
Our Chrome Extension Is Safe - imran3740
https://blog.pushbullet.com/2020/05/15/our-extension-is-safe/
======
raybb
Previous discussion where Pushbullet was worried about being killed off the
chrome store:
[https://news.ycombinator.com/item?id=23168874](https://news.ycombinator.com/item?id=23168874)

------
_fat_santa
You know this wouldn't be so much of an issue if Chrome didn't disable the
ability to install extensions outside of the web store.

As an extension developer its absolutely infuriating to realize that:

1\. There is no way to install extensions outside the web store

2\. Google won't approve anything to the web store.

3\. The vast majority of people use Chrome vs other browsers.

\------

I get it, Chrome is Google's browser and they can do what they please with it.
However Chromium is open source and it's still impossible to do so.

Like thanks Google. I spent months developing an extension only to realize
that as it stands today for the majority of developers, the chrome web store
is closed for new submissions.

And Google didn't even have the courtesy of telling us it's essentially
closed, they just string us along with "pending reviews" (for context I've
been trying to get my extension approved since February).

~~~
ocdtrekkie
It's worth noting that the Chrome Web Store is currently full of malware and
most malware I see on PCs was installed via the Chrome Web Store. By design,
HTTPS does not protect your privacy at all if you have extensions that violate
it, since they see what you see after TLS termination.

So this is a huge deal, Google is already bad at it, but I can't fault them
for heavily restricting extension install: Currently they are way too lax.

~~~
danShumway
This is still something of a problem of Chrome's own creation though.

The reason Chrome can't be much, much more restrictive about what extensions
get placed in the store is because there is no alternative. The less important
your store is, the more exclusive (and safer) it can be.

Look at Linux with package managers like AUR. If a package isn't included in
the official Arch repos, I generally don't mind. I can go install it if I've
vetted it myself. What that means is that Arch can be a lot more restrictive
about what they include. They don't really need to provide a bunch of
justifications, they can just say they had a bad feeling or haven't gotten
around to looking at it.

If the goal is to have safe spaces where users can be certain that they won't
ever run into malware, the space maintainers need the freedom to be very
restrictive. Google doesn't have that freedom with the Chrome Web Store
specifically because getting banned from the Chrome Web Store is a massive
deal -- they can't just decide to prioritize safety over everything else.

Small, optional safe spaces that people can opt into will always be better
filtered, better moderated, and overall safer than a giant space that's forced
to balance between freedom and safety for every single user at the same time.
Moderation doesn't scale.

~~~
AgentME
I don't think their priority is making a specific area where users are free
from malware; they're trying to make it hard for malware overall to integrate
with Chrome. Adding a supported path for software to integrate with Chrome
(allowing extensions not through the store) where they can't block malware
would be giving up on that goal.

~~~
danShumway
> they're trying to make it hard for malware overall to integrate with Chrome

That's a reasonable argument, and you're probably right about their
motivations. But I'm not convinced that's a realistic goal, because the
definition of malware/spyware changes depending on the context/user.

The big reason moderation doesn't scale is because you're forced to balance
everybody's needs at the same time -- you can't optimize for any particular
user. If the end-consequence of an exclusive web store is that it's much
harder for the Chrome team to ban shifty apps without everyone on Twitter
asking for a bullet-pointed list explaining why, then the Chrome team isn't
really making the world that much safer.

In general, I would advocate that it's better to try and build safe spaces
rather than safe worlds. That's kind of a pragmatic philosophy: I'm having a
hard time thinking of an existing safe world that I think runs well. All of
the major app stores (including Apple's) have malware problems to at least a
certain degree. Most giant social networks are not doing a good job of
moderating content. Package managers for languages like Node and Ruby are
running into the same issues.

Maybe the web itself? But the web doesn't get its safety from moderation, it
gets its safety because of sandboxing.

If I'm thinking purely as a consumer, what I really want is an extension store
where I know 100% that everything on it is fine. I don't want to have to think
or read reviews or look up the author before I install an extension. I want it
to be clear when I'm being safe and when I'm doing something dangerous. I
suspect that's what a lot of consumers want, and I just don't see any
realistic path for Chrome to provide that with their current strategy.

