Dear members of the NVDA add-ons community,
Some of you may have heard of an add-on called Blind Extra which supposedly
allows easy access to additional software products. I'm sorry to inform you
that this add-on shall enter the Hall of Blacklisted Add-ons with no chance
of leaving that place for all eternity. Here's why:
A few days ago, I and Derek Riemer were alerted to two reports of this
add-on breaking numerous security issues. One involved renaming files to
something else without the user noticing it, and the second was remote
access where someone gained access to a user's computer and sent Skype
messages. Prior to that, some users asked Derek and I to perform a scan of
this add-on, and another user told us that this add-on does odd things,
including suspicious activity and downloading files.
In case of the remote access incident, the user who was affected by this
alerted Derek and I to this issue on a Skype group. After some exchanges
where the hacker (under the ID of the affected user) wrote messages that
were quite suspicious, we determined that it is best to blacklist this
add-on which was partly responsible for this incident.
Thus, I would like to request the community do the following:
1. Remove Blind Extra immediately.
2. Keep Blind Extra in the list of blacklisted add-ons (this makes it
the second add-on to meet this fate, with the first being Instant Translate;
in case of Instant Translate, people report that the situation has improved,
but due to volatility of the services used, it'll remain an add-on under our
careful watch).
3. Do not accept review requests from the author of Blind Extra (we
only know this person as 'Ahmed").
Also, I'd like to remind the community to be vigilant when installing
add-ons - add-ons can do amazing and powerful things, including what you
read above.
Thank you.
Cheers,
Joseph
