IPvFoo author here. The problem is that there's no way to obtain the (hostname, ip) stream from Chrome/Firefox without requesting the "all websites" permission.
In theory, browser vendors could define a narrowly-scoped permission that only reports (hostname, ip), or roll this functionality into the browser UI, but neither seems likely to happen.
I made IPvFoo to promote IPv6 adoption, and wouldn't consider selling it for less than $10M USD. It probably won't ever be worth that much because it's an easily-cloned utility without a "moat", but it's more rational to set a price than refuse to sell under any circumstances.
The danger with extension acquisitions is malicious buyers, who use their ability to run arbitrary code to steal credit card numbers or credentials, insert or replace ads, run cryptocurrency mining, etc. For malicious purposes number of installations is the important thing, not how clonable the extension is.
It makes sense that you would notice the change then :D
Was this a situation where you had to do a double-take? Like, you opened HN today and saw that your extension said IPv6 and for a split second you wondered if your extension had made a mistake? Before seeing that indeed HN has IPv6 now.
I didn't really think it was a mistake, just switched to "Morpheus is fighting Neo!" mode and started collecting evidence, most of which is in the post.
yeah, i appreciate that. my post wasn't meant as a criticism, it's a cool project and i'm happy your extension exists.
i have no reason to think you'd sell out to scammers, but stranger things have happened and for a product whose whole utility to me is "huh, that's cool" it's not worth it. and i thought that was worth highlighting to others. some chrome extension hygeine is always good.
$10M for access to a pool of 100k (and growing) tech-savy users that are harder to hack than gen-pop? You guys, the 100k+, are lucky I'm not made of money.
I appreciate the honesty, and the reality is that most add-on developers have a price; a lot of people would probably sell their add-on for $10M.
But these things auto update. If a government (or even just a moderately big org) really wants to spy on someone, and they determine that said someone uses IPvFoo, $10M isn't a very large price to pay to just get complete access to the target's web browser.
This isn't specific to your add-on in any way, but, well... that seems ripe for takeover by someone nefarious.
As a member of your country's public society at large, sure (media campaigns, propaganda, government contracts for IT equipment and infrastructure). For individual targeting.. not many people.
TY for making the extension. As someone who uses it daily, you are my saving grace and my go-to for telling when a website has enabled IPv6 or not, if it wasn't you making this post that's how I would have found out HN had enabled it too.
I get fun questions from people when I screenshare and they notice the green "6" or the red "4" and ask about it. Sure it doesn't do anything fancy behind the scenes but that's also what makes it perfect.
To determine ipv4/6, do you need to send that hostname and ip off to somewhere to get a response? or can it be done locally without leaving the machine?
It's local. The webRequest API provides an 'ip' field with each request, and the hostname can be extracted from the URL. Once you have an IP address, just check for colons.
In theory, browser vendors could define a narrowly-scoped permission that only reports (hostname, ip), or roll this functionality into the browser UI, but neither seems likely to happen.
I made IPvFoo to promote IPv6 adoption, and wouldn't consider selling it for less than $10M USD. It probably won't ever be worth that much because it's an easily-cloned utility without a "moat", but it's more rational to set a price than refuse to sell under any circumstances.