I get that "somebody might choose to leave the safe space and install malware
anyway" feels bad, but if the consequence of avoiding that is, "everybody gets
kind of substandard protection all the time", maybe it's worth questioning
whether Chrome's malware goals are worth pursuing in the first place.

------
lqet
So, judging from the discussion on Twitter, there is basically a single guy at
Google handling issues like that.

> FWIW Tweeting at other Googlers will probably just get them to me – not that
> I have a problem with that. At the moment there isn't really a better way,
> and as a single human I don't scale well. TBH we have systemic issues to
> work through to improve the comms process here

[https://twitter.com/DotProto/status/1261058935085101058](https://twitter.com/DotProto/status/1261058935085101058)

> I'm literally the only one for extensions.

[https://twitter.com/DotProto/status/1261155320740499456](https://twitter.com/DotProto/status/1261155320740499456)

~~~
bcrosby95
I had an epiphany 5-10 years ago about technological advancement. An article
on here was posted that bart workers would be obsoleted. That it would save so
much money. That bart could be more efficient.

The solution was for users of bart to self service.

Which got me thinking: so much of technological advancement isn't about
reducing inefficiency, its about making other people bear the cost of that
inefficiency. Someone that is proficient in navigating a subway map - someone
that is doing it daily - can do so much quicker than people that are
unfamiliar. Despite it potentially being more efficient to keep the person
used to doing these things day in and day out employed, (some) technologists
still insist on eliminating them because that's more efficient when looking at
the smaller picture.

This is basically what Google is doing here. They are making other people and
organizations bear the burden of their inefficiencies.

~~~
ethbro
Say what you want about Amazon, but they've encultured the best approach I've
seen so far.

They constantly try to automate and make things more efficient, but they also
assume they will _constantly_ screw up for someone, somewhere, at scale.

So they back it with an empowered human CSR team, who do their best to make
customers happy. They then (apparently) measure the rate of screw ups
continuously, and iterate on their processes until they can drive that rate
close to zero.

So essentially, Bezos realized that the way to excel was to (a) move fast, (b)
break things, (c) apologize (and pay painfully!) when you break things, (d) do
your best not to break things in the same way again.

I feel like Google (as a whole, some teams / products aside!) doesn't really
grok (c).

Which may work for customer acquisition, but not so well for retention.

~~~
tenant
Amazon actually takes your money and also has competitors (high street etc). I
think that partly explains some of the differences in their approach to your
point (c). I think that Amazon also delegates a lot of the pain you're talking
about onto their employees rather than their bottom line. BTW I speak as a
complete hypocrite who is a happy Amazon customer.

------
juped
Wow, they used the "complaining online and getting enough upvotes" support
channel. It should _not_ reflect well on companies when they fix things that
come to their attention this way.

~~~
jaggederest
I almost want to start a customer service pledge that says "We won't do
anything special based on social media unless it retroactively takes into
account other customers, and involves process changes that would resolve the
problem in the future."

Then at least they would be internally consistent about things like this. Too
many Google products have "support by public outrage".

------
DrJaws
They could also tell what was wrong to the customers.

Also, I laugh about the google promise of being more open. Every single time
they screw it and goes viral, they promise the same until 6 months later when
another business is screwed again.

Call it having your mail shut down, your cloud, app deleted on the play store,
the extension on chrome, etc etc.

We've already heard that story dozens of times.

~~~
theandrewbailey
A Google reviewer can select one of three canned responses to tell a developer
what's wrong.

[https://www.blog.google/products/gmail/save-time-with-
smart-...](https://www.blog.google/products/gmail/save-time-with-smart-reply-
in-gmail/)

Oh, you wanted an artisanal hand-crafted response unique to each individual
situation? That's not scalable!

~~~
userbinator
I abhor such... dehumanising (for lack of better term) "features" whose
advertised benefit is saving time, but has a subtle effect of gradually
delegating decisionmaking to someone or something else --- whose goals may not
be in your best interests.

