Google Starts Blocking Extensions Not In the Chrome Web Store

An anonymous reader writes "Google has begun blocking local Chrome extensions to protect Windows users. This means that as of today, extensions can be installed in Chrome for Windows only if they're hosted on the Chrome Web Store. Furthermore, Google says extensions that were previously installed 'may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store.' The company didn't specify what exactly qualifies the "may" clause, though we expect it may make exceptions for certain popular extensions for a limited time. Google is asking developers to reach out to it if they run into problems or if they 'think an extension was disabled incorrectly.'"

Java?

Does this include Java?

Re:Java?

[Desler]

Java isn't an extension.

Re:Java?

So no then?

Welcome to your new walled garden

[TubeSteak]

It's only going to get worse as more and more "platforms" get tied to some company curated web store.
No thanks!

Re:Welcome to your new walled garden

[pitchpipe]

It's only going to get worse as more and more "platforms" get tied to some company curated web store.

HA! Pretty soon they'll have your desktop acting just like a smart phone: no privacy what-so-ever with every app knowing when you take a shit to when your SO is ovulating.

No fucking thanks indeed!

Re:Welcome to your new walled garden

[Quick+Reply]

Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.

Re:Welcome to your new walled garden

[TubeSteak]

Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.

You let me know when Chromium gets bundled with Android cell phones or Chromebook laptops.

Re:Welcome to your new walled garden

Why would a toolbar install without permission? In Firefox I have to explicitly allow extensions. Is that a Chromium feature?
And why would anyone want to run a browser from Google? Isn't it bad enough with all the other shit from Google? Would you use a car from Google if you got it for free but had to get fucked in the ass by a Google employee twice a week too?

Re:Welcome to your new walled garden

I've had extensions that have appeared in Firefox without any explicit dialog about clicking on them... and these were first tier companies. On my VM that I use for Web browsing, I've had dodgy extensions pop up like Conduit's (the result was a shareware .DMG decoder for Windows... it was clean, but the website it came from repackaged it with an installed that bundled with "extras".

Chrome already has leapfrogged Firefox by having a virtual machine to isolate add-ons that are easily compromised (or just replacing the most often hacked with functionally identical ones.) Having add-ons which are not present in the Marketplace not allowed is a nice touch and adds to security. This doesn't mean that Acrobat and gpg go away... it just means that they are accessible from a secure, clean source.

Re:Welcome to your new walled garden

[sqlrob]

What secure, clean source?

Re:Welcome to your new walled garden

The thing is, this is a defense against two things that are highly prevalent right now:
a) Bullshit toolbars and crapware that are installed into browsers without permission (including various ANTIVIRUS PRODUCTS)
b) Bullshit toolbars and crapware that are installed by "sponsorware" crapware like Vuze, uTorrent, Java, and a half billion "downloader" programs

The walled garden itself should be pretty tiny, any asshat who installs crap into their browser, knows what they are doing, or you'd think they would. The truth is a lot of the crap that gets loaded onto a desktop PC is loaded by the OEM, and crap loaded by the browser is also loaded by software provided by the OEM.

Java needs to just die, nobody uses on the desktop unless they absolutely must, and even then those programs come with their own JRE because no PC has come with Java preloaded since Windows XP.

Re:Welcome to your new walled garden

[swillden]

Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.

You let me know when Chromium gets bundled with Android cell phones or Chromebook laptops.

Nicely done... you slipped that word "bundled" in there, because obviously that's not going to happen; Google will provide the normal Chrome builds. Users that want to can install Chromium themselves, of course, and in fact Google even provides instructions on how to do it, as well as all of the source code.

And you also slyly ignored the fact that the just-announced news doesn't affect Android or Chromebook, only Windows. Maybe Chrome for Android will eventually get the same policy, but it's likely that the superior security architecture of ChromeOS will make it unnecessary on Chromebooks.

Re:Welcome to your new walled garden

[Col.+Klink+(retired)]

Chrome for Android doesn't have an app store, or even extensions for that matter.

Re:Welcome to your new walled garden

[ozmanjusri]

No fucking thanks indeed!

Or you could just not use Windows.

And if that's not an option, you could use the dev channel version of Chrome to sideload anything you want. Or use Chromium instead. You're not locked into the App store unless you want to be,

Look, you can spin it any way you want, but his is pretty obviously a step to protect non-technical Chrome users from malware. It's not aimed at people who have the know-how to manage their own plugins/apps.

Re:Welcome to your new walled garden

[Quick+Reply]

Chrome/Chromium doesn't have extensions on Android so that platform is not applicable to this move.
Chromebook laptops can be unlocked and replaced with Chromium builds.

Re:Welcome to your new walled garden

[Quick+Reply]

On both Firefox and Chrome, the efforts to require permission to install an extension can be bypassed if the installer has local access to manually tell the config files that it has been 'approved' even when it has not, and this is quite prevalent.

Of course it's not going to affect technical folk who avoid installation of spyware to begin with, but this is a sensible security step for the masses.

Re: Welcome to your new walled garden

I should not use windows to avoid google's bullshit? How about I stop using chrome until they turn it back into a browser?

Re: Welcome to your new walled garden

[ShieldW0lf]

Is that going to continue to work if they are disabling the installed extensions retroactively? If it's not part of the update process now, it could be down the road.

Re: Welcome to your new walled garden

Go shill for your bosses somewhere else. How can you point to this being windows only as a good thing? Clearly because of the "superior architecture" of the web browser turned OS.

If the MS employees got on here and talked shit like you we'd burn them to the ground. You are fucking worse than any of them.

Re:Welcome to your new walled garden

I'm working on turning the DRM on it's ear.

Just like a package manager on Linux, we can allow additional trusted sources. That way you can have competition between app stores.

I'm working on a game that utilizes such system. Modders can self sign their mods, or sign mods for other modders. The "official" game DLC is signed by the main trusted game developer cert installed in the game, and community approved mods are signed and can be listed in the game or on a website. The mod hosting protocol and server is an additional module of the private server system. It the same way that approved private servers can be listed in the official server list, so can the game mods.

However, players can choose to trust a self signed modder cert and thus ensure updates to their mods are not tampered with (just like game updates). They can also trust 3rd party mod distribution servers, just as they can add 3rd party "private servers" to the trust graph. That way if the main game servers ever go down, the players and modders will always be able to use the content they got.

Allowing modders to charge for mods is a goal, but it's a cluster fsck. So, I'm toying around with just adding a bitcoin client in the game, and perhaps have "tips" for new DLC instead of payments. The main goal is to allow the mods who spend hour after hour producing gorgeous maps and experiences can make money for their effort. Official DLC in most games is too expensive, and the fans themselves can create more and better content for far less, why not let them compete for sales?

Point being: Walled Gardens don't have to be evil. What's evil is having only ONE walled garden. It's only greed that makes Apple, Google, Microsoft, Sony, etc. behave anti-competitively. Linked Lists Exist! There's no reason users shouldn't be able to add trusted sources in this day and age. I would actually like the FTC to step in and bust some heads. 3rd party sources can be signed just like Linux package management.

IMO, This is anti-competitive behavior from Google. Allow us to run our own Chrome Web Stores, you anti-capitalistic fucks. Then I'll chance creating a Chrome Web App: When I'm not beholden to one company to distribute my product to my consumers. I'd have to be a damn fool to allow another business to dictate my business's future. Open up, you'll get more devs and thus more users. See how that works?

Re: Welcome to your new walled garden

[swillden]

Haven't got any actual counterarguments, I see.

Re:Welcome to your new walled garden

[swillden]

Chrome for Android doesn't have an app store, or even extensions for that matter.

Yeah, that's why I said maybe it will get the same policy, when it gets extensions and an App Store.

Re: Welcome to your new walled garden

You work for a corrupt anticompetitive leach. Moves like this are clearly predatory disguised behind bullshit assertions like your own. "Hey use my awesome superior platform and we will stop fucking you over!"

  You are either a deranged kool aid drinker or full of shit. My guess is the latter.

