Google Starts Blocking Extensions Not In the Chrome Web Store

← Back to Stories (view on slashdot.org)

Google Starts Blocking Extensions Not In the Chrome Web Store

Posted by Soulskill on Tuesday May 27, 2014 @02:01PM from the protecting-you-from-yourself dept.

An anonymous reader writes "Google has begun blocking local Chrome extensions to protect Windows users. This means that as of today, extensions can be installed in Chrome for Windows only if they're hosted on the Chrome Web Store. Furthermore, Google says extensions that were previously installed 'may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store.' The company didn't specify what exactly qualifies the "may" clause, though we expect it may make exceptions for certain popular extensions for a limited time. Google is asking developers to reach out to it if they run into problems or if they 'think an extension was disabled incorrectly.'"

45 of 225 comments (clear)

Min score:

Reason:

Sort:

Java? by Anonymous Coward · 2014-05-27 14:03 · Score: 2, Interesting

Does this include Java?
1. Re:Java? by Desler · 2014-05-27 14:05 · Score: 2
  
  Java isn't an extension.
Welcome to your new walled garden by TubeSteak · 2014-05-27 14:06 · Score: 5, Insightful

It's only going to get worse as more and more "platforms" get tied to some company curated web store.
No thanks!

--
[Fuck Beta]
o0t!
1. Re:Welcome to your new walled garden by pitchpipe · 2014-05-27 14:23 · Score: 5, Insightful
  
  It's only going to get worse as more and more "platforms" get tied to some company curated web store.
  HA! Pretty soon they'll have your desktop acting just like a smart phone: no privacy what-so-ever with every app knowing when you take a shit to when your SO is ovulating.
  No fucking thanks indeed!
  
  --
  Look where all this talking got us, baby.
2. Re:Welcome to your new walled garden by Quick+Reply · 2014-05-27 14:24 · Score: 2
  
  Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.
3. Re:Welcome to your new walled garden by TubeSteak · 2014-05-27 14:39 · Score: 2, Insightful
  
  Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.
  You let me know when Chromium gets bundled with Android cell phones or Chromebook laptops.
  
  --
  [Fuck Beta]
  o0t!
4. Re:Welcome to your new walled garden by swillden · 2014-05-27 15:11 · Score: 4, Insightful
  
  Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.
  You let me know when Chromium gets bundled with Android cell phones or Chromebook laptops.
  Nicely done... you slipped that word "bundled" in there, because obviously that's not going to happen; Google will provide the normal Chrome builds. Users that want to can install Chromium themselves, of course, and in fact Google even provides instructions on how to do it, as well as all of the source code.
  And you also slyly ignored the fact that the just-announced news doesn't affect Android or Chromebook, only Windows. Maybe Chrome for Android will eventually get the same policy, but it's likely that the superior security architecture of ChromeOS will make it unnecessary on Chromebooks.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
5. Re:Welcome to your new walled garden by ozmanjusri · 2014-05-27 15:55 · Score: 4, Informative
  
  No fucking thanks indeed!
  Or you could just not use Windows.
  And if that's not an option, you could use the dev channel version of Chrome to sideload anything you want. Or use Chromium instead. You're not locked into the App store unless you want to be,
  Look, you can spin it any way you want, but his is pretty obviously a step to protect non-technical Chrome users from malware. It's not aimed at people who have the know-how to manage their own plugins/apps.
  
  --
  "I've got more toys than Teruhisa Kitahara."
6. Re:Welcome to your new walled garden by Noah+Haders · 2014-05-27 17:55 · Score: 2
  
  Chromium is open source so if you don't like it, fork you own copy and get whatever useless toolbars that install without permission that you want.
  don't be a fuck twit. how will you side load extensions when there are no extensions to install? no sane programmer will make a new windows extension that doesn't go through the chrome store.
7. Re:Welcome to your new walled garden by AmiMoJo · 2014-05-27 23:54 · Score: 4, Informative
  
  Complete nonsense. Extensions are just Javascript and a bit of metadata, and can post data anywhere they like. No need for it to "flow though google" at all.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
8. Re:Welcome to your new walled garden by cdrudge · 2014-05-28 01:32 · Score: 2
  
  Pretty soon they'll have your desktop acting just like a smart phone
  My laptop died over the weekend and while browsing online for a replacement, one laptop was advertised as having "smart-phone like responsiveness." I quickly moved on to a different laptop.
9. Re: Welcome to your new walled garden by hairyfeet · 2014-05-28 02:39 · Score: 2
  