Every time you "didn't have to think" is a time when _someone else_ did the
thinking for you. Take that too far and there is no _you_ left in your life.

------
seanwilson
Until Google gives us a roadmap with what they're going to change about the
review process and when, I'm not hopeful right now. I don't understand why
they need to be this opaque about it if they want a healthy developer
ecosystem.

It's currently expected behaviour that extension updates from developers can
take up to 3 weeks to be reviewed and go live (same as before the pandemic):

[https://developer.chrome.com/webstore/faq](https://developer.chrome.com/webstore/faq)

> "If your item's status says "pending review" for more than three weeks, you
> should contact support."

Is it going to change? When? See here for all the developers waiting over 3
weeks for their updates to go live (that's not including what happens when
they don't pass review):

[https://groups.google.com/a/chromium.org/forum/#!topic/chrom...](https://groups.google.com/a/chromium.org/forum/#!topic/chromium-
extensions/Hy1QgEJzWi0)

All we seem to get back from the few people on the Chrome extension team that
communicate with extension developers is along the lines of "I understand your
concerns, I want it to change as well, and I'll talk to the team".

It's like the person from Google is talking about getting in touch with a team
that work for entirely different company, as if what the team can't be
influenced.

Who's the one making the actual decisions and why don't they talk to us
directly?

------
jakozaur
The current internet giants got huge monopolistic like power that many
dictators of many countries would envy. The set their rules, execute them, and
judge them.

I believe once you become a platform there should be an independent nano-
courthouse where you can appeal. Today being rejected by Apple, Amazon, or
Google platform is equivalent to the economical death penalty for many
individuals.

It should be possible to pay $100 by individuals and appeal to an independent
nano-courthouse if the original platform rejects or blocks you. If you win,
the appeal fee is refunded and the platform has to cover the cost. If you
lose, your $100 is gone.

~~~
graham_paul
Imagine being banned by ALL of them. You are cut out from a large chunk of the
Internet. the only thing saving you from being unable to access common
internet services are those that dared to defy that monopoly (DDG, Mozilla and
all those nameless folks working nights and weekends on projects you don't
even know that exist until you become an internet pariah)

~~~
razster
Oh, my company has been there. Our DNS was blacklisted because someone spoofed
our emails via GoDaddy. Well, Google blocked the DNS IP, and any emails we
sent or tried to receive went into the ether. We also had #1 search results go
missing because of it, a nightmare it was.

I've since resolved the issue, lord did that take a chunck of our traffic
away. Government bodies also could not access us, which hurt a lot!

------
graham_paul
As a Firefox fan, I really hope it happens again and again. It's good for the
web as a whole when Chrome fails and Firefox doesn't.

As a technical person, you should be advocating the use of (real, community
owned) open source browsers not just whatever the majority uses.

I feel that Google's monopoly on the browser market for desktops will be more
and more endangered as they (for legitimate business reasons) refuse to
provide the services and processes that a modern browser user/developer
deserves.

~~~
coolspot
1) Chromium is open-source as well.

2) Like 90% of Mozilla revenue comes from contract with Google.

3) Not sure what community-owned means here, but one could submit useful patch
to both Chromium and Mozilla teams and have it accepted into main codebase.

4) Decisions for both products are not made by a community, but by internal
full-time employees who are subordinates of CEO. Mozilla CEO knows the company
absolutely can’t lose that contract with Google.

~~~
graham_paul
1\. No, it is not. Chromium relies on binaries as well as calling Google's web
services whose code you cannot read. That is why ungoogled-chromium is a thing

2\. Not sure what your point is here. Mozilla needs to make money to maintain
and improve its advocacy work

3\. See point 1. You don't own or control Google's web services nor its
domains therefore you have no full control of the build process if Google
decides to shut down its services. If you want to see what community owned
means, I suggest you look at the Python community. No hidden binaries or
mysterious calls to corporate web services

4\. Google's goal is to make money, Mozilla is to keep an open web. Obviously,
Google has potential business conflicts while Mozilla doesn't, Mozilla wins
even if it dies as long as the web is kept open, Google wins if it makes money
full stop