Re:Welcome to your new walled garden

[mysidia]

It might not be as big a defense, as you think

b) Bullshit toolbars and crapware that are installed by "sponsorware" crapware

Seems like a minor tweak to bundle in with the crapware: Chromium or an altered chrome binary and altered versions of all major browsers; change user's default browser to the 'crapware' one, and disable updates ---- or rather, make them auto-update from the crapware vendor with new crapware.

Re:Welcome to your new walled garden

[Noah+Haders]

Look, you can spin it any way you want, but his is pretty obviously a step to protect non-technical Chrome users from malware. It's not aimed at people who have the know-how to manage their own plugins/apps.

Oh come on. This is obviously phase 2 of google's plan to consolidate its hold on the internet. Note that if the extensions are in the chrome store then all the data flows through google, which is all they want anyway.

Re:Welcome to your new walled garden

[Noah+Haders]

Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.

don't be a fuck twit. how will you side load extensions when there are no extensions to install? no sane programmer will make a new windows extension that doesn't go through the chrome store.

Re: Welcome to your new walled garden

I should not use windows to avoid google's bullshit?

You should not use Windows in order to avoid Microsoft's far worse proprietary lockin. As an added benefit, you'll also avoid this issue with Google's browser.

Re:Welcome to your new walled garden

This is obviously phase 2 of google's plan to consolidate its hold on the internet.

By changing how plugins load on one of the many available browsers?

Lighten up there sparky, a few deep breaths might make you feel a bit better.

Re:Welcome to your new walled garden

[TubeSteak]

Users that want to can install Chromium themselves, of course, and in fact Google even provides instructions on how to do it, as well as all of the source code.

There's a large gulf between "can," and "do." Of the millions of users, most do not.
This is why it's relevant that Google would never bundle Chromium with anything.

And you also slyly ignored the fact that the just-announced news doesn't affect Android or Chromebook, only Windows.

I didn't slyly ignore that at all.
I was rather explicit in prognosticating that "more and more "platforms"" will get fenced off.

Re:Welcome to your new walled garden

[abhi_beckert]

Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.

Darwin is open source too, so you can fork it and install whatever apps you want.

The fact is most people stick with the official release. Your platform is not "open" if your official release if third party extensions aren't allowed.

It's worth mentioning the (non-mobile) version of Safari does allow arbitrary third party extensions. There are some warnings to the user that it might be malware, but they don't block installation.

Re:Welcome to your new walled garden

Have to use windows when state services only works with windows

Re:Welcome to your new walled garden

[AmiMoJo]

Complete nonsense. Extensions are just Javascript and a bit of metadata, and can post data anywhere they like. No need for it to "flow though google" at all.

Re:Welcome to your new walled garden

[Noah+Haders]

for now... that's phase 2.1.

Re:Welcome to your new walled garden

[cdrudge]

Pretty soon they'll have your desktop acting just like a smart phone

My laptop died over the weekend and while browsing online for a replacement, one laptop was advertised as having "smart-phone like responsiveness." I quickly moved on to a different laptop.

Re:Welcome to your new walled garden

[hairyfeet]

Luckily this isn't the bad old days where it was just IE and netscape, today you DO have options! There is Comodo Dragon (what I use, better security features and no phone home to Google) Chromium, SWIron, and Opera which my oldest boy swears is the greatest thing ever (boy is he still pissed they quit using presto) and on the gecko side there is Firefox, PaleMoon (the other browser I use, I prefer the UI over IceDragon and it seems snappier), SeaMonkey, IceDragon, if you need really low resource there is always Kmeleon which runs really well even on a P3 running Win98SE and if you want to avoid BOTH the Chromium and Gecko engines you can go with QTWeb which is just what it says on the tin, a cross platform browser that uses Webkit and the QT framework...quite nice actually and of course Safari if you are into Apple. There is one other....what was it? Oh yeah the big blue E thing. ;-)

So if you don't like the direction Google is going? Don't use their products. After they started getting nasty with the TOS and trying to ram G+ down our throats I dropped Google like a bad habit, I set up a throwaway Gmail I never use just for my Android phone (so they can't tie my desktop and mobile together) and use my main Gmail for a spam dump, switched to Bing for my search and Yahoo for my mail so no one company has access too all my online data and ya know what? couldn't be happier. What DOES really piss me off about Google is how they have become a drive by spammer, you have no idea how many Chrome "infections" I've had to clean off of customers PCs because some "freeware" had Chrome tied into it. We used to get seriously pissed at how McCrappee and Horton used to dump their stupid scanners onto us with freeware so why isn't everyone mad at how Google is spamming Chrome? An unwanted install that takes over defaults...hmmm...if it walks like a duck and quacks like a duck?

Re: Welcome to your new walled garden

[hairyfeet]

He is using the same argument the DoJ used against MSFT bundling IE, that since a good 90%+ use the defaults it gives the company a defacto monopoly. I personally thought the DOJ arguments were bullshit but you can't support one but not the other since its the exact same argument...company owns platform, company bundles browser into platform, company gets 90%+ of users using their bundled browser...seems like a pretty straightforward argument if you ask me, whether you personally agree with it or not.

Re:Welcome to your new walled garden

Good point, but the concern I would have is if they have plans to halt people using anti-tracking/anti-ad, extensions..

And there was an article from Free Linux Project (one of the free software orgs.) over how Apple did the same, only they use their neo-communist dictatorship to shut out devs, and anything else they do not want, and their argument was over Malware. And in the case of Google, they are widely attacked so them using that malware argument makes some sense, but it would only put a dent in their malware issues.

Re:Welcome to your new walled garden

[JohnFen]

It's not aimed at people who have the know-how to manage their own plugins/apps.

So they're just collateral damage, then?

Re:Welcome to your new walled garden

[Kalriath]

How does QTWeb which uses WebKit help you avoid using WebKit?

There's really three rendering engines now: Trident, WebKit/Blink/KHTML, and Gecko. Pick one and select a browser based on it.

Re: Welcome to your new walled garden

[Crosshair84]

Yea, the DOJ's argument was BS as it could be used to sue Ford for including tires with every one of its cars, giving it a monopoly on the default tires on its cars. Can you imagine the stupidity of going car shopping with every vehicle up on blocks? Likewise with IE, like it or hate it, people want SOMETHING so that they can at least get moving, if for no more reason than to download another browser/get to the tire store.

Re: Welcome to your new walled garden

[swillden]

Still no actual arguments.

Re: Welcome to your new walled garden

[swillden]

I thought the bundling argument was weak at best (and that what the DoJ really needed to go after MS for was the OEM agreements), but even if we grant their validity I don't see the parallel here. There's no way Chrome has anything like a monopoly share of the browser market, among other issues.

Re:Welcome to your new walled garden

No fucking thanks indeed!

Or you could just not use Windows.

And if that's not an option, you could use the dev channel version of Chrome to sideload anything you want. Or use Chromium instead. You're not locked into the App store unless you want to be,

Look, you can spin it any way you want, but his is pretty obviously a step to protect non-technical Chrome users from malware. It's not aimed at people who have the know-how to manage their own plugins/apps.

No, it's about data granularity and "protecting users(the children)" is the standby reason for making any changes.

Re:Welcome to your new walled garden

[hairyfeet]

That is like saying a Ford and a Chevy are the same thing since they both have motors. All the current Chromium based are just that, based on Chromium. they follow the Chromium tree, implement most if not all that Chromium does, etc. With QTWeb they are going back to the original Webkit source (which Chromium doesn't follow) and building from there, so if anything you could compare it to Safari.

Re:Welcome to your new walled garden

[Kalriath]

No, it's nothing like saying that. It's like saying an Escort and a Falcon are roughly the same thing because they both have Ford motors. KHTML, Blink and WebKit are forks of the same source (KHTML) and implement virtually identical feature sets. If you want to avoid using a Chrome-like browser, your options are Gecko or Trident based browsers. If you want to avoid using Gecko as well, you just stonewalled yourself into using Trident, and we all know what browser primarily implements that.

There is no "Chromium Engine". It's WebKit/Blink.

