Hacker News new | comments | ask | show | jobs | submit login
Google to developers: We take down your extension because we can (palant.de)
411 points by KwanEsq 7 months ago | hide | past | web | favorite | 176 comments

In another thread[1] on HN today there was discussion over developers selling out their web extensions to marketing corporations which end up filling them with tracking scripts and malware. Someone suggested that google should be much more aggressive at filtering out said extensions, and one of the responses was a sarcastic comment over a future article about Google attacking extension developers and the free web.

And less than 24 hours later, here we are.

[1] https://news.ycombinator.com/item?id=17447816

The problem isn't that an extension was removed. There will always be erroneous attempts at making things safer for users when playing the game of content moderator. The problem is that Google is impossible to talk to, and makes no effort to help when things go wrong. As a current user of gmail this worries me.

This petrifies me. Google provides an incredibly easy way for me to capture all data that I care about. Getting photos and videos of my kids growing up and keeping them for years is trivial with Google.

And in one little error it can all disappear with no recourse.

I continue to struggle today to find a silver bullet solution for someone like me who just wants to hurl money somewhere and say, "use this money to guarantee that my cherished photos and videos will be here in 30 years"

Second to that is getting locked out of my Gmail. I'd consider that more irritating than losing my wallet.

It's called Google Takeout[1]. Use it. Download all of your data. Back it up in a place you trust.

[1] http://takeout.google.com

For me, the "Back it up in a place you trust" is coming back to square 1 of the parent poster's problem. I actually do have my photos on (a few) disks and computers, not on Google, and I still have the problem that I want to hurl money somewhere and say, "use this money..."

I'm kinda hoping for some open-source solution to emerge based on IPFS or the like, which would let me easily control replication of my photos & vids over a few local disks (probably via some local NAS machine[s]), and some online paid pinning service.

There are apparently some efforts towards something like that in the IPFS community [1][2], but no clear winner yet I think, or at least especially no good UI/UX for this yet.

[1]: https://github.com/ipfs/faq/issues/47

[2]: https://github.com/ipfs/ipfs-cluster/issues/157

edit: some random service/startup which I just googled up which apparently tries to fit into this area, linking here to hopefully match them with potentially interested users, and thus maybe help them reach critical mass: https://www.reddit.com/r/ipfs/comments/846e64/photo_backup_a...

Yes, that is the problem I'm trying to articulate. Of course you ask a ton of engineers and you get engineering solutions. =)

What I want is a holistic solution. "I have money and I have data that I want taken care of. I don't want to do much work and I don't want to think about it more than once a year or two."

Takeout is great, but it has one major flaw. There is no way to download only data that has changed after a specified date, i.e no incremental backups.

There is also no "Take in". Your data might be all in that file, but without a lot of effort, you aren't going to be able to get it back into a usable form, with Google apps or a competitor.

It's not so bad actually.

The Google Drive files are exported as you would expect and you can just copy them into some other sync folder as is. Takeout transforms any Google Docs and Sheets into Word and Excel formats (configurable), so you don't end up with links into your disabled Google account (contrary to how their Backup and Sync client works).

Emails are exported as mbox files, calendars in ics format. It's pretty easy to import everything using widely available email and calendar clients. It's also pretty easy to put it all back into another Google account, but you're right, it's not as simple as importing the entire takeout zip file in one piece.

What I haven't tried is what happens to files that were shared with you. I would expect that they don't get exported because it's someone else's data after all.

I think if the purpose is to let you move all your data to a different provider and avoid any lock-in, then Google Takeout is an honest and practical solution.

It's clearly not meant as a routine backup solution though.

Getting locked out of gmail is no joke. I have an old account that’s been forwarding to me for years, but when I recently changed my phone I lost my two factor.

Despite being able to supply google with the creation date (they ask), the fact that my name/birthday is the same on both accounts, I’ve attached the same visa to both google accounts, I’ve logged on to them from the same ips, and the fact that it’s forwarding everything to me, I still haven’t been able to get it unlocked.

I’m not sure I’ve really spoken to anything but an automated process either.

It’s entirely my fault for losing the two-factor restoration keys, but it’s been a little frightening to realize that you can’t just contact google and have them help you.

tl;dr: Need to contact someone at Google? File a copyright complaint.


I was in the same situation, having the correct logon credentials for my account, but the system refused to believe it's me and asked for proof, but I forgot the security answer.

Ended up filing a bogus copyright complaint, knowing they can't handle that automatically.

I told them there was a copyright violation and proof was in my locked account (a picture of a seven-legged spider...).

They unlocked the account long enough for me to move my accounts elsewhere.

Fuck Google.

Top stuff. Impressed.

I developed such a service some time ago, but it's impossible to find any market for it. The non-technical people say "but I have it on Google already?!" and the technical people say "I just created a DO droplet and configured backup to Backblaze, easy and cheap!!".

I find both options to be not ideal, since I'd like a simple, secure and safe way of storing my pictures. But that's the way the market is.

> and the technical people say "I just created a DO droplet and configured backup to Backblaze, easy and cheap!!".

That's very much missing the point. The non-technical option is inside that post: Backblaze. Do that twice, the second time with crashplan or carbonite, and you can keep your files safe without any trouble.

The real problem is that it can only protect the files on your computer. If you have data that's fed directly to google, there's no simple software to get it back out to where it can be backed up.

What if you're a bit cheeky, mount eg your Drive storage on a VM via one of the various 3rd-party filesystem-mounting systems out there, then run $backup_client on the VM pointed at the Drive local mountpoint?

Plenty of uncomfortable chances for failure, but a few heaped handfuls of error reporting would probably be mitigation enough.