You simply cannot compare them. Just look at Chrome in a fully Google-owned
environment (Android), it does not even have extensions.

~~~
kelnos
> _Not sure what your point is here. Mozilla needs to make money to maintain
> and improve its advocacy work_

I think the point is that Google could one day just say "hmm, we don't care
about being the default search engine on Firefox anymore", decide to not renew
the contract, and there's goes Mozilla's biggest source of revenue. With
Firefox's market share as low as it is, I wouldn't be surprised to see it
happen.

It's a bit risky when a large chunk of your revenue comes from a single
company, and it's incredibly risky when that company is essentially a
competitor.

------
jboydyhacker
The problems with the Chrome store are likely not over. What good is it if you
have to stir up half the internet to get through their process?

It's not as if developers can go to other platforms since Chrome has 70% of
the market. Most of us in tech are in it to innovate and disrupt but hard to
do that if everything is a Google or Amazon monopoly.

If Chrome is broken then the browser market is broken. Devs should organize to
solve this since Google doesn't seem to be paying attention.

We need to collect and organize feedback from those experiencing problems
which is everyone. Get it to antitrust folks in the EU and DOJ to start an
investigation (to add to their other investigations). If Google knows the EU
and Feds are watching, they might start behaving.

~~~
ferzul
in the olden days we used linux and mozilla when if it wasn't windows or i.e.
it was nothing. i filed taxes on paper. as the web goes closed and unfree,
innovators have to open up new greenfields

------
benatkin
I don't think this is proper use of Chrome extensions, and it hearkens back to
the days of search toolbars, like the Ask and Yahoo toolbars being installed
by Java. [https://www.pcworld.com/article/2940688/java-installer-
ditch...](https://www.pcworld.com/article/2940688/java-installer-ditches-the-
ask-toolbar-swaps-in-yahoo-defaults.html)

As a user I want my browser's extension support to be more like Visual Studio
Code's than like Atom's. Visual Studio Code has fine grained permissions, and
prevents extensions from going through and changing everything. Still, it's
nice that Atom exists so if I want more powerful extensions, I can use Atom.

There's two ways to go that I see. One is for someone to release an
alternative browser that let you install pretty much any extension, sort of
like Atom. The other is for the company that wants to provide the user with an
innovative browsing experience to develop their own browser, which is what
Brave has done.

My reaction to Pushbullet is, as the author of the top comment on a recent
post put it, "Yikes" [0]. They have funding from reputable VCs but they
require way too much permission and store way too much user data for what
seems to be occasionally useful utilities, and this places them alongside the
Ask Toolbar in my mental model of the space.

[https://news.ycombinator.com/item?id=23172856](https://news.ycombinator.com/item?id=23172856)

~~~
wpietri
As a Pushbullet user, I think the two cases are nothing alike. Pushbullet is
doing things _for_ me. The toolbar plague was about getting access to do
things _to_ you. Should Pushbullet be using the minimum set of permissions for
that? Sure. Could there be better permission models, ones that make sure
Pushbullet doesn't do anything naughty? Possibly! But neither of those
justifies a blanket ban.

~~~
benatkin
I'd like to know what the number of users that directly used Pushbullet in the
last day (or week, or month) over the number of users that have the Android
app installed is. If they have it installed, everything they copy to the
clipboard on Android is being sent to their servers, is it not? That puts them
in the same category as Yahoo! Toolbar for me.

At one time Yahoo! Toolbar was useful for a significant percentage of its
users, because it would let them know how many email messages they have, as
well as give them convenient access to the news and weather - so I disagree
that it did nothing for its users.