Re: Welcome to your new walled garden

[hairyfeet]

Sorry but go back and read the case, the DoJ wasn't arguing monopoly when it came to the browser, they were arguing that because Windows had such a large share of the market (just like how Google owns the largest share of mobile devices) that MSFT having the ability to bundle a browser, a thing that until recently companies had charged for, that it was giving them a monopoly while product dumping.

So if you applied the exact same argument the DoJ used against with MSFT to Google and Apple? yeah they would be busted and looking at tens to hundreds of millions in fines. It just shows the difference that being a villain versus being a villain with good PR is, it lets you pull shit the other guy can't. I would point out that to this very day MSFT has to offer Windows without IE and WMP in the EU along with a stupid browser ballot yet neither Apple nor Google has to do the same on their devices.

Re:Welcome to your new walled garden

One company chose to be dicks with their web browser? Let's ditch our entire OS!

Yea, that's a perfectly reasonable approach.

A Pox on Google!

I refuse to use Google search, maps, cloud, G-mail or anything of theirs. I strongly object to entries in their terms of service and this is the only way that i can express my displeasure with them. Try to find an e-mail address that a live human will read at Google.

Re: A Pox on Google!

[postbigbang]

You're not alone, but then again, neither are they. The new world order is to host your own store, and reap the rewards, control your clientele, and do so in the superficial PR mechanism of controlling bad stuff, where the actual motive is more like: profit and gleaning market trends.

Altruism is NOT Google's business model.

Re: A Pox on Google!

So what mobile phone do you use? Apple iPhone? Apple is the same if not considerably WORSE than Google in pretty much every aspect of end user privacy and "doing evil". So.. that leaves you with.. what? Windows Phone? Dear god I hope you're not stupid enough to use Windows Phone... so that leaves... Blackberry? The Ubuntu Touch phone OS isn't ready yet. You use an old Nokia running Symbian?

Re: A Pox on Google!

[Noah+Haders]

Apple is the same if not considerably WORSE than Google in pretty much every aspect of end user privacy

I'm calling you out on this. For one, apple is BETTER than google in pretty much every aspect of end user privacy. It doesn't earn billions of dollars from tracking everything that people do and search for. Can you provide any examples to support your point?

Re: A Pox on Google!

[Anne+Thwacks]

Who in their right mind would use Google when there is Bing?

Oh, wait ...

Re: A Pox on Google!

[jazzis]

Mod up insightful!

Re: A Pox on Google!

In terms of privacy... neither Google nor Apple are "good". Apple business practices though are worse in my view than Google... less transparent. Thus my comment that they are worse than Google.

How's this for a source? https://www.eff.org/who-has-your-back-2013?support_whyb=1&social=1
Apple was only able to get 1 point out of 6... Google got 5 out of 6. That's VERY telling.

All online resources are... up for scrutiny, but... that's the best I could find in a short time.

Re: A Pox on Google!

[Noah+Haders]

fool. the link you sent was for the 2013 report. here's the 2014 report, in which apple gets 6 out of 6 https://www.eff.org/who-has-yo...

more importantly, EFF is only considering privacy from govt interference. Apple also gives you privacy from their own snooping. Google, all they do is peer into your activities to track and profile. that is loss of privacy. Apple does not do this.

Re: A Pox on Google!

Ummm... care to try again. The link YOU provided clearly states that Apple gets 1 out of 6. Oddly enough the same link I provided. On the latest report I see that both Google and Apple have 6/6.

I was at work when I did the link digging... didn't have time to really look into it. As I clearly stated, that was the best I could find in a short time.

Anyway... I don't have time in my life for people who start out a reply with "fool" so... I'm done. Enjoy thinking you're always right or whatever floats your boat.

Re: A Pox on Google!

[jwdb]

Try to find an e-mail address that a live human will read at Google.

That's reserved for paying customers, as it is with many other major businesses. I've twice had technical issues with a Chromebook, and both times have gotten a reasonably prompt email response that helped me fix the problem.

Re: A Pox on Google!

I use a candy-bar style Nokia, thank you very much.

Re: A Pox on Google!

[toddestan]

As far as I can tell, Google and Bing or more or less equivalent when it comes to returning search results that are completely worthless.

Dealbreaker

The extension I used to correct their staunch adherence to the idiocy that is mapping backspace to the browser back button is unhosted, so... bye.

Re:Dealbreaker

[iMadeGhostzilla]

From my side, POP3 account checker. Gmail sucks when it comes to POP3 accounts and this extension fixes it. That extension (which I paid for, $5) is the reason why I stayed with Gmail. If it's disabled, bye.

Re:Dealbreaker

[Ksevio]

That's a pretty standard mapping. Makes sense - BACK/BACKspace

Re:Dealbreaker

I just hit backspace on Chrome, and went to the previous page (Slashdot frontpage), so I guess you don't need that extension?

Re:Dealbreaker

Oh, sorry, that's exactly what you *don't* want. My bad - just woke up & no coffee....

Re:Dealbreaker

I tried it... doesn't do anything for me. I hit Backspace 100 times in a row... stayed right where I was. WTF are you guys doing? I've never had Backspace take me back in any browser.

Re:Dealbreaker

[Xolvix]

You didn't literally press Backspace 100 times in a row. As if it would have taken more than three presses before it was obvious it wouldn't do anything.

In Linux the backspace key in Firefox is by default set to do nothing. In Windows it goes back a page. I don't know why the defaults are difference, but whenever I try Linux out (before inevitability going back to Windows), I always dip into about:config and change the backspace behavior in Firefox to make backspace go back just like it does in Windows. Keeps things consistent.

Re:Dealbreaker

[AmiMoJo]

Actually you can still install unhosted extensions in the usual way, i.e. enable developer options. It's only packaged extensions hosted on web sites that are affected.

Re:Dealbreaker

That'll show em...

Re:Dealbreaker

[gsslay]

It makes no sense at all. It is totally moronic. The backspace is not a navigation key. My keyboard has plenty navigation keys, backspace is not one of them.

It makes as much sense as using the back button on your car's CD player to engage reverse gear and press the accelerator. It's totally not what you wanted, not what the button is for, annoying and dangerous.

Re:Dealbreaker

[Ksevio]

Wait until you learn the space bar will scroll down the page! You could totally lose your place if you were typing and then clicked somewhere out and pressed spacebar! That's totally not what you wanted at the exact moment.

But wait, it gets worse! Have you ever tried to type a capital W and pressed ctrl instead of shift? It's dangerous and unintuitive and you can lose all your work with just a couple millimeters difference. The W key isn't for navigation, it's for typing words with Ws in them. It's like pressing the alarm key instead of the trunk button on your keys!

This outrage must be addressed immediately! I suggest we ban all keyboard shortcuts so clumsy people don't accidentally do something stupid.

Re:Dealbreaker

I'm aware that it's pretty standard. Standard doesn't mean "not stupid", though. It's a pretty rare event that I want a common key used in typing to be overloaded without requiring a modifier key. It SHOULD be possible, and even easy, to alter this mapping, but it isn't.

Re:Dealbreaker

[HalAtWork]

Especially when most PCs ship with a keyboard that has a back button.

Re:Dealbreaker

[drew870mitchell]

Chrome also does not always correctly handle catching the CTRL key. It's intermittent (maybe certain website behaviors trigger it), but it just doesn't do anything. A couple years back I made a serious effort to use Chrome and gave up for this reason. At the time I found a bug report saying that it had been a known issue since pretty much the beginning of the project. When I have needed to use Chrome since (the rare page that doesn't like my combination of Firefox plugins, or testing for work) the bug will rear its ugly head occasionally.

It's a bummer because Firefox is slow as molasses compared to Chrome and it doesn't have quite the extensions edge that it used to, but at least it actually works.

Analysis beyond g00gle

I don't need an extension.

yeah whatever

[epyT-R]

The claim of protection is just the public plausible deniability excuse.. The real reason is to force people to use their stupid 'app store.'

Re:yeah whatever

[_xeno_]

Also to get rid of troublesome extensions like Adblock Plus. I seem to recall Google kicking Adblock Plus from the Google Play store, which while not the same thing as the Chrome Web Store, does seem a bit worrying.

