> Hey all, I'm Simeon, the developer advocate for Chrome extensions. This morning I heard from the review team; they've approved the current draft so next publish should go through. Unfortunately it's the weekend, so most folks are out, but I'm planning to follow up with u/gorhill4 with more details once I have them.
Armin here, the developer of Search by Image. After that experience I felt it's necessary to share the entire discussion. That is how Google treats developers in exchange for enriching their platform, with a list of nonsense allegations, and if you speak up, retaliation. This practice is well documented at this point, and the best way out for those targeted is to hold your head down and maybe plead for help on social media.
So yes, Google will eventually be forced to open up Chrome to third-party extension stores. Google will not get to decide what software the majority of humans can install in their browsers, the same way Microsoft is not allowed to block you for arbitrary reasons from installing software on your Windows devices.
On the other hand, blindly accepting browser extension upgrades is a huge security vulnerability. There was a post some time ago about how popular extension projects often get bought by adware/spyware companies and they were able to publish malicious changes directly to user's browsers without any validation.
> On the other hand, blindly accepting browser extension upgrades is a huge security vulnerability.
That argument can be applied to any software, being allowed to run code on your devices comes not just with the freedom, but also the risks. I don't think restricting people's freedoms is the right way to somewhat reduce the occurrence of malware.
> There was a post some time ago about how popular extension projects often get bought by adware/spyware companies and they were able to publish malicious changes directly to user's browsers without any validation.
I think you're referring to one of my blog posts. :)
I would never hold it against Google if they purged malware from Play Store. Particularly since android makes it easy for alternative appstores to exist, most notably the superb F-Droid, which mitigates some of the risk of Google getting it wrong.
When alternative sources are not readily available, the calculus changes. When the platform is a walled garden, the matter of banning the wrong script/app becomes more serious. Apple's appstore, Mozilla's firefox extension platform and Google's chrome extension platform fall into this category. Because they make it difficult to install apps/extensions from other sources, they have a moral responsibility to perform to be more careful with what they ban.
(Also, I do not accept the premise that Google is actually trying in a meaningful way.)
This is a situation of their own making. They're the ones that pushed for invisible automatic extension upgrades.
Firefox's old system of you needing to manually initiate upgrades was much more secure, and encouraged user responsibility for the code running on their machines. Google wants to infantilize the user, take away all choice, claim users can't make good decisions and then claim anything control they remove is for the user's benefit.
They're a bunch of stinking liers.
At this point anyone claiming to be a platform needs to regulated just like we regulate platforms before the internet.
I have a friend who works in the compliance department of one of the big international commodity exchanges. They are responsible for regulating the platform (his words) and preventing anything untoward happening, but that also means the company itself cannot "double deal" it can't participate in the markets in anyway. In addition they have two fed watchdogs that do regular invasive audits to ensure that they're actually following the laws and regulations.
It's time for internet companies to be put to the same standard:
If you call yourself a platform get ready to be treated as such.
If you don't wanna be a platform and you have 70%+ of the market get ready to get broken up.
> Google wants to infantilize the user, take away all choice, claim users can't make good decisions and then claim anything control they remove is for the user's benefit.
As a developer with 18 years experience, I am not sure I have the time to make good decisions. I am not going to audit the code of everything I install by reputation. An average user has no hope.
No offence but you seem to have just done exactly what GP accuses Google (and most other big s/w corps to be honest) of doing. I am an average user (in the sense I'm not a professional s/w dev although I do know coding and have a more than normal interest in the inner workings of computers, but most youth are similar anyway. No one is dumb unless they've been trained to relinquish thought), and in two decades of using computers and the Internet I have to say I did not get hoodwinked into installing a single malware or getting a single virus. And uptil at least the last decade s/w wasn't as controlling and infantilising as it has lately become, and I got along just fine. In fact the slight difficulty actually enabled me to learn interesting stuff which modern UX almost totally stonewalls with its opaque "let me hold your hand" interfaces.
1. I generally trust when I update linux that things have been inspected. Maybe I'm dumb. I also trust that if I don't update immediately but a few weeks or months later, if anything snuck in it has been found, reverted, fixed. So, by not making updating automatic that would seem to help somewhat?
Of course the opposite is if there is a critical vulnerability then automatic updating helps many people. I believe this is mostly why Windows is so insistant on updates is that so many non-tech users were not updating and then getting powned.
2. It seems like maybe there'd be a market for a curated service. Neither Google's App store, nor Apple's, nor the Chrome Web Store, nor the Firefox Extension Gallery are curated well IMO. They are all 80-95% full of crappy software meant to scam you in one way or another.
