
Google enforcing Web store only extensions for Chrome - drill_sarge
https://sites.google.com/a/chromium.org/dev/developers/extensions-deployment-faq
======
pixelcort
I worry we are heading towards a day when all electronic devices are jailed,
and you have to jump through hoops to own and use "development" devices.

It's like we're taking away pens and pencils, since they can be used to mess
up books, instead of teaching more people how to write.

~~~
blueskin_
Google, Apple and MS, sure, but that's just Linux's gain.

Yes, the "Year Of The Linux Desktop" joke is as funny as ever, but I
definitely foresee a split in computing into passive consumers with no idea
how things work and hackers who need full access to the things they own and
want to experiment, learn and create.

~~~
d0
I'm not sure Apple and Microsoft fit that bill yet. They divide their empires
into three separate concerns: walled garden consumer devices (phones,
tablets), open enterprise/desktop and media. it's pretty easy to get into the
internals of OSX and Windows still. In fact it's been made easier over the
years.

I can still push apps to our customers on Windows and Mac desktops like I
could in 1993.

Google on the other hand are pushing for everything being behind a web portal
under strict control. All devices they promote ship apps which integrate with
that ecosystem as lightweight app front ends and nothing else. Doing stuff
whilst not connected to google is becoming increasingly difficult. The rate of
change is also pretty extreme meaning that you have to work damn hard to keep
up with things.

Linux (and FreeBSD possibly!) will never hit the desktop hard but we're not
short of learning solutions whilst I can type csc at any windows command
prompt and python at any OSX terminal and get somewhere. ChromeOS - not such a
good picture.

~~~
danieldk
_I can still push apps to our customers on Windows and Mac desktops like I
could in 1993._

Well, on OS X, you'd better have a $99/year developer program account or you
cannot sign software. For most users it's a hasse to either disable Gatekeeper
or to discover Ctrl/right-click to circumvent it.

Of course, signing software is good. But I'd rather like to accept/verify a
key on a vendor-basis and have that used to validate updates. E.g. APT with
GPG signing does this pretty well and makes installing signed software via
e.g. Ubuntu's PPAs pretty nice.

 _Linux (and FreeBSD possibly!) will never hit the desktop hard_

I agree. And this is why it is important that organisations such as Mozilla
and CyanogenMod exist and are well-funded. As long as they keep up with their
counterparts, people and vendors will have a choice.

~~~
d0
The signing missing isn't a major effort. You can turn it off easily with
spctl via ssh or allow an app for example. Same with windows domains if you
have configured a root CA for your organisation. Even metro apps can be side
loaded/self signed on Windows enterprise edition.

Agree with your second point entirely.

------
pavanky
Not sure if everyone is reading the entire article. Here are two relevant
points.

> we’re enforcing the following changes starting in Chrome 33 Beta and stable
> channels for _Windows_

> Users can only install extensions hosted in the Chrome Web store, _except
> for installs via enterprise policy or developer mode_

This only affects Windows. Users who want to install extensions can still do
so but the process has been made a little bit more explicit (i.e. do it via
developer mode).

It sounds like this step was done to protect naive users who are not aware
they are downloading malicious extensions.

Please point out if I am wrong in my assumptions.

------
mehrdada
> Why couldn’t this problem be solved by having a setting/option to load
> extensions that are not hosted in the Chrome Web Store? Unlike modern mobile
> operating systems, Windows does not sandbox applications. Hence we wouldn’t
> be able to differentiate between a user opting in to this setting versus a
> malicious native app overriding the user’s setting.

Sounds a bit BS to me. In what reasonable threat model the attacker can run
arbitrary code on the user's system, but will need a Chrome extension to do
nasty things? The attacker could just replace the Chrome binary altogether,
for instance.

I understand that there can be conceivable security benefits as a result of
this change, but I think the real motivation is control, not security.

~~~
derefr
This is defense-in-depth. Sometimes, the _goal_ is to get a chrome extension
installed. (One that, for example, creates pop-up advertisements at random
intervals to generate grey-market PPM revenue for the extension author.)
Windows (and it's inevitably Windows) knows enough to realize "hey, this
Chrome isn't the Chrome that was here yesterday." Signed binaries and
SmartScreen work together well enough that even when Chrome is installed to a
user-writable directory, it'll get punted if a virus actually changes it.

But if a virus can get a perfectly valid program, with every reason to already
be on the system, to do something that program already has permission to
_do_... then it can circumvent the OS's strictures against running novel-and-
unknown scripts and binaries.