Granted the reasoning used in that case (it "interfered with the operation of other apps") likely wouldn't apply to Chrome but it's the primary reason I want to be able to install extensions from non-Google "blessed" sources: I don't trust Google not to be evil.

Re:yeah whatever

[swillden]

Also to get rid of troublesome extensions like Adblock Plus.

Oh, really? It's also worth pointing out that AdBlock Plus by default doesn't block Google ads.

Re:yeah whatever

[Mashiki]

Really? It seems to be blocking google served ads just fine on chromium for me.

Re:yeah whatever

[verylargeprime]

Nope. You're wrong.

Browser hijacking is a major problem within Chrome and other browsers, and side-loaded extensions are by far the most common vector for hijacking. Firefox and IE have the same problem. Short of making extension APIs totally useless for developers, this is the best approach anyone's come up with. Third-party anti-malware vendors are unreliable in this regard because it's very difficult (with good and often sufficiently gnarly legal reasons) to get them to classify any given extension as clearly being malware. This gives Google a necessary choke-point through which to filter unsavory extensions.

While you seem to believe this desire for control is driven by a nefarious, greedy plan to herd all the sheeple into a walled garden [diabolical laughter] with "plausible deniability," it's actually driven by a desire to not have users fucking hate Chrome because some dipshit is making millions of dollars injecting toolbars into browsers and sucking up volumes of sensitive and often personally identifiable information with no (or ill-begotten) user consent.

Though I don't see it mentioned in either of the links, it should be noted that this constraint only affects Windows stable (and I believe beta) channels. If you want to run Windows Chrome and you know you can handle yourself without being hijacked, just run dev channel. It's usually pretty stable.

Source: I'm a full-time Chrome developer at Google.

Re:yeah whatever

[swillden]

My mistake. It used to be that AdBlock Plus defaulted to not blocking Google text ads. It looks like the default is to block, now, though it is still optional.

Re:yeah whatever

[nullchar]

I was wondering how, as a developer, one could load their own extension into a Windows Chrome build when I read the summary.

I assumed some developer mode within normal Chrome would allow non-store extensions to be added. Interesting if you need an entirely separate install to test your own extensions on Windows.

Re:yeah whatever

[Mashiki]

Long as it's optional, that's fine in my book. Really adblockers could probably make better inroads if they could allow optional blocking by default for advertisers that people wanted. This of course would let people support websites they want, and block the crap that could give them malware.

Re:yeah whatever

[Mr.+Droopy+Drawers]

I do agree that malicious extensions could be a problem when allowed via sideloading. However, simply add an option to turn off the blocking from the client. Those that want to sideload can and, by default, others will be blocked. Seems like a logical way of handling this.

I do also like the suggestion of providing a "trusted list" that allows for alternative "App Stores". These options could make these actions more palatable.

Re:yeah whatever

[AmiMoJo]

The reason AdBlock Plus for Android was removed from Play was that it sets up a transparent proxy on your phone. Since the Android version of Chrome doesn't support extensions that is the only way it can operate. The problem is that all network traffic flows though the proxy, even stuff from other apps. If other apps use HTTP to get data it goes through the AdBlock filter. This broke some legitimate non-advertising functionality and also tended to cause issues accessing normal web pages when the mobile connection was a bit intermittent.

It was fine if you were willing to put up with all that, but created a bad user experience for most people and got a lot of complaints. You can still install it just by downloading the .apk from the AdBlock Plus web site of course.

Similarly with Chrome, you can still install extensions locally, just not from random web sites any more.

Re:yeah whatever

[rioki]

This is what whitelists are for. Almost all websites I regularly browse are on the whitelist. The few exceptions are those that have annoying adds, I regularly unblock them, just to see, no they are still have annoying ads.

Re:yeah whatever

[jbolden]

That's precisely what does exist. People who want sideloading use the developer version of the browser.

Re:yeah whatever

[jbolden]

Excellent post. Well done.

Re:yeah whatever

[TangoMargarine]

Just go to the site, Adblock button, Disable on . Boom. Two whole clicks.

But let's just keep bitching about solved problems to prove we have no idea what we're talking about.

Re:yeah whatever

[TangoMargarine]

*Disable on <URL>

(and technically you can do it in one click if you hold and drag to the menu option)

Re:yeah whatever

[verylargeprime]

You can still use Windows stable or beta when testing extensions, because those builds will still load unpacked extensions in "developer mode". The drawback is that you'll have to deal with the constant nagging when you launch Chrome, notifying you that there are extensions loaded in this way.

The nagging has to be constant (i.e. there can be no "never show this again" option), or else it immediately becomes an easy path for malware to exploit.

Re:yeah whatever

[verylargeprime]

Thanks for this, it's exactly right. Proxying all network traffic through an app is a terrible idea and nobody should be OK with it.

Hopefully some day Android Chrome gets extension support (I'm not saying it will - I have no idea). At that point you could expect AdBlock to be available on Android again as a Chrome extension.

Re:yeah whatever

[verylargeprime]

You actually could run your own App Store if you wanted to. It wouldn't be a difficult effort to manufacture some lightweight replacement server to implement the private webstore API (if you want to provide install-from-the-website functionality) and support for the update and download mechanisms, all of which are queried by the open Chromium code. The catch is that you'd have to run Chrome with some extra command-line arguments to override the store and download URLs.

Currently you have default --apps-gallery-url=https://chrome.google.com/webstore and --apps-gallery-update-url=https://clients2.google.com/service/update2/crx.

Of course this is not going to be supported by Google and you're pretty much on your own for figuring out the work that needs to be done, but the code's all there.

Re:yeah whatever

[JohnFen]

Similarly with Chrome, you can still install extensions locally, just not from random web sites any more.

According to TFA, you won't be able to do this anymore. Any extensions that aren't in the store can't be installed, and any already-installed extensions that aren't in the store will be permanently disabled.

Re:yeah whatever

[Chalnoth]

This doesn't make any sense. If they completely disable this functionality, how will anybody ever develop a new extension? Some sort of developer mode which allows users to disable this blocking will be absolutely necessary. So I don't think this will impact power users very much, but it will make more casual users safer.

Re:yeah whatever

"which while not the same thing as the Chrome Web Store"

"OH REALLYZ?!! [Link to Chrome Web Store]"

Please go away, the adults are trying to talk here.

Re:yeah whatever

[JohnFen]

Yes, as TFA says, if you are running in developer mode you can install anything you like. Of course, it comes with all the downsides of developer mode (such as annoying warning dialogs).

Re:yeah whatever

Yeah, you don't need a totally seperate install. Even if you do it will still harasses you on any new windows that you're running "unsafe" in developer mode in a focus grabbing popup every damn time though...

Problem with antivirus

[Todd+Knarr]

Kaspersky AV installs it's extensions in Chrome, and frankly I a) don't want to depend on the Chrome Store for them since I can only trust them if they come directly from Kaspersky and b) don't want them disabled since I installed Kaspersky specifically for this purpose. I can see refusing to enable local extensions until the user confirms they ought to be there, but Chrome isn't the only source of browser components on my computer.

Re:Problem with antivirus

I have a different problem with anti-virus. Kaspersky AV backdoors some shitty plugin that makes chrome hang and doesn't tell me about it until I'm nearly tearing my hair out.

Re:Problem with antivirus

[Virtucon]

I hit this with KIS and Kaspersky never even responded to the ticket I opened. I'm sure they're scratching their heads about it now but anyway back to Firefox for now.

Re:Problem with antivirus

[verylargeprime]

If Chrome asked for user consent, malware vendors would just fake user consent.

Re:Problem with antivirus

[mysidia]

Kaspersky AV installs it's extensions in Chrome, and frankly I a) don't want to depend on the Chrome Store for them since I can only trust them if they come directly from Kaspersky

That's nice. But it's what Google trusts that matters. Google only trusts the Kaspersky plugin of highly questionable value that may actually be exposing you to multiple additional severe security risks without offering much additional protection -- enough to be enabled in Chrome now, if the app came directly from the app store.