I wonder if someone would make a startup that for $$ curated software and/or extensions including checking changes. Maybe publishers would have to pay to certified or maybe users would pay to fund the checking. Well I can wish :P
The solution for that would be to subscribe to specific repositories, similar to how Debian does it for example. Anyway, even if they just let people to manually download and install unsigned extensions the risk would only fall on the people who chose to do that. These that wish to do so could still continue and use google's walled garden.
Many crytocurrency users have a browser extension based "wallet". A malicious update pushed to Metamask, the most popular ethereum wallet application, could end very badly.
Modern tech companies enjoy maintaining the delusion that developers that make apps and content on their platforms are extensions of their employees and contractors and they have the right to dictate and control their development. This is obviously bullshit. The security argument is a red herring since a third party can maintain a trusted software list without all the conflicts of interest.
For those of us on Microsoft Edge, it's time to uninstall uBlock Origin[0] from the Chrome Store and install it from the Microsoft Store[1]. It's about time someone seriously challenges and smokes Google's boots.
You could, unless you're like me and having never been on Blink. I've been using Firefox for almost 20 years straight, since it was Phoenix. Edge is my backup/secondary browser and it's great. If you want the benefits of Chrome without Google, Microsoft is the final boss that can't and won't be pushed around by Google.
I love how, despite even kowtowing to the pro-Mozilla brigade here with assurances that you’ve long been a faithful user of their product, the fact that you said anything good about MS Edge still caused your text to get disappeared. They must feel threatened by it.
The second MS Edge is on Ubuntu or Arch, I’m installing it! And I’m absolutely certain that if MS keeps adblocking facilities in place while Chrome drops them, they’ll gain a ton more users like me.
Maybe soon, Google will be paying Microsoft to make Google the default search engine! Funny thought, but I doubt it...
I am a Firefox diehard, but I have been using and following Edge since MS put out the first canary. It's definitely my second choice. Firefox has enough exclusive features (like containers) that keep me from moving to a Chromium browser. For me, everything is chosen based on merit, not some belief system that a Blink-only world would be a terrible thing. I'm not sure that matters at all, and don't buy into that narrative that we need it for choice. There are still major players all building off it, and could diverge again. The Microsoft executive that suggested Firefox join them as a Chromium variant was correct. If anything ever pulled me away from FF it will be Edge for sure, and mostly because it is Chromium based.
My intended audience with that original post was the legion of Chrome users, but I could see how the Firefox cult (which I've long been a part of, check my oldest HN posts) could see it as negative or the "wrong answer". I never found Chrome to be quite right in all the times I've kicked the tires over the years. But on Windows, Edge being the native browser will ensure it's optimized to get the absolute best battery life out of laptop, a huge perk, and is quite frankly on the merits just shaping up to be a great Chrome-alternative on all platforms. No reason to resist the right-answer just because Microsoft is the one that appears to be bringing it.
Well yes, but technologically, it's the only non-KHTML descendant browser engine in development. Mozilla is working on the revenue issue, though it is a considerable concern. The best thing we can do to help Mozilla is to simply use Firefox and try and bump its market share numbers up.
I won't say no, but these donations go to Mozilla Foundation and are used to advance their tech evangelism work, such as their successful lawsuit over net neutrality in the US.
Mozilla Corporation develops Firefox with their income from sources like their contract with Google and other search engines. Donations are not used for Firefox dev.
Genuine question: what are they doing to alleviate the issues of Gecko rendering compared to Blink? As I understand it, most developers target Chrome, so they make it work with Blink, not Gecko.
Bugs are fixed where necessary, but I don't think they've stooped to implementing Chrome's bugs yet. Most of the work is social - reaching out to owners of websites which are broken in Firefox and asking them to fix them.
The MS Edge one is offered by "Nik Rolls" and not "Raymond Hill (gorhill)" like the one on the Chrome Web Store and Mozilla AMO. I'm guessing they're not the same person so why should I trust this extension instead?
I tracked this down earlier today while I was considering what I would tell people to switch to, looks like
- The official ublock repo links to it, so it's reasonably trustworthy, but it's explicitly not controlled by Gorhil. The author has what appears to be an open offer to give control of it to him.
- It's out of date.
- There is no real plan to make it up-to-date until edge finishes moving to being a chromium fork.
If the chrome store version dies, you better be prepared to see the edge version get significant less attention. I love alternatives being available, but this only makes the situation somewhat less bad.
That was fixed faster than I’ve ever seen Mozilla fix anything.
Still, if MS Edge comes to Linux without the manifest v3 blocking restrictions, I’ll try switching to that first because I want a Chrome-based Chrome competitor supported by a major entity.
> Hey all, I'm Simeon, the developer advocate for Chrome extensions. This morning I heard from the review team; they've approved the current draft so next publish should go through. Unfortunately it's the weekend, so most folks are out, but I'm planning to follow up with u/gorhill4 with more details once I have them.