Edit: I took a look at [https://blog.pushbullet.com/2014/08/20/introducing-
universal...](https://blog.pushbullet.com/2014/08/20/introducing-universal-
copy-and-paste/) \- it appears it was doing that at one time, but currently it
may only be doing that for premium users, who would conceivably be likely
enough to get good use the feature that it would justify the potential
security risk.

~~~
pgrote
I am a premium pushbullet user and have it on my android phone. It is the only
reliable solution to handle texting and notification from the Windows or
Chromebook desktop I have come across.

I've never thought about the information they capture or keep, but I do know
photos sent through text are kept on
[https://dl3.pushbulletusercontent.com](https://dl3.pushbulletusercontent.com)
for a certain period of time. I don't know how long.

~~~
renewiltord
You don’t use messages.android.com?

~~~
pgrote
I know it as messages.google.com. It doesn't work among multiple desktops
concurrently.

~~~
renewiltord
I see. Yes, that is true.

------
fouric
Who's keeping a list of all of the times that Google has shut down someone's
Adwords/YouTube/Gmail/Play Store account / rejected their app / something else
without any communication (this doesn't count as communication, as
communication has to _convey information_ ) or apparent cause? Bonus points
for finding the correlation between an article being linked to on Hacker News
and the problem being resolved.

------
dilandau
This is exactly what PushBullet was hoping would happen, so I don't know why
they're surprised. Everyone loves a good "Google's algorithms are destroying
my livelihood and I have no recourse" story... Why? Because it's fucking
compelling and, to people outside of Google, it provokes a strong emotional
reaction.

Nobody wants their life and livelihood to be fucked over by an algorithm,
especially when there is _no recourse_. These stories almost always end with
some random person at Google "fixing something, really sorry" with no
explanation. This is how Google operates, and I think they actually try to
cultivate this image of themselves. It adds to their mystique and helps them
hire bright engineers.

What can I do? Same as last time this came up, the best thing you can do is
just to not use Google properties or software, and turn on your adblocker.

------
RHSeeger
> All of that attention resulted in our issue being resolved. This is good for
> us. It is not yet clear if the attention will help other developers that are
> struggling with similar vague rejections.

I think it's been made abundantly clear that Google will not, in fact, improve
anything from experiences like this. They happen over and over and every
single time it's the same; if it gets publicity, someone helps resolve it; but
nothing ever improves in the way of communication.

~~~
archon810
Have a look at this
[https://twitter.com/ArtemR/status/1261159338170658816](https://twitter.com/ArtemR/status/1261159338170658816)
and the surrounding discussion.

This is basically the only person at Google who can make things happen if
there's a problem with Chrome extensions.

~~~
on_and_off
If it works the same way as the play store does, the DA has little to do with
that.

A play store advocate can not look up why your app got rejected, they can at
most ask their play store colleagues to look it up and to contact the app
owner.

It is this way to avoid getting in a situation where being friends with a DA
is an huge advantage.

Their job is to collect dev feedback, as well as evangelizing good practices.

And granted, both teams could do a better job at pinpointing the issues (and
devs might also try harder to follow the rules .. fwiw play store bans threads
have just been banned from r/androiddev because devs had a tendency to forget
to talk about the legitimate reason why they got kicked out)

~~~
kinlan
As the lead of that Devrel team, this is pretty much spot on. The process for
these things is out of our hands (prevents abuse etc). There is a lot of
things we can improve about the Chrome Web Store processes, not to mention a
lot of other areas across Chrome.

~~~
archon810
And yet this single DA is the one who's able to request an appeal with
undoubtedly more weight than the developer.

[https://twitter.com/DotProto/status/1261325118774493190](https://twitter.com/DotProto/status/1261325118774493190)

------
ulises314
Just a couple of loose thoughts on this:

-The permissions that pushbullet needed originally where a bit overaching.

-We never knew which was the offending one.

-Reading the original article it crossed my mind that some of the permissions the extension asked could be used for marketing (I'm not implying that they were used for that), and maybe google just didn't wanted extension developers to have a cut on that.

-I really don't like how this marketplaces have made big companies gatekeepers for market share.

------
ocdtrekkie
I actually had a similar experience with Google Ads: A site was flagged for
malware, no explanation what they had found, once I got answers out of them,
days later, I found where a non-resolving but probably former malicious link
ended up on the site. I purged it, cleared the CDN, asked for review, and was
quickly rejected because I allegedly hadn't removed the malicious link.

