You actually could run your own App Store if you wanted to. It wouldn't be a difficult effort to manufacture some lightweight replacement server to implement the private webstore API (if you want to provide install-from-the-website functionality) and support for the update and download mechanisms, all of which are queried by the open Chromium code. The catch is that you'd have to run Chrome with some extra command-line arguments to override the store and download URLs.
Currently you have default --apps-gallery-url=https://chrome.google.com/webstore and --apps-gallery-update-url=https://clients2.google.com/service/update2/crx.
Of course this is not going to be supported by Google and you're pretty much on your own for figuring out the work that needs to be done, but the code's all there.
Thanks for this, it's exactly right. Proxying all network traffic through an app is a terrible idea and nobody should be OK with it.
Hopefully some day Android Chrome gets extension support (I'm not saying it will - I have no idea). At that point you could expect AdBlock to be available on Android again as a Chrome extension.
You can still use Windows stable or beta when testing extensions, because those builds will still load unpacked extensions in "developer mode". The drawback is that you'll have to deal with the constant nagging when you launch Chrome, notifying you that there are extensions loaded in this way.
The nagging has to be constant (i.e. there can be no "never show this again" option), or else it immediately becomes an easy path for malware to exploit.
Browser hijacking is a major problem within Chrome and other browsers, and side-loaded extensions are by far the most common vector for hijacking. Firefox and IE have the same problem. Short of making extension APIs totally useless for developers, this is the best approach anyone's come up with. Third-party anti-malware vendors are unreliable in this regard because it's very difficult (with good and often sufficiently gnarly legal reasons) to get them to classify any given extension as clearly being malware. This gives Google a necessary choke-point through which to filter unsavory extensions.
While you seem to believe this desire for control is driven by a nefarious, greedy plan to herd all the sheeple into a walled garden [diabolical laughter] with "plausible deniability," it's actually driven by a desire to not have users fucking hate Chrome because some dipshit is making millions of dollars injecting toolbars into browsers and sucking up volumes of sensitive and often personally identifiable information with no (or ill-begotten) user consent.
Though I don't see it mentioned in either of the links, it should be noted that this constraint only affects Windows stable (and I believe beta) channels. If you want to run Windows Chrome and you know you can handle yourself without being hijacked, just run dev channel. It's usually pretty stable.
Source: I'm a full-time Chrome developer at Google.
Slashdot Mirror
It cannot be understated how serious Google is, internally, about not ruining the Internet. Just mull it over for a bit.
You actually could run your own App Store if you wanted to. It wouldn't be a difficult effort to manufacture some lightweight replacement server to implement the private webstore API (if you want to provide install-from-the-website functionality) and support for the update and download mechanisms, all of which are queried by the open Chromium code. The catch is that you'd have to run Chrome with some extra command-line arguments to override the store and download URLs.
Currently you have default --apps-gallery-url=https://chrome.google.com/webstore and --apps-gallery-update-url=https://clients2.google.com/service/update2/crx.
Of course this is not going to be supported by Google and you're pretty much on your own for figuring out the work that needs to be done, but the code's all there.
Thanks for this, it's exactly right. Proxying all network traffic through an app is a terrible idea and nobody should be OK with it.
Hopefully some day Android Chrome gets extension support (I'm not saying it will - I have no idea). At that point you could expect AdBlock to be available on Android again as a Chrome extension.
You can still use Windows stable or beta when testing extensions, because those builds will still load unpacked extensions in "developer mode". The drawback is that you'll have to deal with the constant nagging when you launch Chrome, notifying you that there are extensions loaded in this way.
The nagging has to be constant (i.e. there can be no "never show this again" option), or else it immediately becomes an easy path for malware to exploit.
If Chrome asked for user consent, malware vendors would just fake user consent.
Nope. You're wrong.
Browser hijacking is a major problem within Chrome and other browsers, and side-loaded extensions are by far the most common vector for hijacking. Firefox and IE have the same problem. Short of making extension APIs totally useless for developers, this is the best approach anyone's come up with. Third-party anti-malware vendors are unreliable in this regard because it's very difficult (with good and often sufficiently gnarly legal reasons) to get them to classify any given extension as clearly being malware. This gives Google a necessary choke-point through which to filter unsavory extensions.
While you seem to believe this desire for control is driven by a nefarious, greedy plan to herd all the sheeple into a walled garden [diabolical laughter] with "plausible deniability," it's actually driven by a desire to not have users fucking hate Chrome because some dipshit is making millions of dollars injecting toolbars into browsers and sucking up volumes of sensitive and often personally identifiable information with no (or ill-begotten) user consent.
Though I don't see it mentioned in either of the links, it should be noted that this constraint only affects Windows stable (and I believe beta) channels. If you want to run Windows Chrome and you know you can handle yourself without being hijacked, just run dev channel. It's usually pretty stable.
Source: I'm a full-time Chrome developer at Google.