

Journalism will continue to go non-profit and journalist-owned. The bad news is there’s not enough money in journalism, now or in the near future, to sustain too many levels of managers and investors, and the good news is there’s enough money in it to keep a nonprofit or lifestyle company going. (Kind of like tech conferences. LinuxWorld had to support a big company, so wasn’t sustainable, but Southern California Linux Expo, a flatter organization, is.)

Killfile is the old Usenet word for a blocklist, and I already had something for B. The shared lists that are possible with the Fediverse and Bluesky are too useful not to escape into other categories of software. I don’t know which ones yet, but a shared filter list to help fix the search experience is the kind of thing we’re likely to see. People’s content discovery and shopping habits will have to change, we just don’t know how.

Low-trust society will trend. It’s possible for a country to move from high trust to low, or the other way around, as the Pew Research Center covered in 2008. The broligarchy-dominated political and business environment in the USA, along with the booms in growth hacking and AI slop, will make things a lot easier for corporate crime and scam culture. So people’s content discovery and shopping habits will have to change, we just don’t know how. Multi-national companies that already operate in middle-income low-trust countries will have some advantages in figuring out the new situation, if they can bring the right people in from there to here.

Military affairs, revolution in: If you think AI hype at the office in the USA is intense, just watch the AI hype in Europe about how advanced drones and other AI-enabled defense projects can protect countries from being occupied by an evil dictator without having to restore or expand conscription. Surveillance advertisers and growth hackers in the USA are constantly complaining about restrictions on AI in Europe—but the AI Act over there has an exception for the defense industry. In 2025 it will be clear that the USA is over-investing in bullshit AI and under-investing in defense AI, but it won’t be clear what to do about it. (bonus link: The Next Arsenal of Democracy | City Journal)

Neighborhood organizations: As Molly White recommended in November, more people will be looking for community and volunteer opportunities. The choice to become a joiner and not just a consumer in unpredictable times is understandable and a good idea in general. This trend could enter a positive feedback loop with non-profit and journalist-owned local news, as news sites try more community connections like Cleveland Documenters.

Office, return to: Companies that are doing more crime will tend to do more RTO, because signaling loyalty is more important than productivity or retaining people with desired skills. Companies that continue avoiding doing crimes, even in what’s going to be a crime-friendly time in the USA, will tend to continue cutting back on office space. The fun part is that the company can tell the employee that work from home privileges are a benefit, and not free office space for the employer. Win-win! So the content niche for how-tos on maximizing home (and van) offices will grow.

Prediction markets will benefit from 2024’s 15 minutes of fame to catch on for some niche corporate projects, and public prediction market prices will be quoted in more news stories.

Quality, flight to (not): If I were going to be unrealistically optimistic here, I’d say that the only way for advertisers to deal with the flood of AI slop sites and fake AI users is to go into full Check My Ads mode and just advertise on known legit sites made by and for people. But right now the habits and skills around race-to-the-bottom ad placements are too strong, so there won’t be much change on the advertiser side in 2025. A few forward-thinking advertisers will get good results from quality buying for specific campaigns, but that’s about it.

Research on user behavior will get a lot more important. The AI crapflood and resulting search quality crisis mean that (say the line, Bart) people’s content discovery and shopping habits will have to change, we just don’t know how. Companies that build user research capacity, especially in studying privacy users and the gaps they leave in the marketing data, will have an advantage.

State privacy law season will be spicy again. A few states will get big comprehensive privacy bills through the process again, but the laws to watch will be specific ones on health, protecting teens from the algorithm, social media censorship, and other areas. More states will get laws like Daniel’s Law. (We need a Daniel’s Law for military personnel, their families, and defense manufacturing workers, but we’re probably going to see some states do them for health insurance company employees instead.)

Troll lawyer letters alleging violations of the California Invasion of Privacy Act (CIPA) and similar laws will increase. Operators of small sites can incur a lot of legal risk now just by running a Big Tech tracking pixel. But Big Tech will continue to ignore the situation, and put all the risks on the small site. (kind of like how Amazon.com uses delivery partner companies to take the legal risks of employing algorithmically micromanaged, overstressed delivery drivers.)

Unemployment and underemployment will trend up, not down, in 2025. Yes, there will be more political pressure on companies here to hire and manufacture locally, but actual job applicants aren’t interchangeable worker units in an RTS game—there’s a lot of mismatch between the qualities that job seekers will have and the qualities that companies will be looking for, which will mean a lot of jobs going unfilled. And employers tend to hire fewer people in unpredictable times anyway.

Virginia’s weak privacy law will continue to be ignored by most companies that process personal data. Companies will treat all the privacy law states as Privacyland, USA which means basically California.

Why is my cloud computing bill so high? will be a common question. But the biggest item on the bill will be the AI that [employee redacted] is secretly in love with, so you’ll never find it.

X-rated sites will face an unfriendly regulatory environment in many states, so will help drive mass-market adoption of VPNs, privacy technologies, cryptocurrencies, and fintech. The two big results will be that first, after people have done all the work to go underground to get their favorite pr0n site, they might as well use their perceived invisibility to get infringing copies of other content too. And second, a lot of people will get scammed by fake VPNs and dishonest payment services.

Youth privacy laws will drive more investment in better content for kids. (This is an exception to the Q prediction.) We’re getting a bunch of laws that affect surveillance advertising to people under 18. As Tobias Kircher and Jens Foerderer reported, in Ban Targeted Advertising? An Empirical Investigation of the Consequences for App Development, a privacy policy change tended to drive a lot of Android apps for kids out of the Google Play Store, but the top 10 percent of apps did better. If you have ever visited an actual app store, it’s clear that Sturgeon’s law applies, and it’s likely that the top 10 percent of apps account for almost all of the actual usage. All the kids privacy laws and regs will make youth-directed content a less lucrative play for makers of crap and spew who can make anything, leaving more of the revenue for dedicated and high-quality content creators.

ZFS will catch on in more households, as early adopters replace complicated streaming services (and their frequent price increases and disappearing content) with storage-heavy media PCs.

Don MartiHow we get to the end of prediction market winter

Taylor Lorenz writes, in Prediction markets go mainstream,

Prediction markets—platforms where users buy and sell shares based on the probability of future events—are poised to disrupt the media landscape in 2025, transforming not only how news is shared but how it is valued and consumed.

Prediction markets did get some time in the spotlight this year. But the reasons for the long, ongoing prediction market winter are bigger than just prediction markets not being famous. Prediction markets have been around for a long time, and have stubbornly failed to go mainstream.

The first prediction market to get famous was the University of Iowa’s Iowa Electronic Markets which launched in the late 1980s and has been covered in the Wall Street Journal since at least the mid-1990s. They originally used pre-web software and you had to mail in a paper check (update 4 Jan 2024: paper checks are still the only way to fund your account on there). But IEM wasn’t the first. Prof. Robin Hanson, in Hail Jeffrey Wernick, writes about an early prediction market entrepreneur who started his first one in 1981. (A secretary operated the market manually, with orders coming in by fax.) Prediction markets were more famous than Linux or the World Wide Web before Linux or the World Wide Web. Prediction markets have been around since before stop trying to make fetch happen happened.

So the safe prediction would be that 2025 isn’t going to be the year of prediction markets either. But just like the year of Linux on the desktop never happened because the years of Linux in your pocket and in the data center did, the prediction markets that do catch on are going to be different from the markets that prediction market nerds are used to today. Some trends to watch are:

Payment platforms: Lorenz points out, Prediction markets are currently in legal limbo, but I’d bet against a ban, especially given the new administration. Right now in the USA there is a lot of VC money tied up in fintech, and a lot of political pressure from well-connected people to deregulate everything having to do with money. For most people the biggest result will be more scams and more hassles dealing with transactions that are legal and mostly trustworthy today but that will get enshittified in the new regulatory environment. But all those money-ish services will give prediction markets a lot more options for getting money in and out in a way that enables more adoption.

Adding hedging and incentivization: The prediction markets that succeed probably won’t be pure, ideal prediction markets, but will add on some extra market design to attract and retain traders. Nick Whitaker and J. Zachary Mazlish, in Why prediction markets aren’t popular, write that so far, prediction markets don’t appeal to the kinds of people who play other kinds of markets. People enter markets for three reasons. Savers are trying to build wealth, Gamblers play for thrills, and Sharps enter to profit from less well-informed traders. No category out of the three is well-served by existing prediction markets, because a prediction market is zero-sum, so not a way to build wealth long-term, and it’s too slow-moving and not very thrilling compared to other kinds of gambling. And the sharps need a flow of less well informed traders to profit from, but prediction markets don’t have a good way to draw non-sharps into the market.

Whitaker and Mazlish do suggest hedging as a way to get more market participants, but say

We suspect there is simply very little demand for hedging events like whether a certain law gets passed; there is only demand for hedging the market outcomes those events affect, like what price the S&P 500 ends the month at. Hedging market outcomes already implicitly hedges for not just one event but all the events that could impact financial outcomes.

That’s probably true for hedging in a large public prediction market. An existing oil futures market is more generally useful to more traders that a prediction market on all the events that might affect the price of oil. And certain companies’ stocks today are largely prediction markets on future AI breakthroughs and the future legal status of various corporate crimes. But I suspect that it’s different for a private market for events within a company or organization. For example, a market with sales forecasting contracts on individual large customers could provide much more actionable numbers to management than just trading on predicted total sales.

You could, in effect, pay for a prediction market’s information output by subsidizing it, and Whitaker and Mazlish suggest this. A company that runs an internal prediction market can dump money in and get info out. Like paying for an analyst or consulting firm, but in a distributed way where the sources of expertise are self-selecting by making trade/no trade decisions based on what they know or don’t know. But it’s also possible, usually on the smaller side, for a prediction market to become an incentivization market. To me, the difference is that in an incentivization market, a person with ability to affect the results holds a large enough investment in the market that it influences them to do so. The difference is blurry and the same market can be a prediction market for some traders and an incentivization market for others. But by designing incentives for action in, a market operator can make it drift away from a pure prediction market design to one that tends to produce an outcome. related: The private provision of public goods via dominant assurance contracts by Alexander Tabarrok

Proof of concept projects can already address specific information needs: A problem that overlaps with the prediction market incentivization problem in interesting ways is the problem of how to pay for information products and services that can be easily copied. How do we fund open source? is a persistent question. And Bruce Perens, original author of what became the Open Source Definition, wants to move on entirely. The problem of funding open source is hard enough that we mainly hear about it when a high-profile security issue makes the news.

As Luis Villa points out,

If you don’t know what’s in the box, you can’t secure it, so it is your responsibility as builders to know what’s in the box. We need better tools, we need better engagement to enable everybody to do that with less effort and less burden on individual volunteer maintainers and non-profits.

Companies that use open source software need to measure and reduce risks. The problem is that the biggest open source risks are related to hard-to-measure human factors like developer turnover and burnout. Developers of open source software can take actions that help companies understand their risks, but they’re not compensated for doing it. A prediction/incentivization market can both help quantify hidden risks and incentivize changes.

If you have an internal market that functions as both a prediction market and an incentivization market, you can subsidize both the information and the desired result by predicting the events that you don’t want to happen. This is similar to how commodities markets and software bug futures markets can work. Some traders are pure speculators, others take actions that can move the market. Farmers can plan which crops to plant based on predicted or contracted prices, companies can allocate money to fuel futures and/or fuel-saving projects, developers can prioritize tasks.

Synergy with AI projects: An old corporate Intranet rule of thumb [citation needed] is that you need five daily active editors to have a useful company or organization Wiki. I don’t know what the number is for a prediction market, but as Prof. Andrew Gelman points out, prediction markets need “dumb money” to create incentives for well-informed traders to play and win.

Noisy, stupid bots are a minus for most kinds of social software, but a win for markets. If only there were some easy way to crank up a bunch of noisy, stupid bots. Oh, wait, there’s a whole AI boom happening. Good timing, right? And AI projects need ways to test their output quality in a scalable way, just as much as prediction markets need extra trading churn. AI projects and prediction market projects solve each other’s problems.

  • Prediction markets need liquidity and dumb money. Bots can already do those.

  • AI projects need scalable quality checks. Slop is easier to make than to check, so evaluating the quality of AI output keeps growing relative to the declining costs of everything else. You can start up a lot of bots, fund each with a small stake, and shut down the broke ones. The only humans required are the traders who can still beat the bots. and if at some point the humans lose all their money, you know you won AI. Congratulations, and I for one welcome our bot plutocrat overlords.

Bots can also be run behind a filter to only make offers that, if accepted, would further the market operator’s goals in some way. For example, bots can be set up to be biased to over-invest on predicting unfavorable outcomes (like buying the UNFIXED side of bug futures) to add some incentivization.

Fixing governance by learning from early market experiences: Internal prediction markets at companies tend to go through about the same story arc. First, the market launches with some sponsorship and internal advocacy from management. Second, the market puts up some encouraging results. (Even in 2002 a prediction market was producing more accurate sales forecasts than the official ones at HP.) And for its final act, the prediction market ends up perpetrating the unforgivable corporate sin: accurately calling some powerful executive’s baby ugly. So the prediction market ends up going to live with a nice family on a farm. Read the (imho, classic) paper, Corporate Prediction Markets: Evidence from Google, Ford, and Firm X by Bo Cowgill and Eric Zitzewitz, and, in Professor Hanson’s post, why a VC firm could not get prediction markets into portfolio companies. Wernick blames the ego of managers who think their judgment best, hire sycophants, and keep key org info close to their chests.

The main lesson is that the approval and budget for the prediction market itself needs to be handled as many management levels as possible above the managers that the prediction market is likely to bring bad news to. Either limit the scope of issues traded on, or sell the market to a more highly placed decision maker, or both. The prediction market administrator needs to report to someone safely above the level of the decision-makers for the issues being traded on. The really interesting experiment would be a private equity or VC firm that has its own team drop in and install a prediction market at each company it owns. The other approach is bottom-up: start with limiting the market to predicting small outcomes like the status of individual software bugs, and be disciplined about not trading on more consequential issues until the necessary sponsorship is in place.