~~~
mehrdada
Yeah, I'm sure you can construct very specific scenarios in which it would be
a roadbump; I don't deny that (in your scenario, for example, you can just
replace Chrome with the latest dev channel binary instead of a random patched
binary.) I remain unconvinced about it as a "reasonable" threat model. Having
native app access is a much greater security risk in an of itself. I wouldn't
begin to worry about invalid browser extensions if I knew I have a rouge
binary running.

I think it is obvious what their real motivation is.

------
zimbatm
There are extensions that are legitimate but can't be installed from Google's
Play store because it breaks policy. For example YouTube options
([https://spoi.com/software/yto/](https://spoi.com/software/yto/)), or the
LastPass binary extension (might be wrong on that one).

Thanks to the toolbar-installing software on windows it gives a legitimate
reason to Google to close the system down a bit more.

------
merlish
I'm not saying it's great news, but I really can see where they're coming from
for this.

Note that they're only doing this for Windows. As someone who occasionally is
roped in to providing tech support for a sibling who keeps installing malware
- someone who _is_ going to fall for those repackaged versions of VLC, or one
of those 'your computer has viruses, click here to install Super Security
3000' or whatever* - I can tell you that malware for Chrome along the lines of
browser toolbars and ad injectors are real and out there in the wild and being
installed automatically by these kinds of things.

The computer has Norton Internet Security, of course. Which does sweet FA as
far as I can tell.

* Note to self: Install AdBlock on that computer.

------
coloncapitald
If you want to keep any extensions that you didn't install from Web Store, use
the dev channel[1] of Chrome and they will work just fine. I use an extension
and they warned me one month back to either install their Web Store version
will fewer functionality or move to dev channel.

[1] [http://www.chromium.org/getting-involved/dev-
channel](http://www.chromium.org/getting-involved/dev-channel)

~~~
simias
Why don't they simply give me a config flag to change the behaviour? I
understand what they are trying to do but it annoys me to have to use non-
stable releases just so that I can use a couple of useful extensions not
available from the store.

~~~
blueskin_
Didn't you get the memo? Choice and customisability is decadent and goes
against the wishes of Big Google. Why would you even need to customise a
telesc^H^H^H^H^H^H Chrome Install anyway? Big Google knows best.

~~~
TazeTSchnitzel
Larry Page Is Watching You

------
sergiotapia
Yep, this is the last straw for me. The final drop of water that overflowed
the cup.

I'm switching back to Firefox and will make a conscious decision to start
deleting all my Google data. The tin foil conspiracy theorists were right all
along it seems, I'll do my best to support companies that fight for my privacy
and are open source.

Firefox, I'm sorry I ever left you - happy to be back.

~~~
el_duderino
You'll be back man. Trust me. I've tried numerous times to go back to FF, but
you enjoy the speed + ridiculous amount of available popular snooping
extensions more than anything.

I know you're in a different state of mind atm, but you will be back to Chrome
within a couple weeks.

~~~
nsmartt
Coming back to Firefox from Chromium was a wonderful experience for me. The
majority of extensions I used on Chromium were inferior to their Firefox
counterparts, due largely to limitations of the extension API. Aside from
that, load speeds are fine, the devtools are phenomenal, and everything is
great. I actually _enjoy_ using my browser.

~~~
skrowl
AdBlock Plus and Thumbnail Zoom Plus for Firefox are much better than their
competition on Chrome

~~~
el_duderino
Don't use Thumnail Zoom. Check out a non snooping extension called "imagus"

------
bad_user
I'm a little disappointed with Google. I understand the rationale behind this
decision, however instead of improving their browser's permissions system,
instead of doing a better job reviewing all those crappy extensions that turn
to mallware over night (e.g. Window Resizer - and btw, Mozilla is doing a much
better job), instead of all of that, they decide to drop the ability to
install extensions from third-party source. I predict a similar change will
also come for Android. Because grandmas need protection of course.

For several months now I have been torn between Chrome and Firefox, not able
to decide which I like better, switching back and forth depending on mood.
Well, I guess this settles it. I was already using Firefox on my Android
exclusively, because it's the only mobile browser that has extensions, whereas
Google decided that extensions are a nuisance on Android and even if they
don't admit it, they probably hate the idea of AdBlock making it to Android.

Chrome has had a positive effect on the marketplace, but now the negative
effects are starting to show up. Adobe for instance decided to drop the
support they had for Flash on Linux and only support Chrome, so at present and
going forward, if you want the latest Flash on Linux, you've got to use
Chrome. My answer was just to disable it of course.

But do we really want a monoculture? Haven't we had enough with IExplorer 5/6?
Are we really that dumb?

Either way, at the very least Chrome fans should start using Chromium, because
the Chrome binary is not open-source and if you use it, you won't realize the
true difference/cost between it and the competition. For example the PDF
reader bundled in Chrome is something proprietary, whereas Mozilla bundled a
PDF reader that's open-source, built in Javascript and that also works in
Chromium - you see, whenever Mozilla does something, it usually benefits
everybody.

