
OSX Chrome 55 Blocking non-store extensions without dev mode - nradov
https://github.com/dhowe/AdNauseam/issues/703
======
millstone
Do I understand correctly that Google Chrome is uninstalling software that the
user has deliberately chosen to (not tricked into) install?

This feels worse than simply pulling the extension from the Chrome Web Store.
Google certainly isn't obligated to host this thing, but outright uninstalling
it against my will seems like crossing a line.

There was a lot of hand-wringing when Chrome was released with automatic
updates enabled by default, because it seemed reckless to grant Google the
power to install (or uninstall) new software on our computers at their whim.
Chickens might be roosting.

~~~
nothrabannosir
I see the idealism in your post and I agree with you 100%. 100%!

But every time I got to my grandmother's she has a thousand "default search ad
engine this" and "ad injection improvement that" extensions that I need to
remove. Those search engines have exactly the same homepage as google, to the
colours, except the logo is square, not round. There is _no way_ she can know.

It might just be they ran the numbers and my grandmother's not the only one.

I think maybe, just this once, reality should trump idealism. Let's keep a
very close eye on them. But for now, "I'll allow it."

Ps: I know that "if there are unsigned extensions on your computer, you have
bigger problems", but it's my grandmother. Security is a moving target, this
is the step we take in Jan 2017. If it keeps her safe for a month, that's fine
with me. We'll see how the malware adapts in Feb, and react accordingly.

~~~
pducks32
Totally with you. With my grandparents and even my smart, successful sister
they simply live in a different world then we do. They are being tricked (or
are too lazy to care or notice) and these moves do help them. We see more and
more technology companies doing things to help these users. (Like Apple with
the new MBP by girlfriend says it's her favorite computer she has ever owned
all of 15 seconds after turning it on).

But here if you have developer mode on they should never be allowed to do
this. It's one thing to do it to a normal user (though if they really cared
they would check to see if the extension was a normal non-spam extensions like
this) but when a user as clicked that they are capable of understanding what
extensions they have on then Google is in the wrong.

Sadly we are on HN are not the majority user of the products we love to
discuss.

~~~
derefr
The argument I've read before regarding this is that configuration switch _the
user_ can set to permanently suppress this behaviour, malware _can also_ set.

------
AlexandrB
Let's cut the bullshit. Dropping AdNauseam from the store is a clear sign from
Google that their ad-supported revenue model is more important than user
experience and choice, _even in non-ad-focused products_ (do no evil indeed).

Given this fact, why would I want to use _any_ Google product in the future or
recommend Google to anyone? How can anyone trust Google Home or the Google
self-driving car to not make similar compromises to usability and choice in
the name of propping up Google's other business?

~~~
Ajedi32
I'm a bit out of the loop here. Why did AdNauseam get banned and not uBlock
Origin, ABP, etc?

Edit: Nevermind, figured it out:

> As online advertising becomes ever more ubiquitous and unsanctioned,
> AdNauseam works to complete the cycle by automating Ad clicks universally
> and blindly on behalf of its users.

It doesn't just block ads, it also pretends to click them.

This is obviously very problematic for advertising networks which use a pay-
per-click model, where sites are paid based on how many users click the ads.
In fact, this behavior is very similar to a common type of fraud in the
advertising world known as click fraud, which exploits the pay-per-click model
to extract money from advertisers with "fake clicks" from bots.

Even though in this case it's being done not to defraud advertisers but to
instead prevent ad networks from tracking what ads a user did click, I can see
why Google might object.

------
harshreality
Being realistic, of course they'd block it. Why would they allow an extension
that costs them money by faking ad clicks (edit: harms their business model by
making advertisers mad that they're getting fake ad clicks)? I'm happy simply
blocking ads; I don't want to directly cost anyone money that way. Whatever
you think about ads, isn't automated random faking of ad clicks arguably
fraud?

Being optimistic, the conflict of interest over ad clicks may not be the only
reason for this decision. Blindly and randomly following ad links seems like
it would assist exploitation of browser vulnerabilities.

~~~
new299
I'm not going to downvote you. But it's in no way shape or form fraud.

It's just like sending back business reply mail if you're not interested in
the product. It's not fraud.

I can see a case for it being a bit like a DDOS attack. But I can't see a case
for it being fraud.

~~~
harshreality
I'm not so sure.

1\. The authors of the extension clearly intend to harm the ad industry.
There's no expectation that anyone will look at any one fake ad click and say,
"oh, that person's sick of ads... maybe we should change our strategy."
There's no business-side interaction with fake clicks like there is with empty
returned prepaid envelopes. The only impact anyone intends or expects from
this extension is financial. The intent is to get advertisers to pay more for
fewer sales.

2\. This is automated, and by distributing an extension, automated on a
(potentially) mass scale.