So, is 2025 the year of prediction markets? Sort of. A bunch of factors are coming together. Payment platform options, the ability to do proof of concept niche projects, and the good fit as a QA tool for AI will make internal market projects more appealing in 2025. And if market operators can learn from history to avoid what tends to happen to bearers of bad news, this could be the year.

Related

From prediction markets to info finance by Vitalik Buterin

Conditional market: The seer.io prediction market supports conditional positions (that only win or lose if some other position pays off) with an arbitrary number of nesting levels.

Polymarket Explained: How Blockchain Prediction Markets Are Shaping the Future of Forecasting Pavel Naydanov explains implementation details. (An internal prediction market can be a relatively simple CRUD app, though, so lack of this technology was not really holding prediction markets back.)

Bonus links

The History Crisis Is a National Security Problem Democracies such as the United States rely on the public to set broad strategic priorities through elections and on civilian leaders to translate those priorities into executable policies. Fostering historical knowledge in the public at large is also an important aspect of U.S. competitiveness. (and we really don’t want to be learning about history from bots)

Why the deep learning boom caught almost everyone by surprise Fei-Fei Li….created an image dataset that seemed ludicrously large to most of her colleagues. But it turned out to be essential for demonstrating the potential of neural networks trained on GPUs.

“Unprecedented” decline in teen drug use continues, surprising experts (maybe the kids are addicted to video games now?)

Developing a public-interest training commons of books Currently, AI development is dominated by a handful of companies that, in their rush to beat other competitors, have paid insufficient attention to the diversity of their inputs, questions of truth and bias in their outputs, and questions about social good and access. Authors Alliance, Northeastern University Library, and our partners seek to correct this tilt through the swift development of a counterbalancing project…

Support.Mozilla.OrgWrapping up 2024: How SUMO made support smarter, simpler, and more accessible

As 2024 comes to a close, we want to take a moment to celebrate the work we’ve accomplished together at Mozilla Support (SUMO). This year, we focused on making support resources easier to use, smarter to create, and better for everyone. From reducing users’ cognitive load to amplifying their voices through new programs, these wins are a testament to collaboration between our team, contributors, and the wider Mozilla community.

Let’s look back at the highlights.

Making support simpler for everyone

This year, we successfully kicked off the Cognitive Load Reduction initiative. The goal was clear: make Knowledge Base articles easier to follow and less mentally demanding for users. We introduced several improvements, including:

Right now, SUI screenshots and inline icons and images are the most widely adopted updates. These visual additions have already made a noticeable difference in helping users understand and solve issues faster. Next year, we will continue expanding these improvements to reach even more articles and provide a smoother experience for everyone.

One unified taxonomy to connect the dots

Another big milestone this year was the creation and implementation of a unified taxonomy across Mozilla’s Customer Experience team. A unified taxonomy is a shared structure for classifying things — in our case, everything from knowledge base content to app store feedback and user insights.

Here’s why it matters: With this new system, we can gather consistent and meaningful data about what our users need most. Whether it’s feedback about Firefox in app stores or trends in KB article usage, we’re now able to connect the dots between different channels. This deeper understanding helps us improve Mozilla’s products and continuously refine our support resources to be more useful and relevant.

Amplifying user voices with the Voice of Customer program

This year, we launched our Voice of Customer (VoC) program to ensure the voices of our users are consistently heard across Mozilla. We’re gathering feedback from multiple channels — like app store reviews, Connect, SUMO forums, and surveys — and sharing these insights with the teams that shape Mozilla’s products and support resources

To take this program even further, we’re customizing our own Gen-AI model to help cross-check user feedback across channels. This will allow us to identify trends more effectively and ensure the insights we share are accurate and actionable. By better connecting what users are saying with what we’re building, we can make Mozilla’s products and our support efforts even more aligned with user needs.

This is an ongoing effort, and we’re excited to see its continued impact in the coming year.

AI tools that make content smarter (and more accessible)

This year, we also explored how AI can improve the way we create, update, and localize content. Two major initiatives have already begun delivering results:

Organa Oracle for content creation and review

Organa Oracle is a custom GPT model built in Mozilla’s OpenAI Workspace, specifically designed to support SUMO’s style, voice, and guidelines. It helps streamline the creation and updating of Knowledge Base articles by:

  • Suggesting formats and approaches that align with SUMO guidelines.
  • Recommending screenshots and generating alt text to keep articles accessible to all users.
  • Reviewing drafts for clarity, tone, and consistency to ensure every article meets our standards.

For now, Organa Oracle is available only to staff, but we’re actively exploring ways to bring it and other similar tools to contributors in the future. These tools could make content creation and updates faster, easier, and even more collaborative while still reflecting the high quality and accessibility users expect from SUMO.

AI-powered L10N

At the same time, we’re using top large language models (LLMs), like Google’s Gemini and OpenAI’s ChatGPT-4o, with carefully designed prompts to assist in the localization process. These tools are built to respect existing translations while improving consistency and efficiency, especially in locales where fewer contributors are active. This initiative is designed to fill in gaps, improve consistency, and make localization more efficient for everyone.

Here’s what’s important: contributors will always be at the heart of our localization efforts. AI-powered localization is designed to support and amplify your work, not replace it. By speeding up the process and filling in gaps, the AI will help ensure more consistent translations and give contributors more time to focus on fine-tuning and reviewing content.

Together, these AI-driven tools are helping us create smarter, more accessible content and ensure users worldwide get the support they need.

Why this matters: Mozilla’s mission in action

At Mozilla, our work is guided by the Mozilla Manifesto, a promise to build an open and accessible internet that puts people first. Every initiative we worked on this year reflects that mission:

  • Reducing cognitive load makes support resources more inclusive, helping people of all skill levels solve problems with ease.
  • The Voice of Customer program ensures that user feedback actively shapes Mozilla’s products and support efforts.
  • Organa Oracle and our localization AI make content creation and translation faster while keeping accessibility, quality, and human collaboration at the center.

By simplifying and improving how we support users, we’re making it easier for everyone to feel confident and empowered on the web.

Thank you for an amazing year

None of this would have been possible without you, our incredible contributors, team members, and the wider Mozilla community. Your work, ideas, and feedback are what make SUMO a place where users can always find the help they need.

As we head into 2025, we are excited to keep building on this year’s progress. We will continue amplifying user voices, reducing complexity, improving accessibility, and exploring new ways to make support content even better.

Thank you for being part of this journey. Here is to another year of collaboration, growth, and making the internet better for everyone.

Let’s keep building a better web, one article at a time.

This Week In RustThis Week in Rust 579

Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tag us at @ThisWeekInRust on X (formerly Twitter) or @ThisWeekinRust on mastodon.social, or send us a pull request. Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub and archives can be viewed at this-week-in-rust.org. If you find any errors in this week's issue, please submit a PR.

Want TWIR in your inbox? Subscribe here.

Updates from Rust Community

Newsletters
Project/Tooling Updates
Observations/Thoughts
Rust Walkthroughs
Miscellaneous

Crate of the Week

This week's crate is OmniLED, a helper to display things like time or audio volumne on a LED matrix that some peripherials (such as gaming keyboards) have.

Thanks to llogiq for the suggestion!

Please submit your suggestions and votes for next week!

Calls for Testing

An important step for RFC implementation is for people to experiment with the implementation and give feedback, especially before stabilization. The following RFCs would benefit from user testing before moving forward:

RFCs
  • No calls for testing were issued this week.
Rust
  • No calls for testing were issued this week.
Rustup

If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

Call for Participation; projects and speakers

CFP - Projects

Always wanted to contribute to open-source projects but did not know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

CFP - Events

Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.

If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

Updates from the Rust Project

398 pull requests were merged in the last week

Rust Compiler Performance Triage

We missed triage last week due to some process issues, so this triage includes two weeks of data. The overall result is positive, due to parser optimizations (#133793), trait solving optimizations (#134501, #132325) and bumping the cc crate (#134505), which improved the performance of C/C++ dependencies of the compiler.

Triage done by @kobzol. Revision range: 1b3fb316..0eca4dd3

Summary:

(instructions:u) mean range count
Regressions ❌
(primary)
0.5% [0.3%, 0.8%] 3
Regressions ❌
(secondary)
1.0% [1.0%, 1.0%] 1
Improvements ✅
(primary)
-1.8% [-7.5%, -0.3%] 254
Improvements ✅
(secondary)
-1.3% [-5.4%, -0.3%] 224
All ❌✅ (primary) -1.8% [-7.5%, 0.8%] 257

4 Regressions, 10 Improvements, 12 Mixed; 9 of them in rollups 90 artifact comparisons made in total

Full report here

Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

Final Comment Period

Every week, the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now.

RFCs
  • No RFCs entered Final Comment Period this week.
Tracking Issues & PRs
Rust Cargo
  • No Cargo Tracking Issues or PRs entered Final Comment Period this week.
Language Team
  • No Language Team Proposals entered Final Comment Period this week.
Language Reference
  • No Language Reference RFCs entered Final Comment Period this week.
Unsafe Code Guidelines
  • No Unsafe Code Guideline Tracking Issues or PRs entered Final Comment Period this week.
New and Updated RFCs

Upcoming Events

Rusty Events between 2024-12-25 - 2025-01-22 🦀

Virtual
Asia
Europe
North America

If you are running a Rust event please add it to the calendar to get it mentioned here. Please remember to add a link to the event too. Email the Rust Community Team for access.

Jobs

Please see the latest Who's Hiring thread on r/rust

Quote of the Week

It's only a transmute if it's from the transmute region of std; otherwise it's just sparkling unsafety.

Josh Triplett on github

Thanks to Josh for the self-suggestion!

Please submit quotes and vote for next week!

This Week in Rust is edited by: nellshamrell, llogiq, cdmistman, ericseppanen, extrawurst, andrewpollack, U007D, kolharsam, joelmarcey, mariannegoldin, bennyvasquez.

Email list hosting is sponsored by The Rust Foundation

Discuss on r/rust

Don Martilinks for Christmas 2024

More stuff to read on the Internet.

Also, Quora Lies: WW2 Arial, Helvetica, Courier; also Times misinformation (More and more wrong answers out there, in easy to find places. Somehow, people will have to change content discovery habits to deal with scam culture and AI slop, but we don’t know how. IMHO the need for user research is greater than ever.)

[What say you, Spock?] My Proposed Terminology to Describe Bypassing Social Media Face ID Age Verification Systems (Interesting premise but are kids going to pick up hacking habits again? Kids back in the early days of the Internet had to hack because IT was rare, expensive, and flaky. But people who developed their Internet habits in the 2000s-2010s had it easy, because stuff was basically working but companies were still in create more value than you capture mode. I suppose kids today will have to learn to hack, not just beause of age verification stuff but because companies are in permanent hustle/growth hacking/value extraction mode, so the value available to the default user is less. Hack the consumer surplus?)

Step Right Up: The Chamber of Progress’s Ticketing Chamber of Horrors Fools Nobody (more news from the world of scam culture. Tech industry out of ideas? No problem, take low-reputation petty crimes like ticket scalping and scale them.)

Why Agentic AI Could Be Doomed To Fail, and 3 More AI Predictions for 2025 Accuracy of 75%-90% is state-of-the-art for AI….But if you have three steps of 75-90% accuracy, your ultimate accuracy is around 50%.

Linden Lab has spent $1.3B building Second Life and paid $1.1B to creators And since Linden Lab shares 90% of transactions with creators and only takes a 10% cut, the vast majority of the money generated through trade is paid to the creators themselves.

Classified fighter jet specs leaked on War Thunder – again (Do Wargaming.net players just take the games less seriously? This never seems to happen to the World of… games.)

The Ugly Truth About Spotify Is Finally Revealed Around this same time, I started hearing jazz piano playlists on Spotify that disturbed me. Every track sounded like it was played on the same instrument with the exact same touch and tone. Yet the names of the artists were all different….By total coincidence, Spotify’s profitability started to improve markedly around this time. and The Ghosts in the Machine, by Liz Pelly

Joey Hess: aiming at December The design goal of my 12 kilowatt system is to produce 1 kilowatt of power all day on a cloudy day in midwinter, which allows swapping between major loads (EV charger, hot water heater, etc) on a cloudy day and running everything on a sunny day. So the size of the battery bank doesn’t matter much. Batteries are getting cheaper fast too, but they are a wear item, so it’s better to oversize the solar system and minimize the battery….It costs more to mount solar panels now than the panels are worth.

Enrico Zini: New laptop setup (related: mine came up with fan and power light but no display, got helpful support)

Martin ThompsonExpanding what HTTPS means

So you have a device, maybe IoT, or just something that sits in a home somewhere. You want to be able to talk to it with HTTPS.

Recall Zooko’s “meaningful, unique, decentralized” naming trichotomy. HTTPS chooses to drop “decentralized”, relying on DNS as central control.

In effect, HTTPS follows a pretty narrow definition. To offer a server that works, you need to offer a TLS endpoint that has a certificate that meets a pretty extensive set of requirements. To get that certificate, you need a name that is uniquely yours, according to the DNS[1].

Unique names

It is entirely possible to assign unique names to devices. There’s an awful lot of IoT thingamabobs out there, but there are far more names we could ever use. Allocation can even be somewhat decentralized by having manufacturers manage the assignment[2].

The problem with unique names for IoT devices is that they are probably not going to be memorable (thanks Zooko). I don’t know about you, but printer.<somehash>.service-provider-cloud.example isn’t exactly convenient. Still, this is a system that is proven to work in real deployments.

It we want to make this approach work, maybe it just needs adapting. Following this approach, the problems we’d be seeking to solve are approximately:

  • How to make the names more manageable. For instance, how you manage to securely distribute search suffixes is a significant problem.

  • How to distribute certificates. ACME is an obvious choice, but what does the device talk to? Obviously, there is some need for something to connect to the big bad Internet, but how and how often?