~~~
jsight
> I predict a similar change will also come for Android. Because grandmas need
> protection of course.

I'm not sure what this means. This is the way it has always worked in Android.

In order to install apps from third-party sources, you have to enable
developer mode. It's easy to do (just check a box in the right place), and is
a reasonable precaution, IMO. Most of the malware that is available for
Android comes from third-party sources.

------
noir_lord
I wonder if Chromium will enforce this behaviour (which is pretty anti-user)
or will have an opt out.

I use both Chrome and Firefox interchangeably anyway so not using Chrome won't
be a hardship.

------
ryanackley
I don't really understand the righteous indignation. The only way you can
presently install a Chrome extension outside of the web store is by going to
chrome://extensions in your browser, then dragging and dropping a crx file
(packaged extension) onto this page. Chrome will stop allowing this. Why is
that a big deal?

If this makes you mad, vote with your feet. Firefox is a great browser.

~~~
RealGeek
There are a lot of windows application bundling malacious chrome extensions,
Firefox and IE plugins with the windows installer. They are installed
automatically with explicit permissions from users. Moreover, if you remove
the adware from chrome extension settings, it gets installed again
automatically upon your next reboot.

I believe this policy shall reduce such abuse.

------
captainmuon
Does anyone know how this is supposed to protect users against AdWare and
other bad extensions? I mean these are installed along other applications with
a setup program anyway. Can't the installer just activate developer mode?

I guess there is a warning that shows up, but people will just ignore it (and
once you've clicked through the UAC prompt the installer can do anything
anyway, like hide the warning). And there is also the enterprise mode, can't
the malicious installer just use that?

------
jasonlingx
Following the same rationale, downloading of executables via Chrome should be
restricted to those from Google approved publishers only.

~~~
derefr
Note that downloading of executables via Chrome is mostly already restricted
to those from Microsoft- or Apple-approved publishers, because of
SmartScreen/Gatekeeper. (And Linux has a culture of looking for things in
package management before hunting down an executable on the web, so you
basically get the same effect there through convention.)

~~~
nivla
>Microsoft- or Apple-approved publishers, because of SmartScreen/Gatekeeper.

and the ones not found suspicious by Google's safe scan.[1] I remember once
Chrome not letting me download a new version of Light table because it was
found suspicious. Actually it will let you download it but will delet it as
soon as it is done downloaded.

[1][http://www.nbcnews.com/id/46330156/ns/technology_and_science...](http://www.nbcnews.com/id/46330156/ns/technology_and_science-
security/)

------
blueskin_
Yet again Google try to prevent users from gaining the same hacker mentality
that created Google in the first place.

~~~
jrockway
I doubt this is the reason. The reason is that less-educated users are being
tricked into installing extensions they don't want and that make using their
computer miserable for them. Meanwhile, anyone that wants to write their own
extension need only click a checkbox.

~~~
captainmuon
But how does this protect against bad extensions? I mean they are installed
along other programs as AdWare anyway, can't they just install themselves in
developer or enterpise mode?

~~~
jrockway
I assume this interacts with Windows in some way to make that more difficult,
but I don't use Windows much so I don't know. According to the docs, the
change doesn't apply to Linux or OS X.

------
eponeponepon
Oh dear. Yet another garden firmly walled.

~~~
wreegab
"Firmly" is a bit much, given you can install an extension manually using
"Developer mode".

~~~
eponeponepon
But if I have customers, and either don't want to or can't use the Play store,
then I have to ask them to do that too, and most of them won't, so I am
effectively walled off from any sales.

(disclaimer: I don't have any customers and I don't produce any Chrome
extensions - just engaging in speculation)

------
iriche
Going to be interesting to see how DICE is going to react with their BattleLog

------
d0ugie
Is there a way to search the Chrome Web Store for all extensions and apps only
made by "Google, Inc." as is possible to do on Google Play?

------
chii
please correct me if i m wrong, but is the only way to work around this is to
unpack the extension and use the developer mode?

Or did i just miss something easy - like turning a flag on somewhere? There
are a few critical extensions, like youtube center (and a couple i've written
myself) that aren't on the store.

~~~
jessaustin
Use the beta channel, or use chromium.