  He is using the same argument the DoJ used against MSFT bundling IE, that since a good 90%+ use the defaults it gives the company a defacto monopoly. I personally thought the DOJ arguments were bullshit but you can't support one but not the other since its the exact same argument...company owns platform, company bundles browser into platform, company gets 90%+ of users using their bundled browser...seems like a pretty straightforward argument if you ask me, whether you personally agree with it or not.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
A Pox on Google! by Anonymous Coward · 2014-05-27 14:13 · Score: 4, Interesting

I refuse to use Google search, maps, cloud, G-mail or anything of theirs. I strongly object to entries in their terms of service and this is the only way that i can express my displeasure with them. Try to find an e-mail address that a live human will read at Google.
1. Re: A Pox on Google! by postbigbang · 2014-05-27 14:50 · Score: 4, Interesting
  
  You're not alone, but then again, neither are they. The new world order is to host your own store, and reap the rewards, control your clientele, and do so in the superficial PR mechanism of controlling bad stuff, where the actual motive is more like: profit and gleaning market trends.
  Altruism is NOT Google's business model.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
2. Re: A Pox on Google! by Anne+Thwacks · 2014-05-27 20:11 · Score: 2
  
  Who in their right mind would use Google when there is Bing?
  Oh, wait ...
  
  --
  Sent from my ASR33 using ASCII
3. Re: A Pox on Google! by Noah+Haders · 2014-05-28 00:51 · Score: 2
  
  fool. the link you sent was for the 2013 report. here's the 2014 report, in which apple gets 6 out of 6 https://www.eff.org/who-has-yo...
  
  more importantly, EFF is only considering privacy from govt interference. Apple also gives you privacy from their own snooping. Google, all they do is peer into your activities to track and profile. that is loss of privacy. Apple does not do this.
Dealbreaker by Anonymous Coward · 2014-05-27 14:13 · Score: 4, Interesting

The extension I used to correct their staunch adherence to the idiocy that is mapping backspace to the browser back button is unhosted, so... bye.
1. Re:Dealbreaker by Xolvix · 2014-05-27 19:00 · Score: 2
  
  You didn't literally press Backspace 100 times in a row. As if it would have taken more than three presses before it was obvious it wouldn't do anything.
  In Linux the backspace key in Firefox is by default set to do nothing. In Windows it goes back a page. I don't know why the defaults are difference, but whenever I try Linux out (before inevitability going back to Windows), I always dip into about:config and change the backspace behavior in Firefox to make backspace go back just like it does in Windows. Keeps things consistent.
yeah whatever by epyT-R · 2014-05-27 14:16 · Score: 5, Interesting

The claim of protection is just the public plausible deniability excuse.. The real reason is to force people to use their stupid 'app store.'
1. Re:yeah whatever by _xeno_ · 2014-05-27 14:52 · Score: 5, Insightful
  
  Also to get rid of troublesome extensions like Adblock Plus. I seem to recall Google kicking Adblock Plus from the Google Play store, which while not the same thing as the Chrome Web Store, does seem a bit worrying.
  Granted the reasoning used in that case (it "interfered with the operation of other apps") likely wouldn't apply to Chrome but it's the primary reason I want to be able to install extensions from non-Google "blessed" sources: I don't trust Google not to be evil.
  
  --
  You are in a maze of twisty little relative jumps, all alike.
2. Re:yeah whatever by verylargeprime · 2014-05-27 16:26 · Score: 5, Informative
  
  Nope. You're wrong.
  
  Browser hijacking is a major problem within Chrome and other browsers, and side-loaded extensions are by far the most common vector for hijacking. Firefox and IE have the same problem. Short of making extension APIs totally useless for developers, this is the best approach anyone's come up with. Third-party anti-malware vendors are unreliable in this regard because it's very difficult (with good and often sufficiently gnarly legal reasons) to get them to classify any given extension as clearly being malware. This gives Google a necessary choke-point through which to filter unsavory extensions.
  
  While you seem to believe this desire for control is driven by a nefarious, greedy plan to herd all the sheeple into a walled garden [diabolical laughter] with "plausible deniability," it's actually driven by a desire to not have users fucking hate Chrome because some dipshit is making millions of dollars injecting toolbars into browsers and sucking up volumes of sensitive and often personally identifiable information with no (or ill-begotten) user consent.
  