  • Whether rules about certificates that apply to big bad Internet services fit in these contexts. Is it OK that you need to get fresh certificates every 45 days? How do Certificate Transparency requirements fit in this model? Does adding lots of devices to the system lead to scaling problems?

These problems all largely look like operational challenges. Any protocol engineering toward this end would be aimed at smoothing over the bumps. Many of the questions even seem to have fairly straightforward answers.

I don’t want to completely dismiss this approach as infeasible, but it seems clear that there are some pretty serious impediments. After all, nothing has really prevented someone from deploying systems this way. Many have tried. That few have succeeded[3] is perhaps evidence in support of it being too hard.

.onion names

Tor’s solution to this problem is making names self-authenticating. You take a public key (something for which no one else can produce a valid signature) and that becomes your identity. Your server name becomes a hash of that public key. Of course, “<somelongstring>.onion” as a name is definitely not user-friendly. You won’t want to be typing that name into an address bar[4].

That use of a name that is bound to a key recognizes that the identity of the service is bound to its name. In the world of DNS names, that binding is extrinsic and validated by a CA. In Tor, that binding is intrinsic: the name itself carries the binding.

Tor requires that endpoints follow different rules to the rest of the uniquely-named servers. Those rules include a particular protocol and deployment. Being, as they are, a bit onerous, only a few systems exist that are able to resolve “.onion” names. However, this approach does suggest that maybe there is an expansion to the definition of HTTPS that can be made to work.

.local with cryptographically bound names

The same concept as Tor could be taken to local names. Using “<somehash>.local” could be an option[5]. The idea being that the name is verified differently, but still unique.

A name that is cryptographically verified means that you could maybe drop some of the requirements you might otherwise apply to “normal” names.

The trick here is that you are asking clients to change a fair bit. Maybe less than Tor demands, but they still need to recognize the difference. Servers also need to understand that their name has changed.

The biggest problem with relying on unique names remains: these aren’t going to be easy to remember and type.

Nicknames

One approach for dealing with ugly names is to add nicknames. In a browser, you might have a bookmark labeled “printer”, which navigates to your printer at “<somehash>.local”. Or maybe you edit /etc/hosts to add a name alias.

Either way, usability depends on the creation of a mapping from the friendly name to the unfriendly one. From a security perspective, the mapping becomes a critical component.

The idea that you might receive this critical information from the network – for example, the DHCP Domain Search Option – is no good. We gave to assume that the network is hostile[6].

The real challenge here is that everyone will have their own nicknames, there can no canonical mapping. My printer and your printer are (probably) different devices, but we might want to use the same nickname.

TOFU and nicknames

Of course, in most of these cases, what you get from a system like this is effectively TOFU.

That is, you visit the server the first time and give it a friendly name. If that first visit was to the correct server, you can use the nickname securely thereafter. If not, and an attacker was present for your first visit, then you could be visiting them forever after.

This model works pretty well for SSH. It can also be hardened further if you care to do the extra work.

It’s a bit rough if the server key changes, which leads to some fair criticism. For use in the home, it might be good enough.

Non-unique names, unique identities

Recognizing that the practical effect of nicknames plus cryptographically-bound names, the logical next step is to just do away with the funny name entirely.

The reason we want the long and awkward label is twofold:

  • Firstly, we need to be able to find the thing and talk to it.

  • Then, we need to ensure that it has a unique identity, distinct from all other servers, so that it cannot be impersonated.

Those two things don’t need to be so tightly coupled.

Finding the thing works perfectly well without a ridiculous name. I would argue that mDNS works better for people if it uses names that make sense to them.

We could use the friendly name where it makes sense and an elaborate name – or identifier – everywhere that impersonation matters.

Managing impersonation risk

If there are potentially many printers that can use “printer.local”, how do we prevent each from impersonating any other? The basic answer is that each needs to be presented distinctly.

In the browser

On the web at least, this could be relatively simple. There are two concepts that are relevant to all interactions:

  • An origin. An origin is a tuple of values that are combined to form an unambiguous identifier. Origins are the basis for all web interactions. For ordinary HTTPS, this is a tuple that combines the scheme or protocol (“https”), the hostname (“www.example.com”), and the server port number (443).

  • A site. Certain features combine multiple origins for reasons that are convoluted and embarrassing. A site is defined as a test, rather than a tuple of values. Two origins can be same site or schemelessly same site.

Neither of these rely on having flat names for servers, which makes extending them a real possibility. For instance, “https://printer.local” might be recognized as non-unique and therefore be assigned a tuple that includes the server public key, thereby ensuring that it is distinct from all other “https://printer.local” instances.

From there, many of the reasons for impersonation can be managed. Passkeys, cookies, and any other state that a browser associates with a given “https://printer.local” are only presented to that instance, not any other. That’s a big chunk of the impersonation risk handled.

Passwords and phishing remain a challenge[7]. Outside of the use of password manager, it won’t be hard to convince people to enter a password into the wrong instance. That might be something that can be managed with UX changes, but that’s unlikely to be perfect.

Elsewhere

Outside of the browser, there are a lot of systems that do not update in quite the same fashion as browsers. Their definition of server identity is likely to be less precise than the origin/site model browsers use.

For these, it might be easier to formulate a name that includes a cryptographic binding to the public key. That name could be used in place of the short, friendly name. There are reserved names that can be used for this purpose.

Working out how to separate out places where names need to be unique and where they can be user-friendly isn’t that straightforward. A starting point might be to use an ugly name everywhere, with substitution of nicer names being done surgically.

One place that might need to be tweaked first is the protocol interactions. A printer might easily handle being known as “printer.local”, but it might be less able to handle being known as “<somehash>.whatever.example”. That would keep the changes for servers to a minimum.

Key rotation and other problems

One reasonable criticism of this approach is that no mechanisms exist to support servers changing their keys.

That’s mostly OK. Key rotation will mean a new identity, which resets existing state. Losing state is likely tolerable for cookies and passkeys. the phishing risk of having to enter a password to restore state, on the other hand, is pretty bad.

That’s a genuine problem that would need work. Of course, if the alternative is no HTTPS, it might be a good trade.

Servers in these environments probably shouldn’t be rotating keys anyway. Things like expiration of certificates largely only serve to ensure that servers are equipped to deal with change. A server at a non-unique name doesn’t have to deal with its name disappearing or having to renew it periodically. Those that want to deal with all of that can get a real name.

Of course, this highlights how this would require a distinct set of rules for non-unique names. Working out what this differences need to be is the hard part.

Conclusion

Extending the definition of HTTPS to include non-unique names is potentially a big step. However, it might mean that we can do away with the bizarre exceptions we have for unsecured HTTP in certain environments.

This post sketched out a model that requires very little of servers. Servers only need to present a certificate over TLS, with a unique key. It doesn’t care much what those certificates contain[8]. Changes are focused on clients and what they expect from devices.

Allowing a system that is obviously lesser to share the “HTTPS” scheme with the system we know (and love/hate/respect/loathe/dread) might seem dishonest or misleading. I maintain that – as long as the servers with real names are unaffected, as they would be – no harm comes from a more inclusive definition.

Expanding what it means to be an HTTPS server might help eliminate unsecured local services. After all, cleartext HTTP is not fit for deployment to the Internet.


  1. Or, maybe, a globally unique IP address. Really, you don’t want that though. ↩︎

  2. Let’s pretend that the manufacturer isn’t going to go out of business during the lifetime of the widget. OK, I can’t pretend: this is unrealistic. Even if they stay in business, there is no guarantee that they will maintain the necessary services. ↩︎

  3. With some notable exceptions. ↩︎

  4. And good luck noticing the phishing attack that replaces the name. It’s not that hard for an attacker to replace the name with one that matches a few characters at the start and end. How do you think Facebook got “facebookcorewwwi.onion”? ↩︎

  5. You might use xx--\<somehash>.local or some other reserved label to eliminate the risk, however remote, of collisions with existing names. ↩︎

  6. You hand your packets to the attacker to forward. ↩︎

  7. I should be recommending the use of passkeys here, pointing to Adam Langley’s nice book, but – to be perfectly frank – the user experience still sucks. Besides, denying that people use passwords is silly. ↩︎

  8. It might not be that simple. You probably want the server to include its name, if only to avoid unknown key share attacks. That might rule out the use of raw public keys. ↩︎

David TellerWhat would it take to add refinement types to Rust?

A few years ago, on a whim, I wrote YAIOUOM. YAOIOUM was a static analyzer for Rust that checked that the code was using units of measures correctly, e.g. a distance in meters is not a distance in centimeters, dividing meters by seconds gave you a value in m / s (aka m * s^-1).

YAIOUOM was an example of a refinement type system, i.e. a type system that does its work after another type system has already done its work. It was purely static, users could add new units in about one line of code, and it was actually surprisingly easy to write. It also couldn’t be written within the Rust type system, in part because I wanted legible error messages, and in part because Rust doesn’t offer a very good way to specify that (m / s) * s is actually the same type as m.

Sadly, it also worked only on a specific version of Rust Nightly, and the code broke down with every new version of Rust. It’s a shame, because I believe that there’s lots we could do with refinement types. Simple things such as units of measure, as above, but also, I suspect, we could achieve much better error messages for complex type-level programming, such as what Diesel is doing.

It got me to wonder how we could extend Rust in such a way that refinement types could be easily added to the language.

Don Martiturning off browser ad features from the command line

(Previously: Google Chrome ad features checklist, turn off advertising features in Firefox.)

The Mozilla Firefox and Google Chrome browsers both have built-in advertising features, which I generally turn off because putting advertising features, even privacy-enhancing ones, in browsers is a bad idea. But the problem with going in to the settings and changing things is not just that it takes time to find stuff, but that it only affects the one browser profile you’re in. So every time I add a user account or a new browser profile, I still need to go to Settings and change the defaults again.

Fortunately it’s possible to turn the ad stuff off once and have it stay off. Both browsers have enterprise management features.

With a few commands, you can be your own enterprise manager, put the right file in the right location, and not have to worry about it.

On Linux, the following content should go in /etc/firefox/policies/policies.json for Firefox:

{ "policies": { "Preferences": { "dom.private-attribution.submission.enabled": { "Status": "locked", "Type": "boolean", "Value": false }, "browser.urlbar.suggest.quicksuggest.sponsored": { "Status": "locked", "Type": "boolean", "Value": false } } } }

and the following content should go in /etc/opt/chrome/policies/managed/managed_policies.json for Chrome:

{ "BlockThirdPartyCookies": true, "PrivacySandboxAdMeasurementEnabled": false, "PrivacySandboxAdTopicsEnabled": false, "PrivacySandboxPromptEnabled": false, "PrivacySandboxSiteEnabledAdsEnabled": false }

The full list of available settings is at Chromium - Policy List. Some of these can be handy additions to the managed_policies.json file especially if you use multiple profiles. For example, I also add "DefaultBrowserSettingEnabled": false so that Google Chrome does not ask to be default browser.

Both files should be owned by the owner of the containing directory (root:root on my system) and mode 755.

That’s it.

There are ways to set this stuff up on Mac OS, too. I think it’s supposed to be /Applications/Firefox.app/Contents/Resources/distribution/policies.json for Firefox, but the /etc/ location might also work. For Google Chrome, there are Set up Chrome browser on Mac instructions.

There are also mentions of how to manage these two browsers on Microsoft Windows. If someone who blogs about those two OSs has instructions on how to set this up on other OS, please let me know and I’ll link to your blog post.

  • For Mac OS: YOUR_BLOG_LINK_HERE

  • For Microsoft Windows: YOUR_BLOG_LINK_HERE

Appeasement fails, and one more tip

For about the past five years, a lot of proponents of in-browser ad features have been going on about how we really need to let the advertisers have their privacy-preserving advertising systems in the browser, because otherwise the surveillance business is going to do something worse. But, as we can see from recent news, that’s not how boundary testing works. They put the ad features in the browser, and then went ahead and increased fingerprinting anyway.

Browser developer: can we make the browser a little creepy so we don’t have to do worse stuff like fingerprinting?

User: ok, fine (clicks Got it)

Browser developer: well if you didn’t mind that, you won’t mind this…fingerprinting…either, right?

User: (facepalm)

Not a surprise for readers of relationship blogs, which tend to be more realistic about how to handle boundary testing than web development blogs. For example, Terri Cole writes about a constructive way to respond to boundary testing, in Navigating Boundaries: Strategies for Addressing Repeat Violations with Effective Consequences.

You’ve 1) set a boundary, 2) communicated it to them, and, after the boundary was crossed, 3) named a consequence to let them know, if this happens again, this is what I am doing.

Accepting any in-browser ad feature just encourages them to test boundaries again and make the browser incrementally creepier and more intrusive. Consequences need to happen early and predictably, or the person testing your boundaries learns that they can test further. Letting creepy behavior slide is a way to get more of it later.

How can users realistically communicate with big companies that only pay attention to lawsuits, news stories, and metrics measured in millions? You can’t really turn off browser fingerprinting—that’s the point, it’s based on hardware or software features that are hard for the user to change—but you can send a signal (and as a useful side effect protect yourself from nasty stuff like malvertising targeted based on your employer.) One of the best underrated privacy tips is just to visit https://myadcenter.google.com/home and set Personalized Ads to Off. This doesn’t just help protect yourself, it also (1) moves a metric that they track, so sends a message that they will get, and (2) it does reduce surveillance advertising revenue, so you help limit the flow of money to the other side. Turning this stuff off is not mainly about protecting yourself, it’s about helping at-risk people hide in the crowd and about reducing the incentives to invest in surveillance.

