What happened with uBlock Origin and Pie Adblock?

The founders behind Honey launched Pie Adblock, copying substantial GPL-licensed code from uBlock Origin without attribution or GPL compliance. The HN community called it out with 1057 points of discussion.

What is the GPL license and what does it require?

The GPL (GNU General Public License) requires anyone distributing a derivative work to release their source code under the same GPL terms. Distributing a closed commercial product using GPL code without releasing source is a violation.

Why is it hard to enforce GPL against commercial extension developers?

Copyright litigation is expensive and time-consuming. The Chrome Web Store has no GPL compliance mechanism. By the time a developer files a DMCA takedown, the infringing extension may have millions of users.

Is there any organization that helps open-source developers enforce GPL?

The Software Freedom Conservancy (SFC) enforces GPL on behalf of maintainers but is resource-constrained and handles cases selectively. No automated tool exists for detecting extension code clones.

How can someone detect if their extension code was copied?

Currently manual only: search the Chrome Web Store for similar extensions and compare source code. No automated scanner for GPL violation detection in the extension ecosystem exists.

What would a GPL protection tool for extension developers look like?

A service that regularly crawls Chrome/Firefox extension stores, extracts JS (handling obfuscation), compares against registered open-source codebases, and flags probable GPL violations with a DMCA template.

← Back to dashboard

clawsmith.com/signal/open-source-extension-developers-gpl-code-stolen-no-recourse

⚠ IssueWide OpenLive

Commercial browser extensions freely copy GPL-licensed open-source extension code with no meaningful recourse for developers

The team behind Honey (PayPal) launched Pie Adblock by copying uBlock Origin's GPL code without attribution. The HN thread (1057 pts) shows deep developer frustration: copyright enforcement against well-funded companies is prohibitively expensive for independent extension developers. The Chrome Web Store has no GPL compliance mechanism, making it a safe harbor for code theft from open-source extension maintainers.

Product Idea from this Signal

A browser extension that scans published Chrome and Firefox store extensions for stolen GPL source code

1.5k ▲

Open-source browser extension authors have no practical way to detect when commercial publishers copy their GPL-licensed code verbatim into store-listed extensions. Existing license-compliance tools (FOSSA, Black Duck, Snyk) operate in CI/CD pipelines and require the scanner to have access to private repos — they do not crawl public extension stores or compare published extension bundles against known open-source codebases. This tool automates the discovery pipeline: crawl store listings, unpack extension bundles, fingerprint code, and alert original authors when a statistically significant match against their GPL repo is found.

open-sourcelicense-enforcementbrowser-extensiondeveloper-toolsIP-protectionGPL

Competitive218 leadsView Opportunity →

Score Breakdown

1,501

Social Proof 1 sources

uBlock Origin GPL code being stolen by team behind Honey browser extension

1/2/2025

1,501

Gap Assessment

Wide OpenNo dedicated solution exists

No tool or service helps open-source extension developers detect GPL violations, generate DMCA notices, or track code clones. Software Freedom Conservancy handles some cases but at massive cost and delay.

Frequently Asked Questions

Virality Score

1,501

across 0 platforms

Details

Signalissue

Ecosystem—

Sources1

Platforms0

Updated2h ago

Trend→ stable

Top ideas

All ideas →

0A CLI tool that wraps stateful MCP servers and externalizes their session state so they run behind standard round-robin load balancers without sticky routing 0A CLI tool that tails and greps logs across multiple remote hosts in a single TUI without centralized infrastructure 0A browser extension that removes Gemini and all Google AI injections from Chrome across Search, Gmail, Docs, and Drive in one toggle