If the app came directly from Kaspersky... well, sorry, that's just not trustworthy enough. How do you think you know the original came from Kaspersky anyways, and wasn't actually modified using MITM techniques? :)

b) don't want them disabled since I installed Kaspersky specifically for this purpose.

Well. It's happening; unless you deployed the extension using the Enterprise policy method, or to a dev version of the browser.

Kaspersky doesn't get a gold pass exempting them from all the rules ---- they apparently didn't pay much attention to the effective date of Google's warning that developers must use the Chrome web store for extensions: if they were still distributing files directly.

Re:Problem with antivirus

[AmiMoJo]

Kaspersky will be fine. This only affects extensions, which are Javascript based and heavily sandboxed. Anti-virus software uses plug-ins, which are executable code and much more powerful. They are commonly used to support Flash, Silverlight, Java and displaying PDFs.

Re:Problem with antivirus

Kaspersky AV installs it's extensions in Chrome, and frankly I a) don't want to depend on the Chrome Store for them since I can only trust them if they come directly from Kaspersky

That's nice. But it's what I trust that matters. I only trust the Google app store of highly questionable value that may actually be exposing you to multiple additional severe security risks without offering much additional protection -- enough to be enabled in Chrome now, if the app came directly from the app store.

If the app came directly from Google... well, sorry, that's just not trustworthy enough. How do you think you know the original came from Google anyways, and wasn't actually modified using MITM techniques? :)

b) don't want them disabled since I installed Kaspersky specifically for this purpose.

Well. It's happening; unless you deployed the extension using the Enterprise policy method, or to a dev version of the browser.

Google doesn't get a gold pass exempting them from all the rules ---- they apparently didn't pay much attention to the effective date of the internets warning that users must be allowed to do what they want with their computers

Re:Problem with antivirus

If Chrome asked for user consent, malware vendors would just fake user consent.

Implying that Chrome has a critical security vulnerability which allows this.

well, it's kind of necessary

Thanks Google, a few weeks ago I had some problems and ended up re-installing Chrome... only then did it notify me that some stealth 3rd party extension ended up causing some issues :-/ now it looks like they'll be more pro-active about possible browser hi-jack threats.

Still, I wished they enabled me to allow some manually, just in case I want something they don't approve of at some point.

Re:LOL

Yes.. google loves their effeminate hand flapping and lisps..

Old

[tepples]

This was announced six months ago. Unpacked extensions will still run.

Re:Old

[Virtucon]

True, old news but no, unless it comes from their blessed store or points to their blessed store you can't http://www.chromium.org/develo...

What about Chromium and other derivatives?

Like SRWare Iron? I'm using only one extension that's not on the web store, but even then I didn't want to part with it: http://www.overbits.net/chrome/youtube/

Some notes

This only affects Windows Stable-channel Chrome. Linux, Mac, ChromeOS, Chromium builds, and/or any non-Stable Chrome release are not affected by this policy. This is them trying to get rid of all those stupid extensions that hijack your default tab and search settings.

FUCK GOOGLE

Fuck the fucking fuckers.

Re:FUCK GOOGLE

high fiving mother fuckers who name their grand prize monster trucks.

Fork or patch?

So do we want to fork it, or maintain out of tree patches?

This policy is clearly preventing the user from doing something useful. Chrome is open source: we can fix this.

I wonder what this means for extension developers? It seems like the need to be able to install non released versions locally. Either they broke that (oops...) or there is still some way. Either way, this seems intentionally anti user and anti dev. I'd rather support users and developers than supporting google....

Re:Fork or patch?

[Todd+Knarr]

They say developers will still be able to install locally. My guess is that if you enable developer mode (checkbox in the extensions page) you can still use local extensions like always.

Re:Fork or patch?

[kav2k]

You can use unpackaged extensions (that cannot auto-update) like alw.. Sorry, with a nagging prompt every time you launch Chrome.

Re: LOL

Highly cerebral response. Try not to reproduce please.

Good!

I help fix computers for friends and family and the amount of incredible crapware that gets installed into browsers "by itself" is staggering. NONE of that is ever wanted.
Firefox had this problem first, and I'd say it was the only reason why most of them moved to Chrome.
Now Chrome is just as bad.

It is good for everyone I know, including me.

Userscripts?

[Anubis+IV]

Okay, how do I get userscripts working? I used to be able to just click on a link, then the restricted that, so I had to download them and drag them into the extensions window, but now even that isn't possible, it seems. What's the recommended method for getting them to work? Honest question.

Re:Userscripts?

[Morgon]

Try TamperMonkey. A little more bloated than native Userscript handling, but it does work.

This is not new news.

[Virtucon]

For those of us on the Dev channel for Chrome hit this in February. It's definitely a fucked up decision by the Chrome team and has led to a lot of folks ripping out Chrome in favor of something else. The claim made by the devs is that it's safer if the extensions come out of their web store and would eliminate malicious activity from extensions. They obviously didn't want to fix the browser to alert the user when malicious extensions are installed or provide a sysadmin set of functions necessary to install necessary, safe extensions. Of course we all know it's another fucking walled garden take-over by Google. I've already recommended to clients that they don't use Chrome and have removed it from a little over 4000 systems thus far. Personally Google is fucking the user community on this one, so fuck Google.

Re:This is not new news.

[TheGratefulNet]

its funny that intelligent people would even THINK to try a google product that is a binary, running on their pc.

really - how dumb do you have to be to trust the 'do nothing but evil' company? I could understand the AOL crowd not knowing any better, but techies? wow. just wow. techies trusting a google binary that runs on their own hardware. amazing.

firefox has jumped the shark, but its still not the level of control the google wants over you.

if you willingly take google into your home, you get what you deserve. maybe after enough bruises and trouble, enough people will shun google.

Re:This is not new news.

[viperidaenz]

You could just switch on developer mode and your unpacked local extensions will continue to work.

Re:This is not new news.

[TheGratefulNet]

this time.

its not the step that's the problem; its the journey.

you google fans; you really can't see where the end journey is headed? no one knows where it will end, but you can, at least, see the *direction* its going, yeah? how can that not bother you?

Re:This is not new news.

[fuzznutz]

Paranoid much? It's a browser. There are lots of browsers to choose from. If the destination of your "journey" is somewhere you don't like, pick another browser. I'll do the same.

As for me, I have spent countless hours lately cleaning up machines with search protect, conduit, ask, and all the other shitware that loads itself up when some unsuspecting user installs some free program from CNET and gets all their tag-along goodies. I recently cleaned up a brand new Windows 8 laptop that was only 1 week old which had become totally unresponsive. This is a good thing as far as I am concerned.

Re:This is not new news.

[viperidaenz]

So... explain how a developer is supposed to develop extensions to put in to the web store if they can't load their own in developer mode?

It will always work that way.

Re:This is not new news.

[MrNemesis]

That's easy enough to do. Just require that in order to enable the "incredibly risky" developer mode, you must be registered as a developer with Google, and flipping the button requires google+ integration. After all, we need to look after chrome users and this means cracking down on dodgy app development, I'm sure you're not one of those developers but e just need to check for the greater good, OK?

Re:This is not new news.

So when they refuse to host Adblock in the google store,

I have to show Grandma how to enable "developer mode"?

That won't scare her away from installing an evil tool to hide ads now would it?

Just like UEFI and no universal way to disable it, preventing a universal guide from being written..... So everyone has a different way which means Linux can't be easily installed by reading a book anymore. Now it must cover the 500 ways to disable UEFI/SecureBoot in the bios before a newb can install it.

This will prevent naive users from installing adblock or other unsupported extensions like youtube rippers and the like. They will never host software like that in their store. Walled garden indeed

Re:This is not new news.

[TangoMargarine]

Well to be fair, Firefox seems to be headed in the same direction (I've switched to Pale Moon)--taking away end user abilities in addition to emulating Chrome's interface.

And Opera is now all Chromified, too.

So I guess just Internet browsing in general is going down the shitter.

Re:This is not new news.

