Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appears as official Mullvad Browser flatpak but is actually unofficial (impersonating) #16

Closed
adrelanos opened this issue Jul 31, 2023 · 3 comments
Closed

appears as official Mullvad Browser flatpak but is actually unofficial (impersonating) #16

adrelanos opened this issue Jul 31, 2023 · 3 comments

Comments

@adrelanos
Copy link

There is no way on https://flathub.org/apps/net.mullvad.MullvadBrowser for a user to recognize that it's unofficial.

Quote https://flathub.org/apps/net.mullvad.MullvadBrowser

Mullvad Browser
by Mullvad

But is actually unofficial.

Quote @ruihildt mullvad/mullvad-browser#6

FYI this is not an official release and we haven't verified it. We are currently considering how to best handle this.

Basic ethics demands not to impersonate people, companies such as about the origin of software.

Note: This is my personal opinion and I am not affiliated to Mullvad.

https://flathub.org/apps/net.mullvad.MullvadBrowser

https://flathub.org/apps/ net . mullvad . MullvadBrowser

Is the net part (as opposed to others using org) supposed to imply it's unofficial? If it was org, that would be mean it's official?

Doesn't mullvad imply it's by the mullvad company?

https://flathub.org/apps/net.SomeIndividualOrCompanyName.MullvadBrowser would be better.

This matters as there might even be adware / malware being injected as this comment implies.

Quote @tinypinkdragons mullvad/mullvad-browser#6 (comment):

As soon as I open the flatpak, my Pi-hole registers a connection attempt to 'aax-us-pdx.amazon-adsystem.com', which the Windows version doesn't do. After some investigation, I came here and saw it wasn't official. Now uninstalled. Any news on an official release, or will you not be publishing to Flathub?
@adrelanos adrelanos mentioned this issue Jul 31, 2023
Open
@ruihildt
Copy link
Contributor

See my comment here: mullvad/mullvad-browser#6 (comment)

Related PR: #17

@Erick555
Copy link

Doesn't mullvad imply it's by the mullvad company?

It implies that mullvad company wrote the app code. I agree this is source of endless confusion since people may assume that same entity who wrote the code also published it on flathub which sometimes is true but in this case it's not.

Note that this flatpak use verbatim copy of binaries uploaded by mullvad, there isn't even a compilation process involved. I don't think publishing 1:1 copy under different name is something legit.

This matters as there might even be adware / malware being injected as this comment implies.

This is extremely bold claim based merely on someone else question. I recommend not starting discussion like that.

DISCLAIMER: I'm personally against 3rd party flatpak publishing but it's considered normal on flathub and we could have same discussion for about 1000 other apps here.

@proletarius101
Copy link
Collaborator

Closed by #17

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@adrelanos @ruihildt @Erick555 @proletarius101