No privacy setting or tool is a total fix by itself, but turning off in-browser ad features and turning off personalization are both pretty effective for the time invested. More tips: effective privacy tips

Related

Google Chrome ad features checklist

turn off advertising measurement in Apple Safari

turn off advertising features in Firefox

dmarti/browser-adfraud-protection: RPM package to install a policies file

Bonus links

Companies issuing RTO mandates “lose their best talent”: Study (but it’s not about talent. When the company is increasing profits by more deception, surveillance, and value extraction from existing customers, then employees who can signal loyalty are more valuable than employees who might invent something new and legit, which is going to turn out to not get made because it doesn’t look as revenue-positive as the crime options anyway)

Surprise! California’s 40 Qs of Rising Minimum Wage & Fast Food Industry Growth (Beating USA) (There are a lot of possible reasons why the Econ 101 answer turns out not to be right in the real world. An hour of labor that the employer pays $20 for might be worth more than an hour done by the same person for $10.)

Ghost artists on Spotify (Sounds like AI slop blogs on ad networks to me)

Why Does U.S. Technology Rule? What I’m suggesting is that America’s tech advantage may bear considerable resemblance to Britain’s banking advantage. That is, it may have less to do with institutions, culture and policy than the fact that for historical reasons the world’s major technology hubs happen to be in the United States…

Feed readers which don’t take “no” for an answer (More results from a really useful tool. If, like me, your way to avoid The Algorithm is to make your own feed reader, go sign up to see if you have all the If-Modified-Since and related features working correctly.)

The rise of informal news networks, We’ll stop looking down on content creators, Media owners will protect the powerful, Content creators find a place in newsrooms Declaring platform independence (My favorites from the Nieman Lab end of year series. Related: Does YouTube have a future if its creators have to make money elsewhere? IMHO this helps make a case for the strength of the YouTube scene—if YouTubers can keep doing their thing even when the algorithm stifles and demonetizes them, they’re doing something right.)

Watchdog to issue new guidance after report finds air fryers may be listening (More reasons why I still aspire to be the guy who cooks with just a vintage cast-iron skillet and a razor-sharp chef’s knife)

The Rush for AI-Enabled Drones on Ukrainian Battlefields (related: For first time, Ukraine attacks Russian positions using solely ground, FPV drones)

Nodriver: A Game-Changer in Web Automation Designed to bypass even the most sophisticated anti-bot measures, Nodriver is a high-performance, asynchronous web automation framework tailored for developers who require a robust and reliable tool for scraping, testing, and automating web interactions. (previously, previously)

C.A. Goldberg, PLLC Turned Ten and We Are Looking Back at the Firm’s Most Memorable Moments Over the Past Decade!!! (Why Omegle is no longer a thing, and a substantial part of the reason that Section 230 is no longer a guaranteed everything is allowed if you can blame a user for uploading it rule.)

Trump2 Will Shake Up the “Competition Safe Spaces” What we know is that there is complete paralysis in Brussels as we start to take a measure of what may be coming our way – with decisions (DMA non compliance, Google ad-tech) and policy initiatives all stalled in the wings, all in suspended animation until the new Administration shows its true colours and we figure out what threats and retribution might be coming our way.

Australia fires publisher damages claim at Google, Australia approves law banning social media for under 16s (are they trying to grow a generation of teen Wikipedia editors and Fediverse influencers? might work)

Mozilla Privacy BlogMozilla Joins Amicus Brief Supporting Software Interoperability

UPDATE – December 20, 2024

We won!

Earlier this week the Ninth Circuit issued an opinion that thoroughly rejects the district court’s dangerous interpretation of copyright law. Recall that, under the district court’s ruling, interoperability alone could be enough for new software to be an infringing derivative work of some prior software. If upheld, this would have threatened a wide range of open source development and other software.

The Ninth Circuit corrected this mistake. It wrote that “neither the text of the Copyright Act nor our precedent supports” the district court’s “interoperability test for derivative works.” It concluded that “mere interoperability isn’t enough to make a work derivative.” Adding that “the text of the Copyright Act and our case law teach that derivative status does not turn on interoperability, even exclusive interoperability, if the work doesn’t substantially incorporate the preexisting work’s copyrighted material.”

Original post, March 11, 2024

In modern technology, interoperability between programs is crucial to the usability of applications, user choice, and healthy competition. Today Mozilla has joined an amicus brief at the Ninth Circuit, to ensure that copyright law does not undermine the ability of developers to build interoperable software.

This amicus brief comes in the latest appeal in a multi-year courtroom saga between Oracle and Rimini Street. The sprawling litigation has lasted more than a decade and has already been up to the Supreme Court on a procedural question about court costs. Our amicus brief addresses a single issue: should the fact that a software program is built to be interoperable with another program be treated, on its own, as establishing copyright infringement?

We believe that most software developers would answer this question with: “Of course not!” But the district court found otherwise. The lower court concluded that even if Rimini’s software does not include any Oracle code, Rimini’s programs could be infringing derivative works simply “because they do not work with any other programs.” This is a mistake.

The classic example of a derivative work is something like a sequel to a book or movie. For example, The Empire Strikes Back is a derivative work of the original Star Wars movie. Our amicus brief explains that it makes no sense to apply this concept to software that is built to interoperate with another program. Not only that, interoperability of software promotes competition and user choice. It should be celebrated, not punished.

This case raises similar themes to another high profile software copyright case, Google v. Oracle, which considered whether it was copyright infringement to re-implement an API. Mozilla submitted an amicus brief there also, where we argued that copyright law should support interoperability. Fortunately, the Supreme Court reached the right conclusion and ruled that re-implementing an API was fair use. That ruling and other important fair use decisions would be undermined if a copyright plaintiff could use interoperability as evidence that software is an infringing derivative work.

In today’s brief Mozilla joins a broad coalition of advocates for openness and competition, including the Electronic Frontier Foundation, Creative Commons, Public Knowledge, iFixit, and the Digital Right to Repair Coalition. We hope the Ninth Circuit will fix the lower court’s mistake and hold that interoperability is not evidence of infringement.

The post Mozilla Joins Amicus Brief Supporting Software Interoperability appeared first on Open Policy & Advocacy.

The Mozilla BlogA different take on AI safety: A research agenda from the Columbia Convening on AI openness and safety

On Nov. 19, 2024, Mozilla and Columbia University’s Institute of Global Politics held the Columbia Convening on AI Openness and Safety in San Francisco. The Convening, which is an official event on the road to the AI Action Summit to be held in France in February 2025, took place on the eve of the Convening of the International Network of AI Safety Institutes. In the convening we brought together over 45 experts and practitioners in AI to advance practical approaches to AI safety that embody the values of openness, transparency, community-centeredness and pragmatism. 

Prior to the event on Nov. 19, twelve of these experts formed our working group and collaborated over six weeks on a thorough, 40-page “backgrounder” document that helped frame and focus our-person discussions, and design tracks for participants to engage with throughout the convening. 

The Convening explored the intersection of Open Source AI and Safety, recognizing two key dynamics. First, while the open source AI ecosystem continues to gain unprecedented momentum among practitioners, it seeks more open and interoperable tools to ensure responsible and trustworthy AI deployments. Second, this community is approaching safety systems and tools differently, favoring open source values that are decentralized, pluralistic, culturally and linguistically diverse, and emphasizing transparency and auditability. Our discussions resulted in a concrete, collective and collaborative output: “A Research Agenda for a Different AI Safety,” which is organized around five working tracks.

We’re grateful to the French Government’s AI Action Summit for co-sponsoring our event as a critical milestone on the “Road to the AI Action Summit” in February, and to the French Minister for Artificial Intelligence who joined us to give closing remarks at the end of the day. 

In the coming months, we will publish the proceedings of the conference. In the meantime, a summarized readout of the discussions from the convening are provided below. 

Group photo of attendees at the Columbia Convening on AI Openness and Safety, smiling and waving while wearing blue, red, and white berets, seated and standing in a brightly lit room with large windows.

Readout from Convening:

What’s missing from taxonomies of harm and safety definitions?

Participants grappled with the premise that there is no such thing as a universally ‘aligned’ or ‘safe’ model. We explored the ways that collective input can both support better-functioning AI systems across use cases, help prevent harmful uses of AI systems, and further develop levers of accountability.  Most AI safety challenges involve complex sociotechnical systems where critical information is distributed across stakeholders and key actors often have conflicts of interest, but participants noted that open and participatory approaches can help build trust and advance human agency amidst these interconnected and often exclusionary systems. 

Participants examined limitations in existing taxonomies of harms and explored what notions of safety put forth by governments and big tech companies can fail to capture. AI-related harms are often narrowly defined by companies and developers for practical reasons, who often overlook or de-emphasize broader systemic and societal impacts on the path to product launches. The Convening’s discussions emphasized that safety cannot be adequately addressed without considering domain-specific contexts, use cases, assumptions, and stakeholders. From automated inequality in public benefits systems to algorithmic warfare, discussions highlighted how safety discussions accompanying AI systems’ deployments can become too abstract and fail to center diverse voices and the individuals  and communities who are actually harmed by AI systems. A key takeaway was to continue to ensure AI safety frameworks center human and environmental welfare, rather than predominantly corporate risk reduction. Participants also emphasized that we cannot credibly talk about AI safety without acknowledging the use of AI in warfare and critical systems, especially as there are present day harms playing out in various parts of the world.

Drawing inspiration from other safety-critical fields like bioengineering, healthcare, and public health, and lessons learned from adjacent discipline of Trust and Safety, the workshop proposed targeted approaches to expand AI safety research. Recommendations included developing use-case-specific frameworks to identify relevant hazards, defining stricter accountability standards, and creating clearer mechanisms for harm redressal. 

Safety tooling in open AI stacks

As the ecosystem of open source tools for AI safety continues to grow, developers need better ways to navigate it. Participants mapped current technical interventions and related tooling, and helped identify gaps to be filled for safer systems deployments. We discussed the need for reliable safety tools, especially as post-training models and reinforcement learning continues to evolve. Conversants noted that high deployment costs, lack of safety tooling and methods expertise, and fragmented benchmarks can also hinder safety progress in the open AI space. Resources envisioned included dynamic, standardized evaluations, ensemble evaluations, and readily available open data sets that could help ensure that safety tools and infrastructure remain relevant, useful, and accessible for developers. A shared aspiration emerged: to expand access to AI evaluations while also building trust through transparency and open-source practices.

Regulatory and incentive structures also featured prominently, as participants emphasized the need for clearer guidelines, policies, and cross-sector alignment on safety standards. The conversation noted that startups and larger corporations often approach AI safety differently due to contrasting risk exposures and resourcing realities, yet both groups need effective monitoring tools and ecosystem support. The participants explored how insufficient taxonomical standards, lack of tooling for data collection, and haphazard assessment frameworks for AI systems can hinder progress and proposed collaborative efforts between governments, companies, and non-profits to foster a robust AI safety culture. Collectively, participants envisioned a future where AI safety systems compete on quality as much as AI models themselves.

The future of content safety classifiers

AI systems developers often have a hard time finding the right content safety classifier for their specific use case and modality, especially when developers need to also fulfill other requirements around desired model behaviors, latency, performance needs, and other considerations. Developers need a better approach for standardizing reporting about classifier efficacy, and for facilitating comparisons to best suit their needs. The current lack of an open and standardized evaluation mechanism across various types of content or languages can also lead to unknown performance issues, requiring developers to perform a series of time-consuming evaluations themselves — adding additional friction to incorporating safety practices into their AI use cases.

Participants chartered a future roadmap for open safety systems based on open source content safety classifiers, defining key questions, estimating necessary resources, and articulating research agenda requirements while drawing insights from past and current classifier system deployments. We explored gaps in the content safety filtering ecosystem, considering both developer needs and future technological developments. Participants paid special attention to the challenges posed in combating child sexual abuse material and identifying other harmful content. We also noted the limiting factors and frequently Western-centric nature of current tools and datasets for this purpose, emphasizing the need for multilingual, flexible, and open-source solutions. Discussions also called for resources that are accessible to developers across diverse skill levels, such as a “cookbook” offering practical steps for implementing and evaluating classifiers based on specific safety priorities, including child safety and compliance with international regulations.

The workshop underscored the importance of inclusive data practices, urging a shift from rigid frameworks to adaptable systems that cater to various cultural and contextual needs and realities. Proposals included a central hub for open-source resources, best practices, and evaluation metrics, alongside tools for policymakers to develop feasible guidelines. Participants showed how AI innovation and safety could be advanced together, prioritizing a global approach to AI development that works in underrepresented languages and regions.

Agentic risk

With growing interest in “agentic applications,” participants discussed how to craft meaningful working definitions and mappings of the specific needs of AI-system developers in developing safe agentic systems. When considering agentic AI systems, many of the usual risk mitigation approaches for generative AI systems — such as content filtering or model tuning —  run into limitations. In particular, such approaches are often focused on non-agentic systems that only generate text or images, whereas agentic AI systems take real-world actions that carry potentially significant downstream consequences. For example, an agent might autonomously book travel, file pull requests on complex code bases, or even take arbitrary actions on the web, introducing new layers of safety complexity. Agent safety can present a fundamentally different challenge as agents perform actions that may appear benign on their own while potentially leading to unintended or harmful consequences when combined.

Discussions began with a foundational question: how much trust should humans place in agents capable of decision-making and action? Through case studies that included AI agents being used to select a babysitter and book a vacation, participants analyzed risks including privacy leaks, financial mismanagement, and misalignment of objectives. A clear distinction emerged between safety and reliability; while reliability errors in traditional AI might be inconveniences, errors in autonomous agents could cause more direct, tangible, and irreversible harm. Conversations highlighted the complexity of mitigating risks such as data misuse, systemic bias, and unanticipated agent interactions, underscoring the need for robust safeguards and frameworks.

Participants proposed actionable solutions focusing on building transparent systems, defining liability, and ensuring human oversight. Guardrails for both general-purpose and specialized agents, including context-sensitive human intervention thresholds and enhanced user preference elicitation, were also discussed. The group emphasized the importance of centralized safety standards and a taxonomy of agent actions to prevent misuse and ensure ethical behavior. With the increasing presence of AI agents in sectors like customer service, cybersecurity, and administration, Convening members stressed the urgency of this work.