I asked them to show me where they still found it... and they then realized it
was indeed gone, rejecting my re-review was incorrect, and reenabled the
account.

The only positive on my end, was that since it was the Ads team, where
Google's money is, I got human email responses.

------
spaceribs
As an aside to all this, seeing Google's team attempt to fight off Zoom's
extension has been pretty hilarious to watch:

[https://imgur.com/a/4RwlI0S](https://imgur.com/a/4RwlI0S)

It started out with "Add google meet" not being a button, and below the Zoom
button. Last week it shifted to the Google Meet button being a larger blue
button. Today, they moved the Meet button to before the Zoom button by
shifting their DOM around.

I assume Zoom can't do anything about this for 3 weeks at least, definitely
goes to show how much authority Google has in this situation.

------
rosywoozlechan
I imagine the value that Google gets from chrome extensions is a small
fraction of what they would get from Android apps.

They're not going to be able to spend millions of dollars to fund better human
moderators and tools for the extension reviews when a typical extension brings
what, a few cents for Google?

They probably can't justify the resources to do the sort of specific feedback
that would make this process much better.

~~~
robotnikman
Even Android App developers face the same thing. When they upload their app to
the app store some bot looks at it, and can reject it for whatever reason and
only provide a vague explanation. I've seen stories on /r/androiddev of
developers apps getting rejected for uncertain reasons, or even having their
whole account entirely banned. Unless you are a massive company like Netflix
or Spotify you will have not way of contacting a human for support.

I've thought of messing around with developing an Android app and uploading it
to the app store just to gain some experience and try something different, but
the fact that my whole google account could be banned just because a bot
thought my app was bad for whatever reason is scary.

------
afandian
Pivotal phrase being:

> things are back to normal now

I bet this happens again.

------
aasasd
There's a great moderately-popular opensource extension providing a desktop-
quality image viewer interface: zoom, rotate, stretch by default, all that
jazz. Specifically, ‘there is’ this extension for Firefox. It was also there
for Chrome, but the dev received the same crappy letter and didn't feel like
playing the guessing game. New CRXes are still made available on the site.

Since Big G's treatment of extension developers is incompatible with their
self-respect, I wholeheartedly support devs who decide to dump the web
store—despite me making some use of _two_ Chrome-based browsers.

------
HackOfAllTrades
So what was the actual change they were required to make?

~~~
wffurr
According to Dotproto, the changes they made in their first re-submission were
sufficient:
[https://news.ycombinator.com/item?id=23168874](https://news.ycombinator.com/item?id=23168874)

~~~
ShamelessC
Makes you wonder - was there even a problem in the first place? Or were they
just trying to silently kill this extension but failed due to this going
viral?

I understand they were using a very broad wildcard for permission on websites
they could access. I'm glad they narrowed that down. But after they did, they
still needed this to blow up in order to get an actual response.

~~~
ebg13
> _Makes you wonder - was there even a problem in the first place?_

YES.

> _I understand they were using a very broad wildcard for permission on
> websites they could access_

That is a problem.

~~~
saurik
But we still don't know if that was the actual reason the app got pulled, as
if that were the case it should have been trivial for a computer to notice it
was fixed; do you not see how that sucks?

------
Someone1234
It is good that this was resolved, but not so good that they had to shame
Google on HN/Twitter to get it looked at.

I understand that the Chrome extension store is free, but if you're going to
point a bunch of bots at it and have them de-list extensions based on unknown
metrics, the least you could do is communicate the "gotcha" rules the
extension supposedly violated.

~~~
oefrha
> I understand that the Chrome extension store is free

Pretty sure it’s not free, I had to pay a nominal $5 fee ages ago, and looks
like that hasn’t changed.

[https://developer.chrome.com/webstore/publish#pay-the-
develo...](https://developer.chrome.com/webstore/publish#pay-the-developer-
signup-fee)

Even found a recent news article reporting that now you need to pay the fee
immediately on signup as opposed to when you publish the first extension/app.