I hate ads and I'm the kind of person who would use that extension if I
weren't already happy with ublock origin, regardless of whether it might be
considered fraud. However, I think there's at least a passable argument that
it could be. If the main reason for this removal is that Google views the
extension as fraud, then banning the extension from the Chrome web store is
fairly decent of Google compared to suing the developers.

~~~
pdkl95
> The only impact anyone intends or expects from this extension is financial.

Financial disruption is the tool used by most forms of _direct action_ [1].
The power imbalance between large businesses and the people affected by those
businesses usually leads to problems being ignored for the sake of profit.
When money is the metric that influences decisions, the only way to effect
change is to disrupt the source of revenue.

[1]
[https://en.wikipedia.org/wiki/Direct_action](https://en.wikipedia.org/wiki/Direct_action)

------
snowwolf
Chrome has been going this route for a while now as it was getting so much
flak for poor performance, security issues, etc. that was actually because of
maliciously installed extensions. Their only option was to only allow
extensions installed from their store which allows them to review the code and
sign it before allowing it to be installed in the browser. All the other
browsers (Firefox, Edge, etc.) are going the same/similar routes too (Firefox
allows you to install from outside the store, but it has to be signed by going
through a review process).

And they've been progressively making the developer mode harder to use as a
backdoor for malicious extensions to install themselves, by only allowing them
to run for the duration of the session. Firefox was actually the first to do
this. And this is why the Extension is being 'removed' between sessions.

What is more interesting is why this particular extension was removed from the
Chrome Web Store - It looks to be a fork of uBlock and lots of other Ad
Blockers are still available in the store. So why is this particular one not
allowed?

The only reason I know of that extensions have been removed from the store is
if they violate the Single Purpose policy
([https://developer.chrome.com/extensions/single_purpose](https://developer.chrome.com/extensions/single_purpose))
and normally only if they are doing something malicious (e.g. Claiming to be
an extension that blocks ads, but actually also scraping data, injecting ads,
or something like that). I know this extension is open source, but has anyone
actually reviewed the code to make sure it isn't doing something malicious
under the hood?

Edit: I looked at what AdNauseam does differently to normal Ad Blockers and I
think where it is running afoul of the Single Purpose Policy is that it both
blocks Ads AND clicks all the Ads. Now Google could be banning it from the
store because it does 2 things and they should split those out into 2 separate
extensions, or they are banning it because it is basically a means to commit
Ad Fraud (fake clicks is a massive problem in the Ad industry). And blindly
clicking every ad on a page doesn't seem like a safe thing to do personally...

~~~
pricechild
Other ad blockers "block ads" and "block annoying eu cookie notices". Should
they be removed?

I just visited the Chrome store and chose the first extension:
[https://chrome.google.com/webstore/detail/office-
online/ndjp...](https://chrome.google.com/webstore/detail/office-
online/ndjpnladcallmjemlbaebfadecfhkepb) It makes word documents AND
spreadsheets?!

Hopefully you can see where I'm going... whatever's written in the policy is
difficult to enforce literally. Someone has to make the distinction based upon
the intent of that policy. A person has to draw the line. If Google have made
the decision based on that policy, well that's their decision.

Reading
[https://developer.chrome.com/extensions/single_purpose](https://developer.chrome.com/extensions/single_purpose)
(part 4) makes me thinking "disrupting ad networks" could be that single
purpose. Then it'd cover blocking & clicking. Just like "Office Online"'s
"edit office documents" covering both "word processing" and "spreadsheets".

~~~
snowwolf
Yeah, I'm just speculating on the reason it was removed from the store - But
that's the more interesting question. Why was this particular extension
removed?

There are loads of other Ad Blockers that do what this extension claims to do
and they are all still available in the store - so all the conspiracy theories
in this thread about google blocking it because it hurts their ad revenue seem
bogus.

As I said, I've only seen extensions removed from the store that were doing
something malicious - Something the person who installed the extension
wouldn't reasonably expect it to be doing.

~~~
pricechild
Thanks, good points to think about!

------
iodbh
Good. This will give AdNauseam visibility. And remind everyone what Google's
game is.

~~~
hiby007
I think everyone know's what's google's game is.

Google hurriedly announced Chrome when back in the days Microsoft was thinking
of blocking ads.

Then they gave the user a never seen before simple to use User Experience/User
Interface. Started marketing aggressively. Recently on iOS when using Gmail
app and opening a link, it suggests me to install Google Chrome.

Google's game has always been user data.

------
xkxx
As one of the developers (dhowe) commented:

> we are aware and preparing a statement and some workaround info to be
> released in a few hours (though, as you probably know, there is not much the
> average user can do in this case)

I guess, they are going to post it on HN too.

Anyway, thanks for the heads-up. AdNauseam is definitely an interesting
extension.

~~~
akerro
Why is it not in plugin store?

~~~
xkxx
Google removed it. Their main source of income is ads and they don't want
something that disrupts their main source of revenue in their store. AdNauseam
is much more disruptive for ad networks than your average ad blocker.

There's still a (broken) link on the project's GitHub page:
[https://chrome.google.com/webstore/detail/adnauseam/hgfaciee...](https://chrome.google.com/webstore/detail/adnauseam/hgfacieeomogkcchookiodlpppbcolha).