Participatory inputs

Participants examined how participatory inputs and democratic engagement can support safety tools and systems throughout development and deployment pipelines, making them more pluralistic and better adapted to specific communities and contexts. Key concepts included creating sustainable structures for data contribution, incentivizing safety in AI development, and integrating underrepresented voices, such as communities in the Global Majority. Participants highlighted the importance of dynamic models and annotation systems that balance intrinsic motivation with tangible rewards. The discussions also emphasized the need for common standards in data provenance, informed consent, and participatory research, while addressing global and local harms throughout AI systems’ lifecycles.

Actionable interventions such as fostering community-driven AI initiatives, improving tools for consent management, and creating adaptive evaluations to measure AI robustness were identified. The conversation called for focusing on democratizing data governance by involving public stakeholders and neglected communities, ensuring data transparency, and avoiding “golden paths” that favor select entities. The workshop also underscored the importance of regulatory frameworks, standardized metrics, and collaborative efforts for AI safety.

Additional discussion

Some participants discussed the tradeoffs and false narratives embedded in the conversations around open source AI and national security. A particular emphasis was placed on the present harms and risks from AI’s use in military applications, where participants stressed that these AI applications cannot solely be viewed as policy or national security issues, but must also be viewed as technical issues too given key challenges and uncertainties around safety thresholds and system performance.

Conclusion

Overall, the Convening advanced discussions in a manner that showed that a pluralistic, collaborative approach to AI safety is not only possible, but also necessary. It showed that leading AI experts and practitioners can bring much needed perspectives to a debate dominated by large corporate and government actors, and demonstrated the importance of a broader range of expertise and incentives. This framing will help ground a more extensive report on AI safety that will follow from this Convening in the coming months.

We are immensely grateful to the participants in the Columbia Convening on AI Safety and Openness; as well as our incredible facilitator Alix Dunn from Computer Says Maybe, who continues to support our community in finding alignment around important socio-technical topics at the intersection of AI and Openness.

The list of participants at the Columbia Convening is below, individuals with an asterisk were members of the working group 

  • Guillaume Avrin – National Coordinator for Artificial Intelligence, Direction Générale des Entreprises
  • Adrien Basdevant – Tech Lawyer, Entropy
  • Ayah Bdeir* – Senior Advisor, Mozilla
  • Brian Behlendorf – Chief AI Strategist, The Linux Foundation 
  • Stella Biderman– Executive Director, EleutherAI 
  • Abeba Birhane – Adjunct assistant professor, Trinity College Dublin 
  • Rishi Bommasani – Society Lead, Stanford CRFM
  • Herbie Bradley – PhD Student, University of Cambridge
  • Joel Burke – Senior Policy Analyst, Mozilla 
  • Eli Chen – CTO & Co-Founder, Credo AI
  • Julia DeCook, PhD – Senior Policy Specialist, Mozilla 
  • Leon Derczynski – Principal research scientist, NVIDIA Corp & Associate professor, IT University of Copenhagen
  • Chris DiBona – Advisor, Unaffiliated
  • Jennifer Ding – Senior researcher, The Alan Turing Institute 
  • Bonaventure F. P. Dossou – PhD Student, McGill University/Mila Quebec AI Institute 
  • Alix Dunn – Facilitator, Computer Says Maybe 
  • Nouha Dziri* – Head of AI Safety, Allen Institute for AI 
  • Camille François* – Associate Professor, Columbia University’s School of International and Public Affairs
  • Krishna Gade – Founder & CEO, Fiddler AI 
  • Will Hawkins* – PM Lead for Responsible AI, Google DeepMind 
  • Ariel Herbert-Voss – Founder and CEO, RunSybil 
  • Sara Hooker – VP Research, Head of C4AI, Cohere
  • Yacine Jernite* – Head of ML and Society, HuggingFace 
  • Sayash Kapoor* – Ph.D. candidate, Princeton Center for Information Technology Policy
  • Heidy Khlaaf* – Chief AI Scientist, AI Now Institute 
  • Kevin Klyman – AI Policy Researcher, Stanford HAI 
  • David Krueger – Assistant Professor, University of Montreal / Mila 
  • Greg Lindahl – CTO, Common Crawl Foundation
  • Yifan Mai – Research Engineer, Stanford Center for Research on Foundation Models (CRFM)
  • Nik Marda* – Technical Lead, AI Governance, Mozilla
  • Petter Mattson – President, ML Commons 
  • Huu Nguyen – Co-founder, Partnership Advocate, Ontocord.ai 
  • Mahesh Pasupuleti – Engineering Manager, Gen AI, Meta 
  • Marie Pellat* – Lead Applied Science & Safety, Mistral 
  • Ludovic Péran* – AI Product Manager
  • Deb Raji* – Mozilla Fellow 
  • Robert Reich – Senior Advisor, U.S. Artificial Intelligence Safety Institute
  • Sarah Schwetmann – Co-Founder, Transluce & Research Scientist, MIT
  • Mohamed El Amine Seddik – Lead Researcher, Technology Innovation Institute 
  • Juliet Shen – Product Lead, Columbia University SIPA
  • Divya Siddarth* – Co-Founder & Executive DIrector, Collective Intelligence Project
  • Aviya Skowron* – Head of Policy and Ethics, EleutherAI 
  • Dawn Song  – Professor, Department of Electrical Engineering and Computer Science at UC Berkeley
  • Joseph Spisak* – Product Director, Generative AI @Meta 
  • Madhu Srikumar* – Head of AI Safety Governance, Partnership on AI
  • Victor Storchan – ML Engineer 
  • Mark Surman – President, Mozilla
  • Audrey Tang* – Cyber Ambassador-at-Large, Taiwan
  • Jen Weedon – Lecturer and Researcher, Columbia University 
  • Dave Willner – Fellow, Stanford University 
  • Amy Winecoff – Senior Technologist, Center for Democracy & Technology 

The post A different take on AI safety: A research agenda from the Columbia Convening on AI openness and safety appeared first on The Mozilla Blog.

The Mozilla BlogBuilding trust through transparency: A deep dive into the Anonym Transparency Portal

Continuing our series on Anonym’s technology, this post focuses on the Transparency Portal, a critical tool designed to give our partners comprehensive visibility into the processes and algorithms that handle their data. As a reminder, Mozilla acquired Anonym over the summer of 2024, as a key pillar in its effort to raise the standards of privacy in the advertising industry. These privacy concerns are well documented, as described in the US Federal Trade Commission’s recent report. Separate from Mozilla surfaces like Firefox, which work to protect users from invasive data collection, Anonym is ad tech infrastructure that focuses on improving privacy measures for data commonly shared between advertisers and ad networks.

Anonym uses Trusted Execution Environments, which include the benefit of providing  security to users through the attestation processes. As discussed in our last post, this guarantees that only approved code can be run. Anonym wanted our customers to be able to participate in this process without the burden of overly complicated technical integration. For this reason Anonym developed the Transparency Portal and a process we call binary review. Anonym’s Transparency Portal provides comprehensive review capabilities and operational control over data processing to partners.

Screenshot of the Anonym Transparency Portal homepage. The header shows the Anonym logo, navigation links, and a user profile for Graham Mudd. The sidebar menu includes options like Home, Getting Started, Your Binaries, API Integrations, Job Activity, Anonym Public Key, Data Upload, Knowledge Base, and Account Settings. The main section has a welcome message titled "Welcome to the Anonym Transparency Portal" with a description and "Get Started" button. Below are four feature tiles: Knowledge Base, Binary Approval, System Overview, and Job Activity, each with brief descriptions and icons.

The Transparency Portal: Core features

The Transparency Portal is designed to offer clear, actionable insights into how data is processed while enabling partners to maintain strict control over the use of their data. The platform’s key components include:

  • Knowledge Base
    Anonym provides comprehensive documentation of all aspects of our system, including:  1) the architecture and security practices for the trusted execution environment Anonym uses for data processing; 2) details on the methodology used for the application, such as our measurement solutions (Private Lift, Private Attribution) and 3) how Anonym uses differential privacy to help preserve the anonymity of individuals.
  • Binary Review and Approval
    Partners can review and approve each solution Anonym offers, a process we call Binary Review. On the Your Binaries tab, partners can download source code, inspect cryptographic metadata, and approve or revoke binaries (i.e. the code behind the solutions) as needed. This ensures that only vetted and authorized code can process partner data.
Screenshot of the "Your Binaries" page in the Anonym Transparency Portal. The header displays the Anonym logo, navigation links, and Graham Mudd's profile. The sidebar menu includes options like Home, Getting Started, Your Binaries, API Integrations, and more.  The main section features a detailed view of a binary labeled "Lift Binary," with a release date of 11/15/2024, 01:39 PM. It shows the binary state as "Active," version as 2.21.0, and approval state as "Approved." Below are sections with:      A binary description explaining how the solution measures the causal impact of advertising using experiments and private t-tests.     Release notes (version 2.21.0) detailing changes like adding seeded_random_generator.py, upgrading dependencies, converting timestamps, and making advertiser record ID deduplication optional.  An approval timestamp shows the binary was approved by graham@anonymdemo.com on 11/19/2024, 09:58 AM. There are buttons for "Revoke Approval" and a green "Approved" badge.  Below the detailed view, a list of other binaries is shown, including another "Lift Binary" and two "Attribution Binary" entries, with states, versions, and approval statuses displayed.
  • Code Comparison Tool
    For partners managing updates or changes to binaries, the portal includes a source code comparison tool. This tool provides line-by-line visibility into changes (aka ‘diffs’) between binary versions, highlighting additions, deletions, and modifications. Combined with detailed release notes, this feature enables partners to quickly assess updates and make informed decisions.
Screenshot of the "Lift Binary Diff" page in the Anonym Transparency Portal, comparing versions 2.20.0 and 2.21.0 of the Lift Binary. The header includes the Anonym logo, navigation links, and Graham Mudd's profile.  The page shows a binary description explaining how the solution measures the causal impact of advertising. Below it, a message indicates that only modified files are displayed in the diff, with unchanged files listed but omitted from the view.  The diff view compares the file src/main/pipelines/lib/formatter/data_cleaners.py between the two versions. Changes are highlighted:      Additions are shown in green, such as the introduction of enabled as a parameter in the __init__ method and new logic to check self.enabled.     Deletions are marked in red, such as lines without enabled logic in the earlier version.     Updates include added functionality for hashing columns and generating a new record ID with clearer documentation.  This structured side-by-side comparison makes it easy to identify code changes between the binary versions.
  • Job History Logs
    A complete log of all data processing jobs enables tracing of all data operations. Each entry details the algorithm used, the data processed, and the associated binary version, creating an immutable audit trail for operational oversight and to help support regulatory compliance.
  • Access and Role Management
    The portal allows partners to manage their internal access rights. Administrative tools enable the designation of users who can review documentation, approve binaries, and monitor processing activities.

Bridging security, transparency and control

We believe visibility and accountability are foundational requirements of any technology, and especially for systems that process consumer data, such as digital advertising. By integrating comprehensive review, approval, and audit capabilities, the Transparency Portal ensures that our partners have full visibility into how their data is used for advertising purposes while maintaining strict data security and helping to support compliance efforts.  

In our next post, we’ll delve into the role of encryption and secure data transfer in Anonym’s platform, explaining how these mechanisms work alongside the Transparency Portal and the TEE to protect sensitive data at every stage of processing.

The post Building trust through transparency: A deep dive into the Anonym Transparency Portal appeared first on The Mozilla Blog.

Mozilla ThunderbirdOpen Source, Open Data: Visualizing Our Community with Bitergia

Thunderbird’s rich history comes with a complex community of contributors. We care deeply about them and want to support them in the best way possible. But how does a project effectively do just that? This article will cover a project and partnership we’ve had for most of a year with a company called Bitergia. It helps inform the Thunderbird team on the health of our community by gathering and organizing publicly available contribution data.


In order to better understand what our contributors need to be supported and successful, we sought the ability to gather and analyze data that would help us characterize the contributions across several aspects of Thunderbird. And we needed some data experts that understood open source communities to help us achieve this endeavor. From our relationship with Mozilla projects, we recalled a past partnership between Mozilla and Bitergia, who helped it achieve a similar goal. Given Bitergia’s fantastic previous work, we explored how Thunderbird could leverage their expertise to answer questions about our community. Likewise, you can read Bitergia’s complimentary blog post on our partnership as well.

Thunderbird and Bitergia Join Forces

Thunderbird and Bitergia started comparing our data sources with their capabilities. We found a promising path forward on gathering data and presenting it in a consumable manner. The Bitergia platform could already gather information from some data sources that we needed, and we identified functionality that had to be added for some other sources. 

We now have contribution data sets gathered and organized to represent these key areas where the community is active:

  • Thunderbird Codebase Contributions – Most code changes take place in the Mercurial codebase with Phabricator as the code reviewing tool.  This Mercurial codebase is mirrored in GitHub which is more friendly and accessible to contributors. There are other important Thunderbird repositories in GitHub such as Thunderbird for Android, the developer documentation, the Thunderbird website, etc.
  • Bug ActivityBugzilla is our issue tracker and an important piece of the contribution story.
  • TranslationsMozilla Pontoon is where users can submit translations for various languages.
  • User Support ForumsThunderbird’s page on support.mozilla.org is where users can request support and provide answers to help other users.
  • Email List DiscussionsTopicbox is where mailing lists exist for various areas of Thunderbird. Users and developers alike can watch for upcoming changes and participate in ongoing conversations.

Diving into the Dashboards

Once we identified the various data sets that made sense to visualize, Bitergia put together some dashboards for us. One of the key features that we liked about Bitergia’s solution is the interactive dashboard. Anyone can see the public dashboards, without even needing an account!

All of our dashboards can be found here: https://thunderbird.biterg.io/

All of the data gathered for our dashboards was already publicly available. Now it’s well organized for understanding too! Let’s take a deeper look at what this data represents and see what insights it gives us on our community’s health.

Thunderbird Codebase Contributions

As stated earlier, the code contributions happen on our Mercurial repository, via the Phabricator reviewing tool. However, the Bitergia dashboard gathers all its data from GitHub, the Mercurial mirror pluss our other GitHub repositories. You can see a complete list of GitHub repositories that are considered at the bottom of the Git tab.

