logged onto scratch expecting to hear news about scratch.love, instead i got… whatever happened with blocklive.
blocklive is a neat browser extension that lets you collaborate with other scratchers on projects in real time. i think i maybe used it once.
unfortunately, its reputation has been destroyed. a commit was published to the github yesterday by the extension’s creator as a “prank” which effectively turned the extension into a followbot. everyone logged into scratch was immediately forced to follow the creator of the extension. also, the extension was always risky, because it had a bunch of security issues. and finally, every message sent in blocklive’s chat was logged in a discord webhook.
while this commit was reversible with two clicks, the damage had still been done, because not only did this violate scratch’s terms of service, it violated blocklive’s as well. this effectively labeled the extension as malware that should be uninstalled immediately.
the creator has now apologized for their mistake - please don’t harass them over this. however, the followbot code is still present (although it is inactive, but the creator can re-enable it at any time), and the discord webhook is still online, and the extension is still a general security risk.