Gorhill pulls uBlock Origin Lite from Firefox store

Original Article ↗ Hacker News Discussion ↗

What actually happened

  • The Manifest V3-based “Lite” version of uBlock Origin was removed from Mozilla’s add-on store after a review found supposed policy violations (data collection without consent, minified/obfuscated code, missing privacy policy).
  • The extension maintainer disputed all points, showed they were false, and highlighted that the flagged file had been unchanged for years.
  • Mozilla later acknowledged the error, restored the listing, and apologized. The maintainer then voluntarily delisted Lite from the store and moved to self‑hosting.
  • The full (Manifest V2) uBlock Origin remains on the Firefox store and is unaffected.

Impact on users and importance of uBlock

  • Many commenters say uBlock Origin is the main or only reason they still use Firefox, especially on mobile.
  • Some note that Lite is less critical on Firefox desktop, since full uBlock still works there and Firefox will keep Manifest V2.
  • Others point out that Lite mattered for Firefox Android (lower resource use, fewer permissions) and for users who prefer more limited permissions.

Criticism of Mozilla’s review and signing process

  • Repeated themes:
    • Review claims that were plainly incorrect and appeared to come from automated heuristics, despite emails asserting “manual review.”
    • Extremely slow approvals, even for self-hosted or minor updates, and especially frustrating for hobby/volunteer maintainers.
    • High friction around reproducible builds, build environments, and private dependencies.
  • Multiple extension developers share similar negative experiences with AMO reviews (false flags, long delays, confusing feedback).
  • Some argue that high-profile, widely used extensions should get:
    • Faster, more careful review, possibly multiple reviewers or senior escalation.
    • Direct human contact and a dedicated liaison.
  • Others defend the need for pre‑release review and strict policies due to real supply‑chain and malware risks.

Debate over Mozilla’s direction and incentives

  • Strong criticism:
    • Mozilla is seen as over-bureaucratic, incompetent at reviews, and increasingly aligned with ad-tech (sponsored content, “privacy-preserving attribution,” acquisition of an ad company).
    • Some suspect soft pressure from Google, given Mozilla’s heavy search-deal funding and the fact adblockers threaten ad revenue.
  • Counterpoints:
    • Many attribute the incident to human error and under-resourced processes rather than malice.
    • Some see Mozilla as still the least-bad major browser vendor and emphasize that Chrome’s Manifest V3 deprecation is the bigger structural problem.

Broader themes: extensions, stores, and control

  • Concerns that mandatory signing and store gatekeeping make Firefox less “your browser” and more like locked-down mobile platforms.
  • Others welcome vetting as a safety net but say false positives and opaque bureaucracy are unacceptable, especially for cornerstone extensions.
  • Several call for:
    • Alternative add-on repositories, PPA-like models, or user-selectable trust stores.
    • More granular permissions and better sandboxes instead of blunt restrictions.