appears as official Mullvad Browser flatpak but is actually unofficial (impersonating)

[adrelanos]

There is no way on https://flathub.org/apps/net.mullvad.MullvadBrowser for a user to recognize that it's unofficial.

Quote https://flathub.org/apps/net.mullvad.MullvadBrowser

Mullvad Browser by Mullvad

But is actually unofficial.

Quote @ruihildt https://github.com/mullvad/mullvad-browser/issues/6

FYI this is not an official release and we haven't verified it. We are currently considering how to best handle this.

Basic ethics demands not to impersonate people, companies such as about the origin of software.

Note: This is my personal opinion and I am not affiliated to Mullvad.

https://flathub.org/apps/net.mullvad.MullvadBrowser

https://flathub.org/apps/ net . mullvad . MullvadBrowser

Is the net part (as opposed to others using org) supposed to imply it's unofficial? If it was org, that would be mean it's official?

Doesn't mullvad imply it's by the mullvad company?

https://flathub.org/apps/net.SomeIndividualOrCompanyName.MullvadBrowser would be better.

This matters as there might even be adware / malware being injected as this comment implies.

Quote @tinypinkdragons https://github.com/mullvad/mullvad-browser/issues/6#issuecomment-1565223871:

As soon as I open the flatpak, my Pi-hole registers a connection attempt to 'aax-us-pdx.amazon-adsystem.com', which the Windows version doesn't do. After some investigation, I came here and saw it wasn't official. Now uninstalled. Any news on an official release, or will you not be publishing to Flathub?

[ruihildt]

See my comment here: https://github.com/mullvad/mullvad-browser/issues/6#issuecomment-1658188815

Related PR: https://github.com/flathub/net.mullvad.MullvadBrowser/pull/17

[Erick555]

Doesn't mullvad imply it's by the mullvad company?

It implies that mullvad company wrote the app code. I agree this is source of endless confusion since people may assume that same entity who wrote the code also published it on flathub which sometimes is true but in this case it's not.

Note that this flatpak use verbatim copy of binaries uploaded by mullvad, there isn't even a compilation process involved. I don't think publishing 1:1 copy under different name is something legit.

This matters as there might even be adware / malware being injected as this comment implies.

This is extremely bold claim based merely on someone else question. I recommend not starting discussion like that.

DISCLAIMER: I'm personally against 3rd party flatpak publishing but it's considered normal on flathub and we could have same discussion for about 1000 other apps here.

[proletarius101]

Closed by https://github.com/flathub/net.mullvad.MullvadBrowser/pull/17