One of the most interesting things about the codebase contributions, across all of our GitHub repositories, is the breakdown of which organizations contribute. Naturally, most of the commits will come from people who are associated with Thunderbird or Mozilla. There are also many contributors who are not associated with any particular organization (the Unknown category).

One thing we hope to see, and will be watching for, is for the number of contributors outside of the Thunderbird and Mozilla organizations to increase over time. Once the Firefox and Thunderbird codebases migrate from Mercurial to git, this will likely attract new contributors and it will be interesting to see how those new contributions are spread across various organizations.

Another insightful dashboard is the graph that displays our incoming newcomers (seen from the Attracted Committers subtab). We can see that over the last year we’ve seen a steady increase in the number of people that have committed to our GitHub repositories for the first time. This is great news and a trend we hope to continue to observe!

Bug Activity

All codebases have bugs. Monitoring discovered and reported issues can help us determine not only the stability of the project itself, but also uncover who is contributing  their time to report the issues they’ve seen. Perhaps we can even run some developer-requested test cases that help us further solve the user’s issue. Bug reporting is incredibly important and valuable, so it is obviously an area we were interested in. You can view these relevant dashboards on the Bugzilla tab.

Translations

Many newcomers’ first contribution to an open source project is through translations.. For the Firefox and Thunderbird projects, Pontoon is the translation management system, and you can find the Translation contribution information on the Pontoon tab.

Naturally, any area of the project will see some oscillating contribution pattern for several reasons and translations are no different. If we look at the last 5 years of translation contribution data, there are several insights we can take away. It appears that the number of contributors drop off after an ESR release, and increase in a few chunks in the months prior to the release of the next ESR. In other words, we know that historically translations tend to happen toward the end of the ESR development cycle. Given this trend, If we compare the 115 ESR cycle (that started in earnest around January 2023) to the recent 128 ESR cycle (that started around December 2023), then we see far more new contributors, indicating a healthier contributor community in 128 than 115.

User Support Forums

Thus far we have talked about various code contributions that usually come from developers, but users supporting users is also incredibly important. We aim to foster a community that happily helps one another when they can, so let’s take a look at what the activity on our user support forums looks like in the Support Forums tab.

For more context, the data range for these screenshots of the user support forum dashboards has been set to the last 2 years instead of just the last year.

The good news is that we are getting faster at providing the first response to new questions. The first response is often the most important because it helps set the tone of the conversation.

The bad news is that we are getting slower at actually solving the new questions, i.e. marking the question as “Solved”. In the below graph, we see that over the last two years, our average time to mark an issue as “Solved” is affecting a smaller percentage of our total number of questions.

The general take away is that we need help in answering user support questions. If you are a knowledgeable Thunderbird user, please consider helping out your fellow users when you can.

Email List Discussions

Many open source projects use public mailing lists that anyone can participate in, and Thunderbird is no different. We use Topicbox as our mailing list platform to manage several topic-specific lists. The Thunderbird Topicbox is where you can find information on planned changes to the UI and codebase, beta testing, announcements and more. To view the Topicbox contributor data dashboard, head over to the Topicbox tab.

With our dashboards, we can see the experience level of discussion participants. As you might expect, there are more seasoned participants in conversations. Thankfully, less experienced people feel comfortable enough to chime in as well. We want to foster these newer contributors to keep providing their valuable input in these discussions!

Takeaways

Having collated public contributor data has helped Thunderbird identify areas where we’re succeeding. It’s also indicated areas that need improvement to best support our contributor community. Through this educational partnership with Bitergia, we will be seeking to lower the barriers of contribution and enhance the overall contribution experience.

If you are an active or potential contributor and have thoughts on specific ways we can best support you, please let us know in the comments. We value your input!

If you are a leader in an open source project and wish to gather similar data on your community, please contact Bitergia for an excellent partnership experience. Tell them that Thunderbird sent you!

The post Open Source, Open Data: Visualizing Our Community with Bitergia appeared first on The Thunderbird Blog.

Mozilla Privacy BlogMozilla Welcomes the Bipartisan House Task Force Report on AI

On December 17, the bipartisan House AI Task Force, led by Representatives Jay Obernolte and Ted Lieu, along with a number of other technology policy leaders, released their long awaited report on AI.

The House Task Force Report on Artificial Intelligence provides in-depth analysis and recommendations on a range of policy issues related to AI, including the use of AI in government agencies, data privacy, research and development, civil rights, and more. The report is the culmination of nearly a year’s worth of research and discussions between the Task Force and a broad range of stakeholders, including Nik Marda of Mozilla, who provided his insights to the Task Force on the benefits and risks of open-source and closed-source models. We thank the members of the House AI Task Force and their staff for their diligent work in developing a robust report and for their willingness to consult a broad range of stakeholders from across industry, civil society, and government. We look forward to working with the Task Force on next steps, and we hope to see legislation advanced to tackle these important issues.

See Mozilla’s December 17, 2024 statement below:

Mozilla commends the House AI Task Force for their diligent work over the past year and welcomes their report detailing AI policy findings and recommendations for Congress. We were grateful for the opportunity to engage with the Task Force throughout this process, and to contribute our perspective on our key priorities, including open source, protecting people from AI-related harms, and Public AI. It’s encouraging to see these critical topics addressed in the final report.

In particular, Mozilla agrees with the Task Force findings that there is insufficient evidence to justify the restriction of open source models, and that today’s open AI models actually “encourage innovation and competition.” This finding echoes NTIA’s July 2024 report which acknowledged the benefits of open models to promote AI innovation. We’re also gratified to see the report address other vital issues like data privacy as it pertains to AI, including the use of Privacy Enhancing Technologies (PETs). We’re pleased with the continued emphasis on making foundational progress towards Public AI as well, including recommendations to monitor the current National AI Research Resource Pilot in preparation for potentially scaling the program, which Mozilla hopes to see expanded, and investing in AI-related R&D and education.

In large part to its great breadth and depth, the House AI Task Force report represents a much-needed step forward in the development of concrete AI policy legislation and will help inform the agenda for the next Congress. We look forward to continuing working with AI leaders to advance meaningful AI legislation that promotes accountability, innovation, and competition.

The post Mozilla Welcomes the Bipartisan House Task Force Report on AI appeared first on Open Policy & Advocacy.

The Mozilla BlogProposed contractual remedies in United States v. Google threaten vital role of independent browsers

Giving people the ability to shape the internet and their experiences on it is at the heart of Mozilla’s manifesto. This includes empowering people to choose how they search.

On Nov. 20, the United States Department of Justice (DOJ) filed proposed remedies in the antitrust case against Google. The judgment outlines the behavioral and structural remedies proposed by the government in order to restore search engine competition.

Mozilla is a long-time champion of competition and an advocate for reforms that create a level playing field in digital markets. We recognize the DOJ’s efforts to improve search competition for U.S. consumers. It is important to understand, however, that the outcomes of this case will have impacts that go far beyond any one company or market. 

As written, the proposed remedies will force smaller and independent browsers like Firefox to fundamentally reexamine their entire operating model. By jeopardizing the revenue streams of critical browser competitors, these remedies risk unintentionally strengthening the positions of a handful of powerful players, and doing so without delivering meaningful improvements to search competition. And this isn’t just about impacting the future of one browser company — it’s about the future of the open and interoperable web. 

Firefox and search

Since the launch of Firefox 1.0 in 2004, we have shipped with a default search engine, thinking deeply about search and how to provide meaningful choice for people. This has always meant refusing any exclusivity; instead we preinstall multiple search options and we make it easy for people to change their search engine — whether setting a general default or customizing it for individual searches

We have always worked to provide easily accessible search alternatives alongside territory-specific options — an approach we continue today. For example, in 2005, our U.S. search options included Yahoo, eBay, Creative Commons and Amazon, alongside Google. 

Today, Firefox users in the U.S. can choose between Google, Bing, DuckDuckGo, Amazon, eBay and Wikipedia directly in the address bar. They can easily add other search engines and they can also benefit from Mozilla innovations, like Firefox Suggest.

For the past seven years, Google search has been the default in Firefox in the U.S. because it provides the best search experience for our users. We can say this because we have tried other search defaults and supported competitors in search: in 2014, we switched from Google to Yahoo in the U.S. as they sought to reinvigorate their search product. There were certainly business risks, but we felt the risk was worth it to further our mission of promoting a better internet ecosystem. However, that decision proved to be unsuccessful. 

Firefox users — who demonstrated a strong preference for having Google as the default search engine — did not find Yahoo’s product up to their expectations. When we renewed our search partnership in 2017, we did so with Google. We again made certain that the agreement was non-exclusive and allowed us to promote a range of search choices to people. 

The connection between browsers and search that existed in 2004 is just as important today. Independent browsers like Firefox remain a place where search engines can compete and users can choose freely between them. And the search revenue Firefox generates is used to advance our manifesto, through the work of the Mozilla Foundation and via our products — including Gecko, Mozilla’s browser engine. 

Browsers, browser engines and the open web

Since launching Firefox in 2004, Mozilla has pioneered groundbreaking technologies, championing open-source principles and setting critical standards in online security and privacy. We also created or contributed to many developments for the wider ecosystem, some (like Rust and Let’s Encrypt) have continued to flourish outside of Mozilla. Much of this is made possible by developing and maintaining the Gecko browser engine.  

Browser engines (not to be confused with search engines) are little-known but they are the technology powering your web browser. They determine much of the speed and functionality of browsers, including many of the privacy and security properties.  

In 2013, there were five major browser engines. In 2024, due to the great expense and expertise needed to run a browser engine, there are only three left: Apple’s WebKit, Google’s Blink and Mozilla’s Gecko — which powers Firefox. 

Apple’s WebKit primarily runs on Apple devices, leaving Google and Mozilla as the main cross-platform browser engine developers. Even Microsoft, a company with a three trillion dollar market cap, abandoned its Trident browser engine in 2019. Today, its Edge browser is built on top of Google’s Blink engine.

<figcaption class="wp-element-caption">There are only three major browser engines left — Apple’s WebKit, Google’s Blink and Gecko from Mozilla. Apple’s WebKit mainly runs on Apple devices, making Gecko the only cross-platform challenger to Blink.</figcaption>

Remedies in the U.S. v Google search case

So how do browser engines tie into the search litigation? A key concern centers on proposed contractual remedies put forward by the DOJ that could harm the ability of independent browsers to fund their operations. Such remedies risk inadvertently harming browser and browser engine competition without meaningfully advancing search engine competition. 

Firefox and other independent browsers represent a small proportion of U.S. search queries, but they play an outsized role in providing consumers with meaningful choices and protecting user privacy. These browsers are not just alternatives — they are critical champions of consumer interests and technological innovation.

Rather than a world where market share is moved from one trillion dollar tech company to another, we would like to see actions which will truly improve competition — and not sacrifice people’s privacy to achieve it. True change requires addressing the barriers to competition and facilitating a marketplace that promotes competition, innovation and consumer choice — in search engines, browsers, browser engines and beyond. 

We urge the court to consider remedies that achieve its goals without harming independent browsers, browser engines and ultimately without harming the web.

We’ll be sharing updates as this matter proceeds.

The post Proposed contractual remedies in United States v. Google threaten vital role of independent browsers appeared first on The Mozilla Blog.

The Mozilla BlogHow to get started on open-source development

Stylized illustration of colorful code lines in red, orange, and white on a purple background, representing programming and software development.

Open-source technology isn’t just about building software — it’s about creating solutions collaboratively, making them freely available for anyone to use and adapt. This approach lowers barriers of access and allows solutions to be tailored to varying nuanced contexts rather than applying a copy-paste approach. 

I come from a family with a heavy engineering background. Both my parents are engineers, so I always knew I wanted to pursue an engineering-related career. My dad sparked my interest in tech when he let me tinker on his work laptop at a young age. That early exposure fueled my curiosity, leading me to study computer science at Strathmore University in Kenya.

After graduating, I joined Nairobi’s iHub — the city’s first innovation hub. That’s where I met the founders of Ushahidi and began volunteering with their organization. This was my introduction to open source, and it showed me how powerful community-driven projects can be.

If you’re curious about how to get started in open-source development, here’s what I’ve learned along the way.

What is open source, and why does it matter?

Open-source technology is especially powerful for creating inclusive solutions because it allows people to adapt them to specific needs. By making it freely available, it ensures that anyone can benefit, regardless of their circumstances. This adaptability ensures that the technology can be inclusive and relevant to different cultural, economic and social settings.

One major criticism of AI systems today is the lack of visibility into how they are built and the underlying data they are trained on, especially because AI systems perpetuate biases against disenfranchised communities. Building AI tools in open-source environments fosters trust and collaborative improvement. This ensures that the tools are transparent, accessible and relevant, reducing the risk of further alienating people and communities that have historically been left out. As I see it, this practice fosters innovation by making it possible to design tools that serve everyone better.

Finding the right project

Be open to exploration. Join community channels, observe discussions and read user feedback. Don’t be afraid to ask questions — curiosity is welcomed in open-source communities. Even small contributions like fixing minor bugs or improving documentation are highly valued and can build your confidence to take on more complex tasks.

To find projects aligned with your values, immerse yourself in the right spaces. It starts with attending physical or virtual meetings focused on ethical AI, data equity or humanitarian tech. Events like All Things Open, FOSS4G and the Creative Commons Summit are excellent starting points. I also recommend following organizations like Mozilla, Datakind and Ushahidi that focus on these issues. Engaging in these communities will help you identify opportunities that align with your values and skills.

The role of community in open source

There’s no open source without community. Collaboration, inclusivity and shared ownership are essential to every successful project. For example, Ushahidi’s global community of users and contributors has driven innovations that benefit people in more than 160 countries. One of our core features, the custom forms functionality, was built by a community member and integrated into the main platform for others to use.

