Thegreatsuspender: MALWARE: How could we take action

Uninstall and report extension

First off, please say something like "MALWARE" in the title, so we can hopefully get people to actually see these reports and stop making new feature requests.

Second off, dean did reply earlier, here, and I'll email him again to see if he's changed his mind about 'legitimate analytics gathering'

While it was still up in the air back in October, in my opinion there is now definitive evidence that the new maintainer has malicious intentions based on https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-754953405.

The association with past malicious extensions could be unfortunate (although that’s unlikely). But that domain they added is 100% masquerading as OWA on purpose. The script’s content almost exactly matches that of OWA v1.6.2, while the headers don’t match OWA at all, nor does the log.php tracking request.

First off, please say something like "MALWARE" in the title, so we can hopefully get people to actually see these reports and stop making new feature requests.

Second off, dean did reply earlier, here, and I'll email him again to see if he's changed his mind about 'legitimate analytics gathering'

Keep us posted.

Some steps that could be considered:

• [x] Report extension as malware in the Chrome Store
• [x] Write an honest review in the Chrome Store.
• [x] Fork this project ¹
• [ ] Upload a new extension to the store, called "The Great Suspender (no malware)" or something :-)
• [ ] Set up a Patreon or LibrePay so the new maintainer will receive some support, and feel less inclined to sell it

Edit: wylie39 already made a fork and added manual installation instructions (but could not get it published to the web store): https://github.com/greatsuspender/thegreatsuspender/issues/1175#issuecomment-731804000

Edit: It looks like a fork might need full rebranding and some unique features, before the Chrome Store will accept it.

Thanks to TheMageKing for raising awareness, and to deanoemcke for this great extension (although not so much for the handover).

This is becoming a common security concern in tech. For example, the event-stream incident.

There are some musings about funding OSS projects here: https://feross.org/funding-experiment-recap/

1: Although I'd recommend not forking on GitHub, because that will add credibility to the compromised repo. Just create a new repo, and link back in the README.

Edit: Chrome extension manifest v3 (MV3) will prevent execution of remote code by default, which is good news.

"The Great Suspender (no malware)"

I tried a similar naming approach as the community maintainer of the Google Tasks extension a few years back. It was initially accepted for about two months, and then pulled down by Google. It took me years of emailing with Google to get it restored.

Anyway I've launched a Kickstarter to fund development of a TGS replacement, feel free to contribute if you're interested.

https://www.kickstarter.com/projects/nfultz/zasnut-put-your-tabs-to-sleep

These devs selling "open source" products to anonymous parties need to be held to account. The fact that Oemcke still lists TGS on his homepage with no caveat, not notice about the fact that he sold out to a malware pusher is shocking. Similarly, Hu (original Nano dev) makes no mention of this on his homepage (although he does, at least, participate in a lengthy discussion on github).

These are not unsophisticated people. They took the money and ran, and they had no reason to believe that the new "devs" would properly maintain the product. Hu admits he had no reason to believe they even had experience in the subject.

They need to be ostracized and properly labelled as willing participants in ID theft.

Hey all, @TheMageKing @thibaudcolas

I got an answer for my complaint to GitHub :
````
Thanks for contacting us. If you believe any of the repository files are malicious, please let us know the URLs and we'll be happy to investigate.

Cheers,
GitHub Trust & Safety
````

What is the most factual and concise answer I can provide to them?

Hey all, @TheMageKing @thibaudcolas

I got an answer for my complaint to GitHub :

Thanks for contacting us. If you believe any of the repository files are malicious, please let us know the URLs and we'll be happy to investigate.

Cheers,
GitHub Trust & Safety

What is the most factual and concise answer I can provide to them?

Probably https://github.com/greatsuspender/thegreatsuspender/issues/1263

there is no malware (and nothing that could be even used to inject malware, except by hacking google) in the git repo, so the complaint to github is entirely pointless.

what would make sense would be attempting to reclaim the official project by "the community". but good luck with that, given that there is no-one who'd obviously deserve the honor. not to mention github's policies.

Is it possible to create a criminal investigation somewhere, so authorities could reach the owners (former and new) and find out how much data was stolen and etc?

The former owner seems to be from NZ according to his LinkedIn profile. But I think that any country that opens an investigation would have to handle international issues and ask for other countries to cooperate.