[https://9to5google.com/2020/03/12/chrome-web-store-
fee/](https://9to5google.com/2020/03/12/chrome-web-store-fee/)

(In case anyone wonders why $5 is even worth mentioning — if you’re a teenager
in a third world country you probably have neither the fund nor a credit card
to publish a Chrome extension.)

~~~
jiveturkey
If you don't have $5, how do you have the resources to _develop_ an extension?

~~~
oefrha
No first hand experience, but I’ve heard stories of African kids doing
impressive tech stuff using very limited resources. Presumably quite a few
have access to school computers these days? Developing extensions is free as
long as you have access to a computer. Anyway, not having access to a credit
card (also need to be capable of international payment, which is not a given)
is a much bigger issue than not having $5.

------
aspenmayer
What happened to the iOS app? I have it, but it isn't available in the US App
Store anymore, nor is it linked to from the site's page anymore.

[https://apps.apple.com/us/app/pushbullet/id810352052](https://apps.apple.com/us/app/pushbullet/id810352052)

~~~
TheArcane
They unpublished it after refusing to allow a "Sign in with Apple" option on
their login page.

[https://old.reddit.com/r/PushBullet/comments/eirc1m/not_avai...](https://old.reddit.com/r/PushBullet/comments/eirc1m/not_available_on_ios/fcxybyu/)

The dev said the iOS side of things are irrelevant for them anyway since most
of their users are on Android, which is frankly disheartening since there's no
alternative for iPhone users with linux desktops now

~~~
aspenmayer
Wow. That's pretty lame of them. I don't agree with their logic, but I do
agree with following the user base. I will continue to use the version I have.
I could probably find a way to share the .app if anyone needs it.

Found pushover.net which seems like a decent (paid) alternative.

We need an open-source version of this kind of functionality, maybe using
ActivityPub? Self-hosted option with Google integration for a start, and since
everyone needs to have Sign in with Apple for iOS, I guess that too. Might as
well add Facebook login support.

~~~
ufmace
Not so sure about lame of PushBullet. It feels more lame of all of the major
tech players to be essentially fighting over how much they can extort out of
developers using their monopoly powers.

Facebook seems to say, you have 1 week to update your sign-in integration code
to the latest version (or I guess they get cut off from Facebook API or
something?).

Apple says you must support Apple sign-in, or you won't be allowed on our App
Store, without with it's nearly impossible to get your app on an iPhone.

Google says guess what we want based on our vague emails and meaningless
responses, or we remove your extension/app from the store, making it nearly
impossible to use on Chrome.

Geez, it's like Microsoft is the good guy of the tech majors here.

~~~
aspenmayer
Look, there's more than enough lame decisions to go around in this case. :P

I agree with Apple's stance. The landscape has changed. To be a tech
superpower is to have your own pull, and to be able to make unilateral
decisions on behalf of your business and your customers/users. That is what
Apple has done here. I happen to agree because I already like Apple's
implementation of Sign in with Apple specifically, even though I have never
used it. I also agree with Apple's stance on privacy generally.

I don't like that Apple forced this decision in this way, but I am fine with
the outcome in general, but am saddened to see that it negatively affected a
developer whose product I use. However, I question the Pushbullet dev's
dedication to the iOS platform. Mobile development is a moving target. To
single out Apple for blame for changing the App Store conditions for apps is
silly. You could just as well blame the dev for not keeping up with the times.

------
BiteCode_dev
> Apologies to Pushbullet for the rejection after addressed the original
> violation

Wait, what?

So you have an completly black box ultimatum, and even if you somehow
magically guess what needs to be done, if you do it, they can still reject
you?

That's worse than debugging IE6.

That's dishonest.

------
7ewis
On a positive note, I signed up to get a Chrome Developer account today - made
a submission and it was approved within an hour.

Read it could take a month plus be delayed due to COVID-19. I was pleasantly
surprised.

------
schoolornot
Can someone from Google use a throwaway to explain why the hell their support
is garbage. From the Chrome store, to G-Suite, to Pixel Support. It's just
awful.

~~~
Uw7yTcf36gTc
Is it really hard to understand? The answer is always money.