People are more likely to stay engaged when they feel part of something larger than a technical endeavor — when they know their work is helping to create tangible, positive change. It’s this sense of connection and shared responsibility that makes open source so powerful. To make communities more inclusive, we must actively welcome diverse voices, use inclusive language and create mentorship opportunities for underrepresented contributors.

A woman with braided hair and gold Africa-shaped earrings smiles while leaning on a balcony, with columns and greenery in the background.<figcaption class="wp-element-caption">Angela Lungati is a technologist, community builder and executive director of Ushahidi, a global nonprofit that helps communities share information to drive change.</figcaption>

Learning by doing

Open-source communities are fantastic environments for learning. In these spaces, you don’t just read about issues like AI bias or data equity — you actively work on them. Contributing to projects allows you to experiment with code, test ideas and get feedback from people with different perspectives and skill sets. This hands-on experience deepens your understanding of how technology impacts various communities and helps you develop solutions that are equitable and inclusive.

Final advice

Don’t overthink it. Start with small contributions, ask questions and immerse yourself in the community. Open source is about collaboration and persistence. The more you engage, the more you’ll learn, and over time, your contributions will grow in impact. Open source is a chance to make a real difference — to shape tools that reflect the needs and values of people everywhere. 


Angela Lungati is a technologist, community builder and executive director of Ushahidi, a global nonprofit that helps communities share information to drive change. She also serves on the boards of Creative Commons and Humanitarian OpenStreetMap Team. Angela cofounded AkiraChix and champions using technology to empower marginalized groups. A Rise25 honoree, she recently delivered the keynote at MozFest House Zambia. She also shared her views on inclusive AI in an op-ed for Context by the Thomson Reuters Foundation. You can read it here

The post How to get started on open-source development appeared first on The Mozilla Blog.

The Mozilla BlogMozilla partners with Ecosia for a better web

Illustration of overlapping browser windows with Ecosia's logo, a tree graphic, Firefox's logo, and the text "Together for a better web," alongside a search bar with a green cursor.

Your tech choices matter more than ever. That’s why at Mozilla, we believe in empowering users to make informed decisions that align with their values. In that spirit, we’re excited to announce we’re growing our partnership with Ecosia, a search engine that prioritizes sustainability, and social impact. After Germany, we are now offering the option to choose the climate-first search engine in Austria, Belgium, Italy, the Netherlands, Spain, Sweden and Switzerland.

Did you know you could choose the search engine of your choice right from your Firefox URL bar? Whether you prioritize privacy, climate protection, or simply want a search experience tailored to your preferences, we’ve got you covered.

Ecosia goes beyond data protection by addressing environmental concerns. Every search made through the search engine contributes to tree-planting projects worldwide, helping to combat deforestation and regenerate the planet. Ecosia planted over 215 million trees, across the planet biodiversity hotspots, making a tangible difference in the fight against climate change. Just like Mozilla, they are committed to creating a better internet, and world, for everyone.

Together, Mozilla, Firefox and Ecosia are contributing to a web that is more open and inclusive, but above all — one where you can make an informed choice about what tech you use and why. Your tech choices make a difference.

As Firefox and Mozilla continue to champion user empowerment and innovation, we invite you to join us in shaping a web that makes the world better. Together, let’s make a positive impact — one search at a time.

Get Firefox

Get the browser that protects what’s important

The post Mozilla partners with Ecosia for a better web appeared first on The Mozilla Blog.

About:CommunityContributor spotlight – Mayank Bansal

In the open source world, there’s a saying that “given enough eyeballs, all bugs are shallow.” At Bugzilla, we’ve taken this principle to heart with our belief that “bugs are cheap” — a philosophy that transforms challenges into opportunities for collaborative problem-solving.

In this post, you will learn more about Mayank Bansal, whose journey embodies the true spirit of open source collaboration. For over a decade, Mayank has contributed across multiple aspects of Firefox development, including web performance. With his experience, he’s known for his exceptional skill in identifying the culprit of performance regression, and has even outpaced our automated alerting system! He’s also been recently appointed as the first official Community Performance Sheriff. Read on to uncover his insider tips and best practices for meaningful open source contributions.

Q: You’ve been a part of the Mozilla community since 2012. What initially inspired you to start contributing?

I have always been interested in software performance. I started using Firefox in 2009. Sometime in 2010-2011, Firefox announced it was working on graphics hardware acceleration, which was a novel technique then. That really piqued my interest. A developer who worked on the graphics backend for Firefox wrote a blog about the progress. I tested the Firefox beta builds on some graphic intensive websites and posted my findings on their blog. The developer responded to my comments and then filed a bug on Bugzilla to track it.

That was the moment when I realized that Mozilla is not your average faceless technology company. It had real developers, fixing real issues faced by real users.

I created my Bugzilla ID and commented on the bug the dev had filed. The devs responded there and fixed the bug. I could immediately test and perceive the improvement on the previously problematic webpage.

That was the positive feedback loop that got me hooked – I file performance bugs, the devs fix it (and thank me for filing the bug!)

Q: You’ve contributed across so many components: from JavaScript and Graphics to WebGPU and the DOM. How do you manage to stay on top of such a wide range of areas?

There are a few things I do:

  1. I go through all the bugs filed in the last 24 hours in the Core component, which gives me a sense of issues reported by other Firefox users, and bugs filed by the Mozilla devs to track work on either a new feature or performance improvement.
  2. I read through the bug review comments, which gives me an idea if a particular patch is expected to improve performance.
  3. I go through the try pushes from the developers, which gives me an idea of upcoming patches and changes.
  4. I have joined some of the chat rooms on Matrix that Mozilla developers use as team chats. These are generally open to the public (for responsible participation).

A good place to start would be to start cc’ing yourself to large meta bugs (which are like placeholders for other bugs). As new bugs get filed, they will get associated with the meta bug, and you will get an email notification. And then you can go through the new bug and follow that too.

Q: How do you approach bug triaging, and what are some of the challenges you face?

From the description of the bug by the reporter, I try to guess the component where it would sit (DOM, Style, Graphics, JS, etc.). Then I see if I can reproduce that bug. If I can, I will immediately perform a bisection using the wonderful mozregression tool. If I cannot reproduce it, I try to put it in the right component and cc a developer who works in that component.  All bugs get triaged as part of Mozilla’s regular process. But cc’ing a developer does cut short some of the lag associated with any process.

I have also been testing the fuzzing bugs created by Mozilla’s fuzzing team. Wherever I can reproduce a crash from the fuzzing testcase, I will perform a bisection and inform the developer. Again, all fuzz bugs get auto-bisected and triaged. But doing it manually cuts some of the time lag.

I also regularly test old bugs and close them if the original issue is fixed now. It feels right to close an old bug and declutter Bugzilla.

Challenges I face are when the details in the bug are not sufficient to reproduce, or when the issue is platform/setting specific, or when the testcase is private and the reporter cannot share. I will ask the reporter for extra information that will help the developers, and most of the time the reporters respond back!

Q: You’ve been known to find the culprit of performance regressions faster than the automated alerting system. What strategies do you use to efficiently track down regressions?

I use AWFY to track performance of Firefox on important metrics and benchmarks. This is a real-time dashboard maintained by the Perf-sheriffing team. As soon as a regression lands, the numbers change on the dashboard. The automated alert system needs minimum 12 datapoints before an alert is generated, which may take a few hours. In this interval, I identify the regression visually, zero-in on the potential range of bugs that could have caused the regression, and then based on my understanding identify a bug that caused the regression. I can then confirm my suspicion by triggering a build with only that bug and run the benchmark that regressed.

Note that the “bisect-build-run benchmark-create graph-generate perf alert” process is fully automated. I only need to press the right buttons, which makes my life very easy!

Q: With over a decade of contributions, how do you see Mozilla’s tools and technologies evolving, and what role do you hope to play in that future?

Tooling continues to evolve in Mozilla. For example, when I started, there wasn’t much source-code analysis. Now, multiple linters are run on each commit to the main repository. Mozilla as a company puts users at the forefront – and those users also include its internal development teams! There is a continuous push to improve tooling to make the developers more efficient and spend less time in mundane activities. The tooling around performance/regression monitoring, Crash Reporting, Telemetry, Build, Fuzzing is ever evolving. In the last few years, tooling around the use of machine learning has also increased.

I see my role as complementary to tools – filling gaps where the system cannot easily make a judgement, or connecting seemingly different bugs with little context.

Q: Through your testing, you’ve discovered bugs on the web where Firefox underperforms compared to other browsers. Can you share how you approach this type of testing?

I follow all the graphics related bugs. As soon as something lands in Nightly, I immediately start stress-testing websites. I also go to sites like Codepen.io and test literally hundreds of relevant demos.  Check out some of the bugs I filed for WebGPU and Canvas. With graphics, the issues usually are mis-rendering or crashes.

With Javascript, the issues I found tend to be where we are slower than other browsers, or where the javascript engine (SpiderMonkey) has some hidden quadratic behaviour. Crashes in Javascript are mostly from fuzzing testcases.

I also modify existing testcases or Codepen demos to make them intentionally unrealistic for the browser to process and then report issues. Kudos to the Mozilla devs who try to fix as much as they can and are always happy to analyse my testcases.

In general, if anything feels slow, file a bug. If any website looks weird, file a bug. The tenet in Bugzilla is “Bugs are cheap”.

Q: What advice would you give to new contributors who want to dive in?

Start with following bugs, reading Planet Mozilla, using Firefox Nightly, and installing the Firefox Profiler. Profiler is like an X-ray – you immediately get insight into what is slow in Firefox and where exactly. I spend a lot of time profiling webpages, demos, testcases. I profile anything and everything I find.

Q: What keeps you motivated to continue to contribute to Mozilla?

Couple of motivators:  The openness and transparency of development, extremely responsive and friendly developers, feeling of contributing to a piece of software that I use day in and out, belief that Mozilla is important to the openness and democratization of the Web, and finally that my bugs get analysed and fixed.

Q: Outside of your work on Mozilla, what do you enjoy doing in your free time?

Outside of Mozilla, I work within the Investment Banking industry as a transformation consultant in areas like risk, regulatory reporting, and capital markets.

In my free time, I like to read, cook, watch Netflix, and go on long drives with my friends and family.


Interested in contributing to performance tools like Mayank? Check out our wiki to learn more.

The Rust Programming Language BlogNovember project goals update

The Rust project is currently working towards a slate of 26 project goals, with 3 of them designed as Flagship Goals. This post provides selected updates on our progress towards these goals (or, in some cases, lack thereof). The full details for any particular goal are available in its associated tracking issue on the rust-project-goals repository.

Flagship goals

Async closure stabilization has been approved, though the stabilization has not yet landed! The lang team ultimately opted to stabilize the trait name AsyncFn rather than the keyword-based async Fn syntax that was originally proposed. This decision came after discussion on the Flavors RFC which made it clear we were not at a consensus about whether the async Trait keyword would be used more generally or not. Given that, the team felt that the AsyncFn synta was a fine "next step". If we do ultimately adopt some form of async Trait keyword syntax, then AsyncFn can become a trait alias.

Regarding return-type notation, an extension of return-type notation to cover Self::foo(..): Send landed and we landed #132047 which fixes a known ICE. Stabilization PR is now unblocked.

No major progress towards async drop reviews or team reorganization.

This month saw steady progress on our checklist. dingxiangfei2009's PR renaming derive(SmartPointer) to derive(CoercePointee) was merged and he began the work to port the RFL codebase to use the new name. Alice Ryhl opened RFC #3716 proposing a way to manage compiler flags that alter the ABI and discussion (and some implementation work) has ensued. Finally, we landed PR #119364 making target blocks in asm-goto safe by default; this was based directly on experience from RFL which showed that [safe would be more useful]. We are still working to finalize another extension to asm-goto that arose from RFL requirements, allowing const to support embedded pointers. Finally we prepared reference PR #1610 describing the change to permit Pointers to Statics in Constants that was stabilized last month.

Rust 2024 has now entered the nightly beta and is expected to stabilize as part of Rust 1.85 on 2025-02-20. It has a great many improvements that make the language more consistent and ergonomic, that further upon our relentless commitment to safety, and that will open the door to long-awaited features such as gen blocks, let chains, and the never type !. For more on the changes, see the nightly Edition Guide. The call for testing blog post contains more information and instructions on how you can try it yourself.