Oh also - if you want to be a developer, you can only be a developer on an officially supported platform, so bye-bye to developer mode on any non-supported platforms/chromium, etc.

Re:This is not new news.

[viperidaenz]

or... use the open source Chromium?

Re:This is not new news.

[Kalriath]

UEFI and SecureBoot are not the same thing. SecureBoot is just one of many UEFI features. UEFI is a far superior replacement for BIOS.

Time to archive the almost up to date version.

Or abandon Chrome. Easier, but whatever. I actually vaguely enjoy watching company's shoot there own software in the foot. An acquired taste undoubtedly, but after SO many times having to see it....

The only scary thought is that once again, it won't matter in the slightest.

Re: LOL

Hit too close to home?

Dev Version

[BenJeremy]

Time to get the dev version. They've already had the annoying habit of nagging me everytime I started the browser to "Disable developer mode extensions" and now they pull this crap.

Developer Mode still can install

[Formorian]

The article clearly states that you can still do this with developer mode. To me this is non story. They trying to stop the malware stuff for 90% of users.

The rest of us can still do what we want. Or anyone else that can manage to click a single check mark.

Re:Developer Mode still can install

[vux984]

They trying to stop the malware stuff for 90% of users.

There are plenty of actual solutions for that.

a) Block the extensions that don't come through the app store, but let the user enable them one by one -- without scary 'developer mode' (and opening up the floodgates)

b) Reputation systems -- allow 'reputable' extensions; revert to a) above for the rest. Google and the AV vendors don't want to get their hands dirty classifying useless shit nobody wants as the useless shit nobody wants, fine let the 'community' handle the reputation.

And for anyone who really wants it, they can manually enable it.

Re:Developer Mode still can install

[jbolden]

A user who is too scared to be in developer mode is acknowledging they don't have sufficient knowledge to judge extensions. Therefore they are doing a perfectly rational thing and asking Google to exercise informed judgement on their behalf.

Re:Developer Mode still can install

[AmiMoJo]

Block the extensions that don't come through the app store, but let the user enable them one by one -- without scary 'developer mode' (and opening up the floodgates)

Presumably you would keep the scary 'do you trust this extension and are you sure you want to install it?' message though. So no better than ticking a single check box then. Also, developer mode doesn't "open the floodgates", you have to manually download, unzip and drag the extension into the extensions tab.

Re:Developer Mode still can install

[vux984]

A user who is too scared to be in developer mode is acknowledging they don't have sufficient knowledge to judge extensions.

But their IT manager at work does; and he shouldn't have to put everyone's chrome into developer mode just to install a given company improved extension.

One can delegate making informed judgement to someone else, without having that someone else automatically be google.

Re:Developer Mode still can install

[jbolden]

IT managers aren't effected in the same way: https://support.google.com/chr...

Re:Developer Mode still can install

The IT manager at work is supposed to use enterprise policy to install extensions -- which, intentionally, is still allowed to install anything from anywhere.

Re:Developer Mode still can install

[mgiuca]

Disclosure: I am a full-time engineer on the Google Chrome team. Sorry, but your solutions don't work -- believe me, we didn't want to do this but it was done to prevent malware injections and not to stop users from installing software they want (which is why we only block it on Windows, and we don't block it on Dev or Canary channels).

a) Block the extensions that don't come through the app store, but let the user enable them one by one -- without scary 'developer mode' (and opening up the floodgates)

Unfortunately, if we just let the user manually override the blocking, we would have to store that choice in a preference file. Malware on your computer could easily install a bad extension and set the override flag in the preference file, making the blocking effectively useless.

This is why the only way the user can opt in to side-loading (by turning on developer mode) prompts scary warnings every time you open Chrome -- so that if malware does this, users will know something is up. We can't let you opt in to side-loading and be silent at the same time.

b) Reputation systems -- allow 'reputable' extensions; revert to a) above for the rest. Google and the AV vendors don't want to get their hands dirty classifying useless shit nobody wants as the useless shit nobody wants, fine let the 'community' handle the reputation.

The reputation system just moves the responsibility around, but still fundamentally has the same problem. Now you need to run a full-time service that records the reputation for each extension, and needs to be resilient to gaming (for example, having a malware author controlling a botnet spam the reputation server with good reviews to increase their score).

And for anyone who really wants it, they can manually enable it.

That is exactly what the "developer mode" switch is for. Again, we can't have a preference to enable side-loading without also letting malware turn it on for unsuspecting users, unless it gives a scary warning. There are other ways to enable side-loading without having to see the warning every time you start Chrome:
- Use Mac OS or Linux.
- Use Dev or Canary channel.
- Use Chromium instead of Chrome.
I hope one of these solutions are acceptable.

Firefox FTW!

[xfizik]

Thank you for giving me yet another reason to stick with Firefox. Not that I needed one...

Re:Firefox FTW!

[scottbomb]

Yep. Firefox is far superior to Chrome. You can customize almost anything in Firefox and nothing in Chrome.

Re:Firefox FTW!

[Dagger2]

Because the plan totally isn't to do something pretty similar in Firefox.

Re:Firefox FTW!

[xfizik]

There are such fundamental differences between Firefox/Mozilla and Chrome/Google that I simply trust Mozilla to do the right thing whereas the times of Google's "do not be evil" are long gone.

Re:Firefox FTW!

There are such fundamental differences between Firefox/Mozilla and Chrome/Google that I simply trust Mozilla to do the right thing whereas the times of Google's "do not be evil" are long gone.

You're a sucker. Companies are not individuals and should not be trusted.

Re:Firefox FTW!

[Megane]

I simply trust Mozilla to do the right thing

One word: Australis

(Don't mind me, Seamonkey user just passing through...)

Re:Firefox FTW!

Yeah, I gave up on Seamonkey when every extension in the known universe stopped fucking working on it.

I understand that the way to go is something called "Pale Moon" for now, but via the combination of the "Classic Theme Restorer" and "Status-4-Evar" extensions (I was using Status-4-Evar already, ever since they got rid of the status bar) I've managed to unfuck the absolute abortion that is Firefox 29.

Re:Firefox FTW!

[Gavagai80]

Non-profit foundations aren't 100% trustworthy, but they have a better track record than individuals.

Re:Firefox FTW!

[Unordained]

Ugh. I'm one of those developers who would be affected, as I have custom FF extensions deployed for a mid-size client. We don't use the "Enterprise" FF though. I suppose we might have to switch, and deploy FF updates differently, just to keep the ability to run extensions (that have no business being uploaded to anyone's store, as they're entirely site-specific.)

Re:Firefox FTW!

[JohnFen]

For the time being, but Mozilla keeps making Firefox worse and worse. If that trend continues even a little while longer, then FF won't be a viable alternative anymore.

Re:Firefox FTW!

[xfizik]

I actually like Australis :)

Re:Firefox FTW!

[Dagger2]

In fairness, Mozilla's plan doesn't involve uploading to AMO, it involves uploading to a private repository of extensions. So rather than the entire public getting access to the extension, only Mozilla does.

It still has the potential to make developing, or at least testing, a pain in the neck though. Click through a prompt on every restart to stop programs from silently setting the pref that turns checking off? No thanks.

... so go back to Apple

And so we leave the walled garden to go back to the Apple ecosystem where we're safe....

Re:... so go back to Apple

[ruir]

Running Mavericks, and as far as I know I can still install the extensions I want in Safari. Oddly enough, I have still to see a conduit malware for Safari, whilst in the past I could swear I got it in Chrome in OS/X.

Data loss due to accidental navigation

[tepples]

So how do I unambiguously indicate to a web browser that I want to delete only one character from a text area, not have the entire message be destroyed because I accidentally navigated away from the page?

Re:Data loss due to accidental navigation

[scottbomb]

Use Firefox. They have the same idiocy (mapping back to backspace - which I can't stand either) but at least you can turn it off. Almost nothing in Chrome is customizable. Why it has such a large following is beyong me.

Re:Data loss due to accidental navigation

[Microlith]

Except that in Firefox, when your focus is a text box the backspace key will not attempt to take you to a previous page. I am also extremely skeptical that Chrome does this.