~~~
bcraven
So why are these still listed? uBlock, uBlock Origin, TruBlock, AdBlock Plus,
etc

~~~
akerro
Those just block ads, do not cause mess in Googles data. Lack of data is
better than unpredictable and fake data.

------
nishs
Ever wanted to quickly hack together your own homebrewed extension for Chrome?
You've now lost the ability to do so unless you publish to the wretched Chrome
Web Store, which allows only for a princely maximum of 20 extensions by
default [1] and has a nebulous review process [2].

Hopefully, this restriction doesn't exist in Chromium.

[1] [https://developer.chrome.com/webstore/faq#faq-
gen-29](https://developer.chrome.com/webstore/faq#faq-gen-29)

[2] [https://developer.chrome.com/webstore/faq#faq-
listing-08](https://developer.chrome.com/webstore/faq#faq-listing-08)

~~~
bitshiffed
I do use my own extensions, that I don't distribute, for many everyday
conveniences during browsing. I've reluctantly, given lack of good
alternatives, stuck with Chrome for a long time; but this is the change that
finally forced me to switch to Firefox. It's not perfect, but it definitely is
the least evil.

~~~
nishs
I did the same today. If you're converting extensions from Chrome to Firefox,
you might like this.

[https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/Po...](https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/Porting_a_Google_Chrome_extension)

~~~
neurostimulant
Whoa, looks like it'll take way less effort than I imagined to port my
extension to Firefox. I think I'll do that next week.

------
gpderetta
Didn't know about it. Just installed on firefox, it seems only fair.

------
po1nter
I'm already using uBlock Origin. Why should I use this instead?

~~~
SturgeonsLaw
For political rather than technical reasons

------
nachtigall
Thanks, Google: Now I use Firefox where the add-on is still available :)

[https://addons.mozilla.org/en-
US/firefox/addon/adnauseam/](https://addons.mozilla.org/en-
US/firefox/addon/adnauseam/)

------
corv
Another reason not to use Chrome

------
nishs
Here's a guide to porting your Chrome extensions to Firefox, if you're
considering making the switch to Firefox.

[https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/Po...](https://developer.mozilla.org/en-US/Add-
ons/WebExtensions/Porting_a_Google_Chrome_extension)

------
gdulli
When Firefox did this I eventually stopped using it altogether and switched to
Pale Moon. That's been a good experience, FYI.

------
qntty
Unrelated, but I find it funny how people used the name macOS instead of OS X
for like 2 weeks after Apple changed the name, then just reverted back. I
guess you can't make people stop using a name that's been around so long.

------
ksk
How ironic that Windows is the only major platform that doesn't try to force
its way between you and your computer. Still, I bet someone inside MS is
dreaming up plans to install a toll booth on Windows eventually.

~~~
moolcool
Does OSX? All the mobile operating systems certainly do, but nothing makes you
use the OSX app store, and you have root access

------
aaron695
I like the anarchy of AdNauseam.

But it doesn't make sense, why try and reduce the revenue of websites further
than the personal non contribution of using an adblocker (which improves
personal experience)

Do people really think websites will be able to run off donations, are people
that naive?

~~~
thatfrenchguy
Why not subscriptions ?

~~~
mrweasel
The "issue" is that for subscriptions to work, you'd have to provide a worse
service, because you'd have to require people to login. I honestly don't mind
pay for some sites, but I do mind that I have to login.

Currently I believe that the people who don't mind dealing with ads are
getting a better service, than the people paying for subscriptions directly.

~~~
thatfrenchguy
"you'd have to require people to login"

I can't imagine it being that much of a problem in days of password managers
and cookies...

"Currently I believe that the people who don't mind dealing with ads are
getting a better service, than the people paying for subscriptions directly."

I subscribe to a bunch of newspapers (and I'm a 20-something tech guy), I
don't really mind logging once when I'm on a new computer/phone/whatever, it's
the same issue as google / facebook / twitter / ...

------
tlrobinson
I understand the point of AdNauseam, but is it really a great idea to install
an extension that clicks every ad? Seems like a good way to waste
bandwidth/CPU resources, expose your browser to malware, end up on lists of
various sorts, etc.

------
a_imho
First advertisers try to guilt people with the content blocking is stealing
mantra, now they want to call this click fraud, instead of taking a look in
the mirror. It is a great way to destroy user trust, I can only see this going
one way.

------
guipsp
Title is misleading, it's not just this extension being blocked, it's all non-
store extensions

~~~
dsp1234
The title wasn't misleading, because Google just removed their extension from
the store on 1/1\. It's unfortunate that the title was changed, because the
fact that google blocks non-store extensions is not news, leading people to
misunderstand the relevance of the submission.

FTA:

"Earlier this week, on Jan 1st 2017, we were informed by our users that Google
had banned AdNauseam from its Chrome Web Store."

------
codeddesign
Keep in mind that to Google's ad fraud department, this would be considered ad
fraud by creating a bot that clicks on it's own ads. If you were in Google's
ad fraud department, what would you do? Would you say "yes, this extension is
ok to be distributed by us"?

~~~
cpcallen
Google isn't distributing the extension.

Chrome is uninstalling a manually-installed extension.

This situation is somewhat akin to OS X uninstalling Spotify.

~~~
DannyBee
It would be more akin to uninstalling an itunes app that just requests
hundreds of random streams from itunes servers even though the user isn't
listening to them.