Goals with updates

  • min_generic_const_args now exists as a feature gate, though without any functionality, only some gated refactorings, but shouldn't be long before it has actual functionality behind it.
  • The refactoring to remove all the eval_x methods on ty::Const has been completed, making it possible to correctly implement normalization for constants.
  • Posted the October update.
  • Created more automated infrastructure to prepare the October update, making use of an LLM to summarize updates into one or two sentences for a concise table.
  • Support for cargo manifest linting is now merged, making it possible to catch breakage caused by manifest (Cargo.toml) changes, not just source code changes. An example of such breakage is the removal of a package feature: any crates that enabled the removed feature will no longer build.
  • Partial schema design and implementation of type information in lints, enabling the creation of breaking-change lints and improving diagnostic quality for a subset of type-related breaking changes.
  • Resolved multi-team questions that were blocking cross-crate checking, with the compiler team MCP merged and rustdoc improvements discussed and agreed upon.
  • The way const traits are desugared was completely restructured, making the design easier to understand and more robust against current unit tests.
  • Significant development and cleanup for the feature has been done, with several pull requests merged and two still open, bringing the feature closer to being able to dogfood on the standard library and closer to stabilization.
  • @joshtriplett opened https://github.com/rust-lang/rfcs/pull/3680. The @rust-lang/lang team has not yet truly discussed or reached a decision on that RFC.
  • @spastorino began implementation work on a prototype.
  • The sandboxed build scripts exploration is complete. We are unlikely to continue this work in next year but the research may be useful in other areas, such as the possible addition of POSIX process support to WASI or a declarative system dependency configuration in Cargo.
  • The re-design of the autodiff middle/backend was implemented, reducing the remaining LoC to be upstreamed from 2.5k to 1.1k, split into two PRs (1 and 2), which received initial feedback and are expected to land in early December.
  • The preprint of the first paper utilizing std::autodiff is available on Arxiv, with code available at ChemAI-Lab/molpipx, showcasing significantly faster compilation times in Rust compared to JAX.
  • The core data structures of PubGrub have been published as a separate version-ranges crate, enabling multiple projects to share this core abstraction and benefit from improvements without waiting for the rest of the project.
  • This is one of many steps required to publish a new 0.3.0 version of the PubGrub crate.
  • Rustdoc will now show type signatures in the search results page, and the boxing transform behaves more like Hoogle's does.
  • Improvements to matching behavior have been made to fit user expectations.
  • We stabilized -Znext-solver=coherence again in https://github.com/rust-lang/rust/pull/130654. It's looking like the stabilization will actually go through this time.
  • We're currently refactoring the way the current "typing mode" is tracked, working to fix trait-system-refactoring#106. An FCP was started to clean up the way we merge candidates when proving trait goals.
  • rust-lang/rust#125116 has been merged, marking half of the goal as formally completed.
  • Discussions on using cargo cache on CI are beginning to take form.
  • rust-lang/rust#125116 may be contested in results. The impact may not be as large as expected, even on Clippy.
  • We've been experimenting with Clippy using rustc_driver as a static library, instead of dynamic linking. This would be us both a way to check the performance impact of rustc_driver as a shared library, and a way to profile Clippy without filtering between dl_* calls.
  • The never patterns RFC was posted.
  • Feedback on the RFC suggests that the question of "which arms can be omitted" isn't as orthogonal as hoped, so the focus will switch to that.
  • The PR https://github.com/rust-lang/crates.io/pull/9423 has been merged.
  • Work is ongoing on the frontend feature.
  • Amanda's EuroRust talk on polonius from last month is also now available on YouTube.
  • Implementation work continues, mostly on a branch. Major developments include a new debugger which has accelerated progress. There are about 70 test failures left to be analyzed.
  • rust-lang/cargo#14670 and rust-lang/cargo#14749 have been posted and merged.
  • rust-lang/cargo#14792 has been posted.
  • Still in the process of determining the cause of the deadlock through local testing and compiler code analysis.
  • Help wanted: Try to reproduce deadlocks described in the issue list.
  • We decided to close this goal as we have not been making steady progress. We are evaluating what to propose the 2025h1 round of goals.

Goals without updates

The following goals have not received updates in the last month:

Cameron KaiserCHRP removal shouldn't affect Linux Power Macs

A recent patch removed support for the PowerPC Common Hardware Reference Platform from the Linux kernel. [UPDATE: Looks like this has been retracted.] However, Power Macs, even New World systems, were never "pure" CHRP, and there were very few true CHRP systems ever made (Amiga users may encounter the Pegasos and Pegasos II, but few others existed, even from IBM). While Mac OS 8 had some support for CHRP, New World Macs are a combination of CHRP and PReP (the earlier standard), and the patch specifically states that it should not regress Apple hardware. That said, if you're not running MacOS or Mac OS X, you may be better served by one of the BSDs — I always recommend NetBSD, my personal preference — or maybe even think about MorphOS, if you're willing to buy a license and have supported hardware.

Frederik BraunHome assistant can not be secured for internet access

The Goal: Smart Heating Control

Home automation is a cool toy but also allows my house hold to be more energy efficient: My aim was to configure my home's heating to switch off when my family is away and turn back on when we return. This is achieved with home …

Don Martiweb development (and related) links

When IBM Built a War Room for Executives Engelbart’s Mother of All Demos showed how advanced computing could create a shared, collaborative environment of allied individuals, all direct users of the same system, befitting of a laboratory of computer enthusiasts in Menlo Park, Calif. Dunlop’s Executive Terminal demo showed how many of these same advanced technologies could be directed along another path, that of a strictly hierarchical organization, highly attuned to rank and defined roles and specialties. (Related: What Was The ‘Dowding System’?, CIC [Combat Information Center] Yesterday and Today. A lot of people in decision-making roles in 1960s corporations were WWII veterans.)

“Rules” that terminal programs follow Programs behave surprisingly consistently.

Pluralistic: Tech’s benevolent-dictator-for-life to authoritarian pipeline (10 Dec 2024) [I]f progressives in your circle never bothered you about your commercial affairs, perhaps that’s because those affairs didn’t matter when you were grinding out code in your hacker house, but they matter a lot now that you have millions of users and thousands of employees. (There is also a long established connection between the direct mail/database/surveillance marketing business and cultural conservative politics—the more that the tech industry focuses on surveillance advertising, the more that the political decisions of tech employers feel unfamiliar and adversarial to employees whose assumptions weren’t shaped by the culture of direct marketing/right-wing organiations.

Nodriver: A Game-Changer in Web Automation Despite the existence of multiple plugins like puppeteer-stealth, rebrowser, real-browser and many more, they have been quite detectable by WAFs like Cloudflare, Imperva, and Datadome….Nodriver takes a different approach by getting in at the framework level itself. By minimizing the affected footprint and communicating directly over the Chrome Devtool Protocol itself, Nodriver leaves very little marks of its presence, if any at all. A side effect of this is that Nodriver is also one of the fastest scraping frameworks available. (The scraper bot will always get through?)

One Tiny Mod Makes A Cheap Mic Sound A Lot Like A Neumann - Aftermath A tiny, easy to solder mod discovered on forums makes the AKG Perception sound much closer to the legendary Neumann U 87.

“Modern Work Fucking Sucks.” Your company doesn’t just use one app; it uses all of them. Slack for chatting, Zoom for meetings, Notion for brainstorming, Trello for project tracking, Asana for workflows, and Jira for… something vaguely technical that no one fully understands. The end result isn’t streamlined productivity, it’s a Byzantine ecosystem of software where every app exists to talk to every other app while you stand in the middle, trying to make sense of the chaos. (Adam Smith would facepalm. Specialization of labor is a thing, especially for administrative and organizational tasks. Remember the ideal software development team in The Mythical Man-Month had two secretaries and a program clerk? I guess the good news here is that Simple Sabotage for the 21st Century is almost undetectable in the presence of normal IT friction.)

Consumer Solar Surge: Pakistan Shows you Don’t Need Government Programs to Green the Grid While no one was looking, the Pakistani public took matters into their own hands, adding 17 gigawatts of solar power this year. These installations are mostly in the form of Chinese panels for rooftop or ground level solar in towns and villages. (Yes, the grid power generally goes off when it’s sunny, and yes, there are a lot of people who are good at electrical work and in importing stuff from China.)

Whither CockroachDB? and RFD 508: what happends when an open-source dependency changes license?

Kill Oracle’s ‘JavaScript’ trademark, Deno asks USPTO (If this works, then what happens to twitter and tweet?)

What To Use Instead of PGP This section contains specific tools to solve the same problems that PGP tries to solve, but better.

Smarter than ‘Ctrl+F’: Linking Directly to Web Page Content Text fragments are a powerful feature of the modern web platform that allows for precise linking to specific text within a web page without the need to add an anchor! (Related: Text fragments on MDN)

PAAPI Could Be As Effective For Retargeting As Third-Parties Cookies, Study Finds (The headline doesn’t include the interesting math here. In-browser ad auctions are 81.8% as effective as old-fashioned cookie tracking in conversions per dollar, but 49.8% as effective in conversions per ad. So if you multiply it out with the units and cancel conversions, dollars per ad comes out to 61.8% which is only a little above where you get with no tracking at all, and the real-world privacy risks and computing resource costs are higher. Stop putting advertising features in web browsers) Related: The Kids Aren’t Playing In The Privacy Sandbox | AdExchanger

Mozilla Addons BlogDeveloper Spotlight: Adaptive Tab Bar Color

A few years ago software developer Yixin Wang (aka Eason) decided he wanted to “de-Google” his digital life. After switching from Chrome to Firefox, Eason created macOS Monterey Safari Dark theme to mimic the look of Safari while experimenting with themes.

“During this process,” Eason explains, “I discovered that Firefox’s theme colors can be changed programmatically. That’s when it struck me — I could make Firefox dynamically adapt its theme color based on the web page it’s displaying, imitating Safari’s tab bar tinting behavior.”

This revelation led Eason to develop Adaptive Tab Bar Color, an extension that dynamically changes the color of Firefox’s tab bar to match the look of any website.

Upcoming v2.2 will feature a revamped Options page with modern HTML and CSS for a cleaner design. Users will also gain the ability to set a minimum contrast ratio for better UI readability.

While the concept may be simple, Adaptive Tab Bar Color’s development presented unique challenges. Eason understands that users expect his extension to seamlessly integrate colors of any web page they visit, but there are often unforeseeable edge cases. “What happens if a user always prefers dark mode, but the page has a bright color palette?” Eason wonders. “Or if a web page specifies a theme color that’s purely branding related and unrelated to content? What about pages with transparent backgrounds? Balancing these nuances to ensure a consistent and visually appealing experience has been both challenging and rewarding.”

Creating a cool extension like Adaptive Tab Bar Color can lead to unexpected benefits. After Eason put it on his resume, job recruiters came calling. This led to “… an incredible opportunity to write my Bachelor thesis at a company I’d always dreamed of working for. I’m so grateful for the support and enthusiasm of the Firefox community — it’s been an amazing journey.”


Do you have an intriguing extension development story? Do tell! Maybe your story should appear on this blog. Contact us at amo-featured [at] mozilla [dot] org and let us know a bit about your extension development journey.

The post Developer Spotlight: Adaptive Tab Bar Color appeared first on Mozilla Add-ons Community Blog.

Firefox Developer ExperienceFirefox DevTools Newsletter — 133

I’m writing those lines in a high speed train to Paris, where the French Mozilla employees are gathering today to celebrate the end of the year. As always, I’m a bit late writing this post (Firefox 133 was released a couple weeks ago already). Since this is my last day before going on holiday, I hope you’ll be fine with a bullets points list of the notable things that happened in this version.

Firefox being an open source project, we are grateful to get contributions from people outside of Mozilla, like Abhijeet Chawla who’s helping us getting rid of deprecated React lifecycle methods (#1810429, #1810480, #1810482, #1810483, #1810485, #1810486). They also migrated some of our docs ASCII diagrams to MermaidJS so they’re easier to maintain (#1855165, #1855168)

Want to help? DevTools are written in HTML, CSS and JS so any web developer can contribute! Read how to setup the work environment and check the list of mentored issues


  • We improved opening files in the Debugger way faster (up to 60% on very large files!), by delaying some computation we were doing to retrieve information on the script (#1919570). Those computation are now done only when the Debugger pauses, so you only pay the performance cost if it would be useful for you
  • Still on the performance side, console API calls are now 5% faster thanks to some refactoring (#1921175)
  • If you wanted to debug or see console messages of WebExtension content scripts, you had to go to the Settings panel and toggle the “Enable browser chrome and add-on debugging toolboxes” checkbox. This was a bit cryptic, so we exposed a new “Show content script” setting right in the Debugger Sources panel for easier access (#1698068)
  • Since we’re talking about the Debugger, we improved accessibility by making the Breakpoints panel fully functional using only the keyboard (#1870062)
  • We fixed an issue that could make the Debugger unusable (#1921571)
  • Some of the work we did in the inspector introduced a regression which could prevent to edit an element tag when double clicking on it (#1925913)

And that’s it for this month, and this year. Thank you for reading those updates and using our tools, see you in the beginning of 2025 for a new round of updates 🙂


Full list of fixed bugs in DevTools for the Firefox 133 release:

The Mozilla BlogMozilla Builders: Celebrating community-driven innovation in AI

This year, we celebrated a major milestone: the first Mozilla Builders demo day! More than just a tech event, it was a celebration of creativity, community and bold thinking. With nearly 200 applicants from more than 40 countries, 14 projects were selected for the Builders accelerator, showcasing the diversity and talent shaping the future of AI. Their presentations at demo day demonstrated their innovative visions and impactful ideas. The projects on display weren’t just about what’s next in AI; they showed us what’s possible when people come together to create technology that truly works for everyone – inclusive, responsible and built with trust at its core.

Mozilla’s approach to innovation has always focused on giving people more agency in navigating the digital world. From standing up to tech monopolies to empowering developers and everyday users, to building in public, learning through collaboration, and iterating in community, we’ve consistently prioritized openness, user choice, and community. Now, as we navigate a new era of technological disruption, we aim to bring those same values to AI.

Mozilla Builders is all about supporting the next wave of AI pioneers – creators building tools that anyone can use to shape AI in ways we can all trust. This year’s accelerator theme was local AI: technology that runs directly on devices like phones or computers, empowering users with transparent systems they control. These specialized models and applications preserve privacy, reduce costs and inspire creative solutions.

As we reflect on this year and look to the future, we’re inspired by what these creators are building and the values they bring to their work.

Real-world AI solutions that help everyday people

AI doesn’t have to be abstract or overwhelming. The projects we’re supporting through Mozilla Builders prove that AI can make life better for all of us in practical and tangible ways. Take Pleias, Ersilia and Sartify, for example.

Pleias, with its latest research assistant Scholastic AI, is making waves with its commitment to open data in France. This mission-driven approach not only aligns with Mozilla’s values but also highlights the global impact of responsible AI. At demo day, Pleias announced the release of Pleias 1.0, a groundbreaking suite of models trained entirely on open data — including Pleias-3b, Pleias-1b and Pleias-350m — built on a 2 trillion-token dataset, Common Corpus. Ersilia is another standout, bringing AI models and tools for early state drug discovery to scientific communities studying infectious diseases in the Global South. Sartify has demonstrated the critical importance of compute access for innovators in the Global Majority with PAWA, its Swahili-language assistant built on its own Swahili-langugage models. 

These projects show what it looks like when AI is built to help people. And that’s what we’re all about at Mozilla – creating technology that empowers.

Empowering developers to build tools that inspire and innovate 

AI isn’t just for end-users – it’s for the people building our tech, too. That’s why we’re excited about proje