~~~
slg
Are there any examples of free services that don't directly make a company
money that include great support? I am struggling to think of any.

~~~
danieldk
Since when are G Suite and Pixel phones free products?

~~~
slg
Fair enough. I was mainly talking about this specific instance. From what I
have heard, the G Suite and Pixel phone support is bad, but it isn't downright
non-existent like it was here.

------
coronadisaster
Mozilla Sync along with Nextcloud and Riot.im provides most of the same
functionalities (never tried Pushbullet though and wish them luck).

------
escape_goat
I'm less qualified to opine on Google than most of the people here, but in
hindsight, what Google products remind me of is the way that black walnut
trees slowly poison the soil so that the seedlings from other species of tree
cannot grow nearby. The good intentions that poured energy into all the 20%
products are no longer the point. Somewhere along the way, someone figured out
how to use them strategically. The free products are good, good enough to use,
until you realize that there is no path for continued growth or investment of
resources, and run into seemingly arbitrary disappointments and limitations;
it as if at some point, someone stopped the projects from adding cool utility
to the product, and started making sure that hindered, crippled versions of
the feature were offered instead. I experience this most acutely with the
languishing "Google My Maps" product. It feels as if the target is not just
potential competition, but the imagination and demand of the market itself.

I don't actually know the story of Google Reader and RSS feeds, but I remember
how integral RSS feeds were to the golden era of blogging, and how abruptly
that era seems to have ended with Google Reader's apparent death. And to me,
that has a similar feeling. The idea is that the target is _not_ potential
competition wherever it might spring up; the idea is to sap the demand that
might nourish competition, to suck the air out of the room, and stifle the
imagination of the market itself.

It isn't Google alone who is responsible for this feeling, to be fair. There
is watching the growth of the walled garden of Facebook, watching the collapse
of the old chat services which allowed independent clients, watching
successful startup after successful startup turn new ideas into content for a
routine process wherein we see the exact same sheen of gloss on the promises,
the same dance steps towards the pirouette, the attempt to pivot gracefully
and effortlessly towards monetization in a maneuver that is in fact a mating
dance desirous of acquisition.

All of it really sucks. It's not like there's an easy alternative. People like
free things, and with computer-based resources there is often so much
opportunity to scale the value of a thing that free things can be sustainable;
a project can succeed and be useful to thousands of people merely on the basis
of the labour that some are willing to commit to to sustain it. Again, I'm
less qualified to describe this than most of you are. But that's what open
source is like.

It doesn't work with services. Code that runs of different platforms can be
replicated/adopted for infinitesimal cost, and the underlying costs of running
it are naturally distributed. Services are different. The replication/adoption
and the creation of value both involve on a massive rush of the many to the
one. That relationship pretty much sums up the whole story. If capital accrued
to capital by a square law, attention would accrue to attention by a cube law.
In idiosyncratic niches that cannot be satisfied by the mass service,
alternatives are actually viable and flourish. But anything that would be
beneficial to us all encounters this problem of needing to absorb the real
costs of operation while seeming to be as free as possible, or else the users
will flit away to a different flower.

There's no good solution to this, but the way in which Google has graciously
assumed responsibility for directing our attention does not make it better.
All the improvements to search results over time seem to focus attention more
and more to what an archetype of user is likely to be satisfied with. I would
not be surprised if the energy costs per search had gone down. As many have
noted, esoteric results are increasingly invisible.

Anyways, this is what we have done with the new universe of human
communication that has opened up in the last few decades, which we imagined we
would leverage into new systems of effortless communication and collaboration.
And we have, to a lesser extent. Second best or third best. But we've
discovered this really intractable problem with the distribution of costs.

------
duxup
It was approved ... but did Google ever communicate exactly what the issue was
with the permissions they used?

------
cryptonector
Is there a list of all the permissions they stopped asking for?

------
asdf21
So... what was the issue?

~~~
Mindwipe
It appears there wasn't one for the second rejection, the process is just
completely broken.