Re:Data loss due to accidental navigation

[mysidia]

Use the left arrow key to move the cursor left one unit, then press DEL, instead of backspace.

[*]I am not a big fan of backspace being abused as a navigational command, either. It is not the intended use of the key, and sometimes causes accidental loss of partially drafted text.

Re:Data loss due to accidental navigation

Use Firefox. They have the same idiocy (mapping back to backspace - which I can't stand either) but at least you can turn it off. Almost nothing in Chrome is customizable. Why it has such a large following is beyong me.

Angry birds.

Seriously. People see Chrome as a casual gaming platform...one of the reasons people continue to use Facebook too.

Re:Data loss due to accidental navigation

[Xolvix]

I just did a test in Firefox with this very post. I typed up to this point, clicked backspace outside the text pane to go back a page, then clicked forward. Whatdayaknow... the text was retained. Maybe that's the reason I never investigated about changing the behavior - because it's far more useful than it is annoying (and the annoyance is temporary because the text buffer won't disappear).

Re:Data loss due to accidental navigation

I'm currently using Firefox, mainly because its UI looks better, but I used to use Chrome and I did so because it was faster, more stable and used less memory. If they hadn't fucked up the UI I would probably still be using it, although disabling local extensions might have pushed me back to Firefox anyway. I'm actually a bit sad about having to use Firefox, because I do think Chrome is much better under the hood, but I just couldn't bear to look at those ugly grey controls any longer.

Re:Data loss due to accidental navigation

[abhi_beckert]

This is one of many reasons why I like Safari -you have to jump into the command line settings to *enable* backspace-to-go-back.

It's definitely the best browser available, in terms of getting little things like this right.

Re:Data loss due to accidental navigation

To be pedantic, you could use left-arrow, delete. hardly comfortable but unambiguous.

Re:Data loss due to accidental navigation

Its allso the slowest fucking browser ive ever used, but that is probably because apple suffers from NIH syndrome when it comes to platforms other than its own.
(yes i use windows)

Re:Data loss due to accidental navigation

[Cloud+K]

I know exactly why I originally switched: I was not yet educated on the sheer depth of Google/Chrome's hostility towards your privacy, it had a huge selling point: silent, background updates where I don't even know they're happening (I like it that way).

This was at that time shortly after Firefox went to that crazy new release schedule and whizzed along from version 4 to version 26 in what felt like about 20 minutes. It was during this time that Firefox was driving me ABSOLUTELY NUTS popping up every few weeks with yet another new release, and getting in the way with its addon checks etc next time it's launched.

There is little that infuriates me more than when I launch an application and can't use it for the next 30 seconds because it's picked that time to chug around doing updates. I don't know if it's because they're too busy coding to use their own applications, but very few developers in the world seem to understand that "when an application is launched, that's when the user wants to USE that application" (sometimes urgently), and therefore very few have the sense to do their updates in the background or on exit (still annoying if you're waiting to shut down, but at least slightly less annoying).

Pre-empting the inevitable "30 seconds isn't that long you're not going to die waiting 30 seconds to see your cat videos" reply: Oh hold on, I'll just bin my SSD, and I believe Grace Hopper would like a word about nanoseconds. Chrome didn't need to waste those seconds, and so neither did Firefox. Unnecessary wastes of time are quite irritating.

{/rant}

The other issue was Chrome's excellent sync vs. Firefox's messy faff of one.

HOWEVER!

Two things have happened since:

1) An acute awareness of how much Google treat your personal info / metadata / browsing habits as an all-you-can-eat buffet, made all the more obvious in our recent privacy conscious times triggered by NSA et al

2) They finally fixed the Firefox browser.

There is still a foreground element to updates and their notifications, but nowhere near as obtrusive as they were when I abandoned it, add-ons don't usually break, and now it has a proper sync system.

Nowadays it's a no-brainer to use Firefox again. It gives you the same conveniences regarding sync and less annoying updates, but doesn't spy on you or restrict you like Chrome does and has much more respect for your privacy and freedom. Wouldn't touch Chrome with a bargepole now, and them locking it down even further only seals the deal.

Re:Data loss due to accidental navigation

[Ksevio]

If you're in a text area then the browser acts like a text editor and removes a character. Firefox and Opera at least will retain the message if you click backspace outside the text area and go forward again.

Since back is the most commonly used button, it makes sense to have an easily accessible button on the keyboard.

Re:Data loss due to accidental navigation

But when your focus is a dropdown list, the backspace key works just fine. Which is a royal pain in the ass when you type to search in that list and reflexively hit backspace to try to correct a spelling mistake. The exclusion for backspace should be extended to every <input> element when it has focus, not just type="text" and <textarea>.

Reminds me of the "Outlook Email Security Update"

[yuhong]

Remember the "Outlook Email Security Update" from mid-2000 with the pop-ups asking to approve programs sending mail or gathering data from your address book and why it was so difficult to disable?

"You can still load unpacked extensions"

[tepples]

From the link you posted: "You can still load unpacked extensions in developer mode on Windows."

Re: "You can still load unpacked extensions"

How is that practical? It's not sustainable and puts more work on end users especially when there are updates to the extensions.

Re:"You can still load unpacked extensions"

Developer Mode = Google+ more T's and C's and more bullshit. Rather than a dialog that pops up and says "hey, this extension is installed, do you want to authorize it?" But that wasn't what this was about, it's about another walled garden and shoving shit into Google+.

Re: "You can still load unpacked extensions"

[tepples]

How is that practical?

If your users are beta testers, they are part of the development process.

It's not sustainable

Could you explain in what way it is "not sustainable", and what substantial "more work on end users" it adds?

In turn due to accidental focus loss

[tepples]

So how do I unambiguously indicate to a web browser that I want the backspace key's focus to remain in a text area? I often accidentally bump my laptop's trackpad with my palm. Or a script may execute on the page that focuses another element. Or I may reach for the letter q or the number 1 and press Tab instead.

Re:In turn due to accidental focus loss

[tepples]

If an application's design encourages user error, the application's design is at fault.

Re:In turn due to accidental focus loss

One possible solution is to move the Q and 1 keys to another area of the keyboard. Maybe under the space bar. Just spitballing here.

Re:In turn due to accidental focus loss

You must be an inattentive moron then, this has NEVER EVER happened to me.

Re:In turn due to accidental focus loss

This could be sarcasm, but my gut says it's not. My gut says you're a huge shithead. I've never had this problem either, or almost never, but you know what? Other people do. So treat them with respect, and don't be a shithead. Thanks.

What does it take to publish in Chrome Web Store?

[MouseTheLuckyDog]

Aside from following rules like no spam and no child pornography, if your extension is free they charge you a $5 developer regisstration fee.

So it seems to me to distribute by the Chrome eb Store is not that big an inconvenience,

Store it in my butt

Anyone hosting the cloudtobutt extension on there?

Re:LOL

Another Scroogling so soon?

You Microsofties are just too predictable.

That sort of depends on how you define PC

[tepples]

its funny that intelligent people would even THINK to try a google product that is a binary, running on their pc.

That depends on whether you consider a phone or tablet running Android OS to be a personal computer. True, the vast majority of devices are not "Lenovo compatible PCs" because they have non-x86 CPUs. But they are still personal computers in a sense.

I currently install and maintain multiple browsers

[mmell]

On my Win box, IE, Chrome, FF and Opera. I keep 'em all current and updated.

The default browser - well, that all depends on which one is working the way I want it to at any given time. It's been Chrome for a while, but the instant that changes so will my default browser. For now, the few extensions I have installed all seem to be working correctly. If that changes, FF is ready in the bullpen. Strangely enough, IE is ready to go in at need. Opera is mostly around as a reminder that a swiss army knife may do a hundred things, but it probably isn't the best tool for doing any of them (although it does do better on the acid tests than IE).

My Linux workstation generally is limited to Chrome and FF. Haven't had any real troubles with either one, although Chrome is the goto browser with FF relegated to any pages which Chrome pukes on, a situation I haven't seen in a long while.

