Hi Joomborg,
Thank you for your findings and I actually really mean that, since it's very important for us to get to know if any of the extensions listed in JED have any issues.
We regularly get reports from our members and we are dealing them case by case. Sometimes we feel it isn't any serious matter and doesn't really harm the users. Others we feel that the developers have to change and if it serious, then we unpublish the extension until it's solved. In rare cases, we unpublish the extensions permanently.
I want to give you some feedback about how we see it and what we have/intend to do:
1) IRCMaxell Cache :
--> it prints a string with "Powered by xxx" and "Generated in xxx seconds" at
the bottom of your html.
Despite the addons is open source and yadda yadda he asks for a 10$
donation to remove his copyright.
We feel this one isn't any issue. No hidden strings here, everything is visible. The license is GPL, the source is open source without any encryption and everyone can change the code. The developer has invested a lot of time and energy to give a contribution back to the community for free. We don't see any issue if the developer wants a donation for to spend extra time for to remove this string and in this way get back a very modest contribution for his work.
2) JamBook : hidden link "Jambook by xxx yy zz " at the bottom HTML,
he hide it using CSS and the link is tagged "H1".
This one was new for us and we can confirm that a hidden link exists. This is actually serious and the website owner can be punished from the search engines if he is unlucky. Here for example what Google write about hidden text and links:
http://www.google.com/support/webmaster ... swer=66353We feel that this hasn't been malicius placed there by the developer for to get advertisement or something. I guess it's more an unfortunate desire to see how many how actually use his work. We have contacted the developer and asked him to remove this line or make it visible and update his extension. If nothing happends, we will unpublish it. I'm quite convinced that this issue will be solved very soon.
3) AdSense Module : it randomly displays his own ads using YOUR site.
We have inspected the code and it's not really true. What it does is that if you don't enter your adsense property number, then the module will use the developers property number. But we couldn't find that it radomly should display his own ads when you have entered the adsense property number.
This is actually quite new for us, since the developer updated his modules for 2 days ago. I looked through his old modules and this behaviour wasn't there. Actually this worries me since the developer doesn't inform about this anywhere. I think the key here is to give the users information about this. We are still discussing how to deal with this issue and we are incline to write an Editors note on this particual extension for to inform our members.
4) Joomla TinyFCK (JTF) : there's no way to dowload to the addon
unless you click on one of their masked ads.
the link is obfuscated in the bottom below other adsense ads with
the same layout (against adsense TOS).
Well, the download link is there on the page with description. But personally I don't like how it's designed and our members have indeed to spend time to search for the download. If it's against TOS then I guess that Google will handle this.
Normally we prefer to handle this issues privately since it involves our relations with 3rd party developers. When we find issues that need to be addressed, then we take contact with the developer in peace and quiet and in most cases, we are able to come to an agreement with the developer to change certain things. We have generally very good contact with the 3rd party developers and we have to mutual trust eachother. It's when someone break this trust (for example unethical behaviour) we get problems. We also get a very strange situation if we publically go out and talk before we actually have talked with the affected developer.
If someone finds any issues with an extension like hidden code or any other issue that can harm the users, please report it privately to the
JED team or use the report link you can find enclosed to each extension listing.