  Though I don't see it mentioned in either of the links, it should be noted that this constraint only affects Windows stable (and I believe beta) channels. If you want to run Windows Chrome and you know you can handle yourself without being hijacked, just run dev channel. It's usually pretty stable.
  
  Source: I'm a full-time Chrome developer at Google.
3. Re:yeah whatever by AmiMoJo · 2014-05-28 00:07 · Score: 4, Informative
  
  The reason AdBlock Plus for Android was removed from Play was that it sets up a transparent proxy on your phone. Since the Android version of Chrome doesn't support extensions that is the only way it can operate. The problem is that all network traffic flows though the proxy, even stuff from other apps. If other apps use HTTP to get data it goes through the AdBlock filter. This broke some legitimate non-advertising functionality and also tended to cause issues accessing normal web pages when the mobile connection was a bit intermittent.
  It was fine if you were willing to put up with all that, but created a bad user experience for most people and got a lot of complaints. You can still install it just by downloading the .apk from the AdBlock Plus web site of course.
  Similarly with Chrome, you can still install extensions locally, just not from random web sites any more.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Problem with antivirus by Todd+Knarr · 2014-05-27 14:16 · Score: 2

Kaspersky AV installs it's extensions in Chrome, and frankly I a) don't want to depend on the Chrome Store for them since I can only trust them if they come directly from Kaspersky and b) don't want them disabled since I installed Kaspersky specifically for this purpose. I can see refusing to enable local extensions until the user confirms they ought to be there, but Chrome isn't the only source of browser components on my computer.
1. Re:Problem with antivirus by verylargeprime · 2014-05-27 16:41 · Score: 2
  
  If Chrome asked for user consent, malware vendors would just fake user consent.
Old by tepples · 2014-05-27 14:21 · Score: 4, Informative

This was announced six months ago. Unpacked extensions will still run.
1. Re:Old by Virtucon · 2014-05-27 14:54 · Score: 2
  
  True, old news but no, unless it comes from their blessed store or points to their blessed store you can't http://www.chromium.org/develo...
  
  --
  Harrison's Postulate - "For every action there is an equal and opposite criticism"
Re:Fork or patch? by Todd+Knarr · 2014-05-27 14:30 · Score: 3, Informative

They say developers will still be able to install locally. My guess is that if you enable developer mode (checkbox in the extensions page) you can still use local extensions like always.
Good! by Anonymous Coward · 2014-05-27 14:41 · Score: 2, Interesting

I help fix computers for friends and family and the amount of incredible crapware that gets installed into browsers "by itself" is staggering. NONE of that is ever wanted.
Firefox had this problem first, and I'd say it was the only reason why most of them moved to Chrome.
Now Chrome is just as bad.
It is good for everyone I know, including me.
This is not new news. by Virtucon · 2014-05-27 14:50 · Score: 5, Interesting

For those of us on the Dev channel for Chrome hit this in February. It's definitely a fucked up decision by the Chrome team and has led to a lot of folks ripping out Chrome in favor of something else. The claim made by the devs is that it's safer if the extensions come out of their web store and would eliminate malicious activity from extensions. They obviously didn't want to fix the browser to alert the user when malicious extensions are installed or provide a sysadmin set of functions necessary to install necessary, safe extensions. Of course we all know it's another fucking walled garden take-over by Google. I've already recommended to clients that they don't use Chrome and have removed it from a little over 4000 systems thus far. Personally Google is fucking the user community on this one, so fuck Google.

--
Harrison's Postulate - "For every action there is an equal and opposite criticism"
1. Re:This is not new news. by TheGratefulNet · 2014-05-27 17:15 · Score: 3, Insightful
  
  this time.
  its not the step that's the problem; its the journey.
  you google fans; you really can't see where the end journey is headed? no one knows where it will end, but you can, at least, see the *direction* its going, yeah? how can that not bother you?
  