Re:LOL

There is no problem. Chrome is for the clueless and they should be shielded from external extensions. The tech savvy all use Chromium, which has no such restriction.

Butt Strife and Fox McButt

[tepples]

Cloud-to-Butt is on the Chrome Web Store. I installed the Firefox version of Cloud-to-Butt for a while for stools and giggles. But I'm not so sure what the ESRB would think of character names like Butt Strife and Fox McButt. And I just reverted someone's accidental vandalism on TV Tropes that mentioned Butty with a Chance of Meatballs.

Re:What does it take to publish in Chrome Web Stor

They can block extensions they don't like for instance youtube ripper or ad blocker.

Developers?

[mwvdlee]

So how do I develop extensions?
Also, how do I run the custom extensions that are used in our company and should not be publically available?
How about extensions that are installed with some hardware, like the one that makes Dymo labelwriters accessible from JavaScript?

Re:Developers?

[gl4ss]

you get the developer version. or chromium.

but anyhow, this is along the biz reasoning why they started chrome originally. when they started, the most popular browsers were looking like they were going to ship with adblocker extensions by default... and boom google comes up with funding for a browser of their own.

Re:Developers?

[kav2k]

So how do I develop extensions?

Like you always did. Developer mode did not change this time around.

Also, how do I run the custom extensions that are used in our company and should not be publically available?

Enterprise install policy is unchanged. If you can use it, you can use extensions from any source. Even NPAPI extensions, which are now banned from Store.

How about extensions that are installed with some hardware, like the one that makes Dymo labelwriters accessible from JavaScript?

It's probably not an extension, but a plugin. That's a bit different, but they will also be going away end of this year.

So what.. we block google chrome and plus and gmai

To hell with google.

How-to

[Namarrgon]

From the Chrome Developer page:

1. Unzip the .crx file
2. Go to chrome://extensions
3. Tick on Developer Mode
4. Click Load Unpacked Extension...
5. Select and install.

And nothing of value is lost.

[drolli]

I yet have to see many convincing cases of extensions for browsers (for everyday applications). I am unisg firefox, and the extensions i use are scrapbook, nojs, foxyproxy.

Dealbreaker

[arkhan_jg]

Not that I want you stay on Chrome for any particular reason (I've gravitated to mostly using firefox myself, for other reasons) but I do use this web-store hosted extension - backstop - for blocking 'backspace sometimes blows away your entire comment instead of deleting one character' idiocy.

I have a better idea Google.

You can kiss my big hairy ass!

Google is getting quite annoying recently.

Case in point: Google Chrome. Not too long ago you can easily find a copy of the offline standalone full installer on sites such as Filehippo and Softpedia. Nowadays, those sites just redirect you to Google's official download page, and lets you download an 'offline installer' that checks online for latest version.

Back to the topic of extensions. Firefox is still the king of extensions e.g. Downloadhelper. I use Chrome as my primary browser with only Ad Block Plus installed.

However, Firefox 29 and the Australis theme left a bad taste in the mouth. Mozilla had better wake up instead of trying to be another Chrome wannabe.

More reason not to use Chrome...

...ever since they removed Sidetabs, Chrome has sucked more and more...

Re:LOL

There is no problem. Chrome is for the clueless and they should be shielded from external extensions. The tech savvy all use Chromium, which has no such restriction.

Except Chromium seem to have problems working with webcams unlike say Chrome. I'm no fan of privacy stealing Google but sadly there are no true service providers with a strong sense of protecting their users/clients from spying by themselves or the government. I use Chromium 99% of the time but sometimes it is necessary to use Chrome on my Ubuntu Linux running notebook.

The moment I can not do what with what I am using.

I will not surf the web without Adblock Plus or a similar alternative.

The moment I can not do what with what I am using on a day to day basis and there are other good choices I will switch.

Chrome will be replaced with Firefox, Chromium, SRWare Iron and plenty of other choices...

iGoogle was replaced with igHome, while I was at it Google search at the top was replaced with duckduckgo, mainly out of spite..

Another good reason

[JohnFen]

...and yet another good reason to avoid using Chrome.

Re:What does it take to publish in Chrome Web Stor

[JohnFen]

The problem with being required to use the store isn't the cost of doing so. Even if it were 100% free, it would still be a bad thing.

Chrome or Chromium

[Frankie70]

Is the blocking code in Chromium or Chrome. If in Chrome, then shift to Chromium. If in Chromium, then someone can fork it and comment out that code and keep merging stuff back from Chromium.

Why?

[Frankie70]

Why does anyone use Chrome over Chromium? I have only used Chromium - so is there anything better in Chrome as compared to Chromium. I use Chromium because Chrome installs services on my machine. I don't see why a browser needs services running in the background.

Alt+Left is unambiguously "back"

[tepples]

Alt+Left is unambiguously "back". I don't see why making users rely on Alt+Left is worse than the risk of loss of data entered into a form.

Re:Alt+Left is unambiguously "back"

[Ksevio]

That's a bit cumbersome for the most used feature. I don't see why the most used function of a program should be assigned to an awkward key combo just so some clumsy people don't have to worry about a problem that doesn't actually exist.

Re:Alt+Left is unambiguously "back"

[tepples]

I don't see why the most used function of a program should be assigned to an awkward key combo just so some clumsy people don't have to worry about a problem that doesn't actually exist.

What's the difference between your comment and the following statement? "I don't see why computers and computer programs should be accessible to people with disabilities."

Re:Alt+Left is unambiguously "back"

[Ksevio]

Because making programs easier to use (such as by making the most commonly used function a single large key rather than a multi-key combo) makes them more accessible to all people including people with disabilities.

Re:Alt+Left is unambiguously "back"

[tepples]

I just did the following in Firefox 29:

1. View your post.
2. Click "Reply to This".
3. Type something.
4. Click the Back button.
5. Click the Forward button.
6. Notice that what I had typed in step 3 was gone.

How does data loss make programs more usable?

Re:Alt+Left is unambiguously "back"

[Ksevio]

That's probably because of the fancy javascript stuff slashdot uses. For normal forms the data is still there.

But like you said, pressing the back button also results in loss of data, so should we also remove that because people might accidentally click it?

Re:Alt+Left is unambiguously "back"

[tepples]

It's a lot harder to accidentally click the back button than to accidentally defocus a text field a fraction of a second before trying to remove the most recently typed character.

How does developer mode involve G+?

[tepples]

Developer Mode = Google+

What do you mean by this? In Chrome for Windows, I verified that I am not signed in (Overflow menu > Settings). Then I checked the developer mode box (Overflow menu > Tools > Extensions > Developer mode), and it didn't even prompt me to sign in to Chrome, let alone create a public profile.

This is because Easy Youtube Video Downloader

Google Chrome becomes a walled garden with digital handcuffs. I bet this is because the Hollyweb, to exterminate such extensions as Easy Youtube Video Downloader. It is a billionaire business and they have a pact to share it.-Ignacio Agulló

Re:LOL

There is no problem. Chrome is for the clueless and they should be shielded from external extensions. The tech savvy all use Chromium, which has no such restriction.

Smarter people use Ultron. NASA uses that shit, bro.

Yeah, with pop up nagware.

Yeah, and have it carp at you with a pop up every fscking time you open a browser window. ffs...

Yeah, with pop up nagware.

Yeah, and have it carp at you with a pop up every fscking time you open a browser window. ffs....

Uninformed. Also a nag pop up on any new window.

Yeah, a single check mark. Sure. It still carps at you with a pop up every fscking time you open a browser window. ffs.

Social engineering

[tepples]

How else is the browser supposed to distinguish between that extensions that you intended to install and extensions that you were social-engineered into installing? That's the reason that Chrome requires developer mode for this in the first place.

Re:What does it take to publish in Chrome Web Stor

[Kalriath]

If they're gonna go this way, there needs to be a way to have unpublished (i.e. private) extensions on the Chrome store which are not subject to content policies.

Time to stop using Chrome

Oh well, time to stop using Chrome... POS browser anyway...