
Chrome killed my extension and won’t tell me why - mikob
https://blog.lipsurf.com/part-ii-after-3-years-of-work-chrome-killed-my-extension-and-wont-tell-me-why/
======
gwd
What people seem to be missing is that this isn't a complaint -- it's a call
to form effectively a union:

 _Therefore, we are starting a group today for Chrome Extension developers to
work together in check with CWS. It 's not a technical support channel, nor a
platform to get attention when CWS is unresponsive. It's a place for Chrome
Extension developers to rally together and discuss improving the foundation we
stand on (it also won't be hosted nor managed by Google).

United, we can have a stronger, common voice to:

Pressure Google Chrome to allow for 3rd party extension stores. This would
break down the walled garden of extensions, give extension developers a
leveler playing field, and lower the risk of getting wiped out on CWS's whim.

2\. Pressure CWS to be more fair and communicative with extension publishers.

Canned emails about rejections with only general policy information are “lose-
lose” for publishers and CWS alike. Both parties waste time because of all the
guesswork involved currently — especially when CWS makes a mistake._

~~~
ThrustVectoring
Note that Chrome Extension developers are not employees of Google, but rather
disparate businesses, so it'll be difficult to both successfully put pressure
on Google w.r.t. terms of business and not fall afoul of anti-trust laws.

~~~
danShumway
Is this true?

How would this be different than the Author's Guild negotiating ebook rates
with libraries/Amazon? It seems like lots of industries have lobbying groups
that represent multiple companies -- or is there an extra nuance here I'm
missing?

~~~
fragmede
Broadly no, because the barrier to entry for being a web developer is low,
though there may be some subtlety depending on the exact actions the group
takes. A high barrier to entry business would more easily face allegations of
anti-trust and collision, eg all of the car dealerships in an area working
together to keep prices high and keep competition out, but that's different
due to how hard much more expensive it is to become a car dealership.

~~~
singlow
That's good because collision is generally bad for car consumers.

~~~
lmkg
You probably meant "collusion" but what you wrote is, in fact, quite true as
well.

~~~
vageli
Seems they were poking fun at the parent's typo which also states "collision".

> A high barrier to entry business would more easily face allegations of anti-
> trust and collision, eg all of the car dealerships

------
crazygringo
It doesn't matter if you're dealing with a store run by Apple or Google (or
presumably anyone else): the stories are all the same.

Presumably because to make the economics work, review and approval are done by
poorly trained contractors who don't have time to do a proper job and need to
meet quotas. And with anything security related, there's an inherent bias
toward not giving information on the _exact_ violations because this can be
used to get around the "spirit" of the law while sticking to its "letter"
(very true for spam, questionable for app stores).

Serious question: is there any better model though? In the non-virtual world,
similar standards for the public good are achieved through things like FDA
regulations, health inspections, building codes and permits, etc.

Since it doesn't seem like there's any kind of elegant free-market or crowd-
sourced solution here, what should the standards be for regulating apps and
extensions? What kind of "due process" ought there be, or appeal, or whatever?
Is there going to come a point when app stores get regulated by a
democratically legislated government agency?

~~~
sergeykish
Alternative! Software distributions - community maintained packages.

As Arch Linux user if I found a software I like and want to help with
distribution I can create package and push it to AUR [1]. This works as recipe
- list of make and run dependencies, configuration, installation. Package is
not safe and should be reviewed on installation.

Popular package may be pulled to official repository [2], distributed in
binary form. "community" repository maintained by Trusted Users [3], "core"
and "extra" by Arch Linux Developers [4]. It is evergreen - rolling release.
Some distributions provide Stable releases which should be even safer.

Distributions may remove package, block version, patch to its standards. I
think if opt-out addons were distributed by Debian they would be patched to
opt-in.

In other words - many 3rd party distributions, by users to users, pulled - not
pushed, not required to accept all packages.

[1] [https://aur.archlinux.org/](https://aur.archlinux.org/)

[2] [https://www.archlinux.org/packages/](https://www.archlinux.org/packages/)

[3]
[https://wiki.archlinux.org/index.php/Trusted_Users](https://wiki.archlinux.org/index.php/Trusted_Users)

[4]
[https://www.archlinux.org/people/developers/](https://www.archlinux.org/people/developers/)