  --
  
  --
  "It is now safe to switch off your computer."
2. Re:This is not new news. by viperidaenz · 2014-05-27 21:52 · Score: 2
  
  So... explain how a developer is supposed to develop extensions to put in to the web store if they can't load their own in developer mode?
  It will always work that way.
Developer Mode still can install by Formorian · 2014-05-27 14:55 · Score: 4, Informative

The article clearly states that you can still do this with developer mode. To me this is non story. They trying to stop the malware stuff for 90% of users.
The rest of us can still do what we want. Or anyone else that can manage to click a single check mark.
1. Re:Developer Mode still can install by vux984 · 2014-05-27 17:33 · Score: 2
  
  They trying to stop the malware stuff for 90% of users.
  There are plenty of actual solutions for that.
  a) Block the extensions that don't come through the app store, but let the user enable them one by one -- without scary 'developer mode' (and opening up the floodgates)
  b) Reputation systems -- allow 'reputable' extensions; revert to a) above for the rest. Google and the AV vendors don't want to get their hands dirty classifying useless shit nobody wants as the useless shit nobody wants, fine let the 'community' handle the reputation.
  And for anyone who really wants it, they can manually enable it.
Data loss due to accidental navigation by tepples · 2014-05-27 15:07 · Score: 4, Insightful

So how do I unambiguously indicate to a web browser that I want to delete only one character from a text area, not have the entire message be destroyed because I accidentally navigated away from the page?
1. Re:Data loss due to accidental navigation by scottbomb · 2014-05-27 15:15 · Score: 4, Insightful
  
  Use Firefox. They have the same idiocy (mapping back to backspace - which I can't stand either) but at least you can turn it off. Almost nothing in Chrome is customizable. Why it has such a large following is beyong me.
2. Re:Data loss due to accidental navigation by Xolvix · 2014-05-27 18:54 · Score: 4, Informative
  
  I just did a test in Firefox with this very post. I typed up to this point, clicked backspace outside the text pane to go back a page, then clicked forward. Whatdayaknow... the text was retained. Maybe that's the reason I never investigated about changing the behavior - because it's far more useful than it is annoying (and the annoyance is temporary because the text buffer won't disappear).
"You can still load unpacked extensions" by tepples · 2014-05-27 15:10 · Score: 3, Informative

From the link you posted: "You can still load unpacked extensions in developer mode on Windows."
Re:In turn due to accidental focus loss by tepples · 2014-05-27 16:07 · Score: 2

If an application's design encourages user error, the application's design is at fault.
Re:LOL by Anonymous Coward · 2014-05-27 16:56 · Score: 3, Informative

There is no problem. Chrome is for the clueless and they should be shielded from external extensions. The tech savvy all use Chromium, which has no such restriction.
Re:What does it take to publish in Chrome Web Stor by Anonymous Coward · 2014-05-27 17:14 · Score: 2

They can block extensions they don't like for instance youtube ripper or ad blocker.
How-to by Namarrgon · 2014-05-27 18:21 · Score: 4, Informative

From the Chrome Developer page:
1. Unzip the .crx file
2. Go to chrome://extensions
3. Tick on Developer Mode
4. Click Load Unpacked Extension...
5. Select and install.

--
Why would anyone engrave "Elbereth"?
Re:Developers? by kav2k · 2014-05-27 18:44 · Score: 2

So how do I develop extensions?
Like you always did. Developer mode did not change this time around.

Also, how do I run the custom extensions that are used in our company and should not be publically available?
Enterprise install policy is unchanged. If you can use it, you can use extensions from any source. Even NPAPI extensions, which are now banned from Store.

How about extensions that are installed with some hardware, like the one that makes Dymo labelwriters accessible from JavaScript?
It's probably not an extension, but a plugin. That's a bit different, but they will also be going away end of this year.
Dealbreaker by arkhan_jg · 2014-05-27 20:06 · Score: 2

Not that I want you stay on Chrome for any particular reason (I've gravitated to mostly using firefox myself, for other reasons) but I do use this web-store hosted extension - backstop - for blocking 'backspace sometimes blows away your entire comment instead of deleting one character' idiocy.

--
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
Re:Firefox FTW! by Unordained · 2014-05-28 03:02 · Score: 2

Ugh. I'm one of those developers who would be affected, as I have custom FF extensions deployed for a mid-size client. We don't use the "Enterprise" FF though. I suppose we might have to switch, and deploy FF updates differently, just to keep the ability to run extensions (that have no business being uploaded to anyone's store, as they're entirely site-specific.)
Re:Firefox FTW! by JohnFen · 2014-05-28 03:58 · Score: 2

For the time being, but Mozilla keeps making Firefox worse and worse. If that trend continues even a little while longer, then FF won't be a viable alternative anymore.