~~~
dfabulich
"many 3rd party distributions, by users to users" is not how Arch works. Arch
has a single official repository, AUR, that everybody uses. Becoming a Trusted
User requires you to run for office under a standard voting procedure with
bylaws.

~~~
sergeykish
I've described that in Arch part. Arch has _several_ official repositories [0]
and AUR _is not_ one of them. I've also mentioned Debian.

"many 3rd party distributions" is many distributions - Debian, Arch, Gentoo,
Fedora, Mint, etc. It is often cited as inefficient but it provides choice.
And if there was only one distribution it would create too much pressure on
maintainer not to sell its users.

"by users to users" is general description of distribution. I would be
surprised if distribution maintainers does not use distribution they work on.

I've created my own addon and shared it [0] - just a few lines. From user to
users - just because someone may find it useful.

I understand it is hard to maintain community and trust. Anyone can create
distribution but real working distribution is a lot of work. But it should
start somewhere. I review addons I install, I can share it.

[0]
[https://wiki.archlinux.org/index.php/Official_repositories](https://wiki.archlinux.org/index.php/Official_repositories)

[1] [https://github.com/sergeykish/hide-
scrollbars](https://github.com/sergeykish/hide-scrollbars)

------
notRobot
> Complaining on the internet should not be a support channel. Developers
> should not have to rely on the internet attention lottery.

None of the huge tech companies (Google/Apple/MS/Amazon/etc) have an easy (or
in many cases _any_ ) way to contact human service representatives. This is
intentional.

People have been complaining about this for more than a decade. Every week
there are multiple writeups on the front page of HN about apps and extensions
being killed off.

These corporations will never fix this. They have no incentive to do so. They
don't care about individual users or small developers, and don't want to get
involved in their "petty" issues.

Why? Because these have no impact on how much money they make.

The only way to fix this is through government regulation, but good luck with
that.

~~~
elmo2you
I fully agree with that. But I think there is another angle to this that is
often ignored/overlooked.

With their (intentional) behavior you described, these companies often violate
even basic legal principles and sometimes even specific laws (depending on
country/jurisdiction). Moreover, these same companies (again, intentionally)
also use their financial/legal weight to pretty much stifle/kill any
individual attempts to bring them to task for those violations. In fact, that
itself is illegal (antitrust) behavior in many places.

This isn't just about governments failing to regulate these companies, but
probably even more so about their failure to even enforce existing rules and
protect citizens against such abuses.

It's a pretty good demonstration of how bad the state of class (in)justice
really is, including all the corrupt governments that keep it a reality.

~~~
pas
Could you explain, maybe with a few examples, how they are doing illegal
things with this behavior?

------
mellosouls
Some previous discussions from a quick search to give some context to the
frustration (sorry for the length, it's intended to be illustrative, I cut it
at 10):

[https://news.ycombinator.com/item?id=23219427](https://news.ycombinator.com/item?id=23219427)

[https://news.ycombinator.com/item?id=23229073](https://news.ycombinator.com/item?id=23229073)

[https://news.ycombinator.com/item?id=20186915](https://news.ycombinator.com/item?id=20186915)

[https://news.ycombinator.com/item?id=21232438](https://news.ycombinator.com/item?id=21232438)

[https://news.ycombinator.com/item?id=23285466](https://news.ycombinator.com/item?id=23285466)

[https://news.ycombinator.com/item?id=12442048](https://news.ycombinator.com/item?id=12442048)

[https://news.ycombinator.com/item?id=21990566](https://news.ycombinator.com/item?id=21990566)

[https://news.ycombinator.com/item?id=23168874](https://news.ycombinator.com/item?id=23168874)

[https://news.ycombinator.com/item?id=21233041](https://news.ycombinator.com/item?id=21233041)

[https://news.ycombinator.com/item?id=20587440](https://news.ycombinator.com/item?id=20587440)

I'm not suggesting Google doesn't care, but...

~~~
shash7
Google doesn't care.

------
crispyporkbites
This happened to an extension of mine as well, with 10k users. After
repeatedly emailing them and getting back different snippets of the policy
each time, I think there's some kind of AI or a very process-driven team that
doesn't do any critical thinking handling each request.

I've ignored them now and the extension is still up so let's see what happens.

It's pretty clear that the walled garden approach will eventually stifle
innovation, and building businesses or even apps for fun inside the frameworks
of giant corporations is just not a good long term strategy.

~~~
unethical_ban
This is why I like the hybrid approach that Android has for apps, at least as
of 2020.

That it has its walled garden, but it is possible to install from arbitrary
sources (with sufficient warnings to users of those dangers). In iOS, you
can't sideload at all.

~~~
heavyset_go
The flow for installing apps outside of Google's approved method on Android
breaks 3rd party app stores like F-Droid, such that automatic updates of apps
installed via F-Droid, or updating several foreign apps at the same time,
cannot work.

------
shash7
Tangential but for those who are developing Chrome extensions, I've made a
post about what to expect when submitting a update and how to avoid the manual
review from CWS.

It can be found at [https://getsnapfont.com/posts/avoiding-lengthy-review-
times-...](https://getsnapfont.com/posts/avoiding-lengthy-review-times-for-
chrome-webstore-submissions)

------
djsumdog
Google/Apple/MS app stores are pretty much a bastardization of software
repositories found in the Linux world for years beforehand[1]. I doubt we'll
see requirements to allow importing 3rd party repositories/signing keys at
this point without some legislation.

Yes, I get some users don't always know what they're doing and it might be a
big security risk, but just put up a big enough warning. People shouldn't be
locked in to what software they're allowed to run on their own devices.

[1]: [https://battlepenguin.com/tech/android-
fragmentation/#packag...](https://battlepenguin.com/tech/android-
fragmentation/#package-management)

~~~
twistedpair
You already can run your own Chrome Extensions repo:
[https://developer.chrome.com/apps/external_extensions](https://developer.chrome.com/apps/external_extensions)

------
jennyyang
This is the behavior of a monopolist, and Google needs to be broken up. Google
and the various sub-entities get away with no customer support or completely
inadequate support and they are a vital part of the Internet.

If there were competition, then there's no way with Google not being able to
answer urgent customer support tickets. Because they are a monopoly, they can
get away with saving money on customer support. All their subentities like
Chrome, Gmail, etc are funded by their search and ads monopoly.

The only way this gets better is by breaking up Google, and forcing them to
actually compete. If Chrome had to earn money the same way all the other
companies did without having the hundreds of billions that Google makes, it
would be a totally different product. They would need to earn their money the
same way Firefox does, and would need to earn a portion of their money from
things like extensions, and then they would need to compete with better
customer support. But because they are a monopoly, they don't have to. It's
basically a form of raising prices with no recourse, except what they do is
deny services to competitors by having no support.

The only solution is to break Google apart, and force the parts to earn money
the way all their competitors have to.

~~~
LatteLazy
So, I thought chrome was a loss making project, and the only reason it exists
is because Google fund it for the data it generated and as part of their wider
"use our stuff in exchange for your data" business model.

So if you break up Google, chrome would have to cut its budget or stop
existing. And either way, chrome extension Devs wouldn't be better supported
than they are now would they?

This is always my question with "Break up X": then what?

~~~
jedieaston
A hypothetical Chrome Inc. (or Chrome Foundation) could make its money off of
selling rights to the search bar (hypothetically to Google anyway), and, I
suppose, donations. Enterprise support would be another thing they'd have to
provide (and could sell), especially if they got the Chrome OS project.

It'd be a speed bump, and they wouldn't have the full resources of Google, but
I think it could make it. (But I don't know if it should, the open-source
Chromium base isn't committed to only by Google.)

~~~
ocdtrekkie
And bear in mind: The amount they make this way could adjust, Google would
have to be prepared to outbid Bing for default search placement. Bearing in
mind, that whoever is the default search engine on Chrome controls the
Internet, there's a _lot_ of money at stake.

~~~
LatteLazy
That's fine, but to out bid bing, you only have to outbid bing. Microsoft have
been forced to divest under this new antitrust regime. A maybe yahoo or
askjeeves will come to the rescue?

And remember, to improve chrome extension support, you need chrome to get more
money from the new sponsor than they got from the Google, one of the richest
companies on earth...

------
Octoth0rpe
From the article:

> It's very possible for a 3rd party extension store to do a better job than
> Google at blocking malicious extensions.

I don't know that that is the case. Google clearly does a _terrible_ job on
this, but they are at least theoretically financially motivated to do the job
correctly. It's hard for me to imagine a 3rd party extension store being
financially viable with correctly aligned financial motivations.

------
sergeykish
There are about 200000 chrome extensions, if 200 defected that is not a lot.
It should be some minor things. Interestingly it is hard to make educated
choice - does it contain opt-out spyware? what is the license? how much JS
code it contains and why? is code readable or minified?

Compare with

[https://www.openhub.net/p/chrome](https://www.openhub.net/p/chrome)

[https://www.ruby-toolbox.com/categories](https://www.ruby-
toolbox.com/categories)

[https://rubygems.org/gems/rails](https://rubygems.org/gems/rails)

[https://www.npmjs.com/package/jquery](https://www.npmjs.com/package/jquery)

------
LatteLazy
Between this and Apple (profit/brand motive) and YouTube
(incompetence/copyright bs), you have to be really careful building anything
that relies on a platform you don't control. This is why RSS and similar tech
is so important...

------
awinter-py
UGC web (including app stores) has to externalize dispute resolution or they
lose all credibility with developers

'separation of powers' is a useful concept in the law, it's coming to the
private sector (except with shorter arbitration timelines)

------
mikece
Ironically, after complaining that Chrome Web Store killed their extension
without saying why, the author doesn’t answer why either beyond “it was a
mistake.” Pray tell: mistakenly hitting “deny,” mistakenly interpreting rules
in an unfavorable way, someone marked the submission as “in their queue by
accident and then forgot about it? I get that it was a mistake but it makes a
difference whether it was a mistake of clumsiness, carelessness, or malice
covered with “it was a mistake!” when found out.

~~~
mikob
You can easily see for yourself on the twitter thread that is linked in the
article. There's also this tweet for context:
[https://twitter.com/DotProto/status/1273824813270700038?s=20](https://twitter.com/DotProto/status/1273824813270700038?s=20)

They thought we weren't using the TTS permission, but we are.

------
parliament32
Notice how we don't have this issue with, say, Debian or Arch package repos.
Is it because third party source allowed in package managers?

------
t0ughcritic
This happened to us by Google just now too. They deleted our app for a
violation in version one of the app when we are on version 4 (over a year
later) after 100 emails with basic replies, and inability to escalate we are
at a loss. This is for Google Play store. Serves us right to try and build a
business on Google/Android

------
coronadisaster
Why insisting on staying with Chrome?