Getting the initial clone done might be a little fun, you might need to actually download the Drive folder structure to somewhere spacious so you don't run into transfer ratelimiting for the initial upload.

Wasn't there are story a while ago mentioning: https://one.google.com/ It'll be interesting to see what this support can do..

Anyways, print recovery keys for your account, use 2FA with yubikey or other U2F provider.

It is not that complicated. Just pay(monthly)for a storage Box at Hetzner(just an example provider i trust) or any other provider and your Data is still there in 30 years. - https://www.hetzner.com/storage-box?country=gb

In real empirical practice, which happens more often: google locks a user out of their own data (a user who wasn't intentionally blatantly violating the TOS), or a non-google-user loses their data to due some technical error or natural disaster?

That's what I do with Google Drive?

If I were to get banned from Google, I'd still have my folder as a backup which I can then upload to Dropbox or whatever alternative.

If I were to lose my folder (My hard drive went bust!) my folder is one resync away.

What is the problem you have with photos, and videos in that sense?

Or are you talking about the Free "Google Photo" thing for lower resolution images?

Careful with Google Docs & Sheets though. The Google Docs files you see in your local folder are only links, no content.

Google Drive doesn't back up email and calendar your private machine.

You're looking for LTO and a vaulting service.


What's the old saying, "If you have to ask how much it costs, you can't afford it".

There's no silver bullet replacement for the Google ecosystem. However there are plenty of choices for many important services such as Email, file/ photo storage, contacts / calendars, etc. You just gotta take the plunge!

The problem is people wanting one company to handle all their needs. When that company goes evil, their entire digital life goes down the drain.

Email is the single most important thing, and I can't understand why people use Google for that in 2018.

There isn't exactly a plug-and-play, self hosted version out there advertising itself.

I mean, at least they aren't encrypting your data so you must use their services to view it, like what's happening in the paid music industry.

I always get some photos printed. Granted, you can't print the hundreds we take these days, but do you really need ALL?

If you don't keep them all, then you have to choose. Choosing takes time and effort that many people would prefer to spend in other ways.

Very few people think that every single shot will be meaningful in 30 years. But it's hard to know what will be and won't be.

This has been bothering me too. My solution is NAS as a place to put all the data in, backuped to the cloud.

Put it at Amazon Glacier. Cheap, replicated across multiple zones.

I use Glacier quite a lot for things like this. It is essentially free to store what most people reasonably consider "a shitload" of personal data. The cost is putting it into Glacier and then of course getting it out again. I'm not willing to bet AWS will still be around in twenty years, but it's a dirt cheap bet that won't cost me hardly anything if I lose that bet.

Go to Digital Ocean, make a NextCloud droplet, and configure backups to Backblaze. There you go. Bonus point if you buy a small server and become a custodian of your own data.

Bonus points when Digital Ocean nukes your account with no recourse, because that's happened to people in the past.

So, follow the backup instructions very very very carefully people!

Less likely that Google and DO will both lock your account at the same time.

> find a silver bullet solution

switch to apple

Yeah, sure, with the stories of Apple deleting songs from your local machine because they were deleted from your cloud account because DRM or whatever, and IIRC even deleting some random photos because some bug (but w.r.t. photos I'm not sure if I recall this correctly, or just spreading FUD here.) Or was this Amazon with Kindle and with ebooks? Apple was sure reported as deleting high quality mp3s from your disk because they have mp3s of the same songs in poorer quality as their deduplication reference files on their cloud.

As much as I like apple, handing over all your data to another big company and praying for their good will is not a solution.

are you trolling?

does the GDPR have anything to say about this?

> As a current user of gmail this worries me.

Anyone using a free service anywhere provided by anyone should be worried.

I pay to use gmail and their service is incredible. Whether it's been support chat, phone calls, etc... I've always received very prompt support from Google.

I’ve paid to use Google services before, and had the most miserable customer service experience with a company ever. Contact information difficult to find, and walled behind accounts you have no knowledge of potentially, and policies designed to be explicitly hostile (I had them admit that outright to me) - I ended up out of $500+ as a result, for which they only were willing to refund $20.

Google seems to just be an exceptionally bad actor - I’ve been starting to move away from dependence on them as a result, as they’ve proven to me that I cannot rely on them to be honest/transparent in the most important ways.

It isn't free if you have your own domain. In fact they prorate it when you cancel.

I have my own domain, and use gmail for free. Because I'm cheap, not because I care. One day I'll find a better solution, one that avoids Google (paid or unpaid) altogether.

Yeah, I got mine for free too since I've had my domain for a while, but I have a newer domain that I set up on GSuite, and was paying $5/mo for, until I realized I could set it up as a domain alias of my original domain and get it for free.

> Google is impossible to talk to

Talking costs money, a lot of money, far more than computers.

It seems that Google One will have paid support, so your problem is solved!

If you’re locked out of the account that paid for support, how do you prove your eligibility for support to get back into it?

No idea, the product wasn't launched yet, but that seems like the most obvious use case to address.

> As a current user of gmail this worries me.

Have you looked at moving off gmail?

Not much yet tbh, but it's on the list.


  I can already see the followup HN news: "Google attacking developers on Chrome Web Store and breaking free web!"
That's uncanny!

It's almost as if the poster of this item had also noticed this page from yesterday around the same time: https://news.ycombinator.com/item?id=17449927

I find it kind of frustrating that Google does nothing about extensions tracking your browser history, and quickly takes action against extensions like these. I hope Google has their Cambridge moment soon.

A slight irony is that this extension actually removes tracking capability from Google itself in the search. (I suppose only really if you have JS disabled, otherwise they can capture the click event in JS instead of handling links via a special redirect tracker).

To the author: Thanks for the extension. I'm a happy user on FF for a long time.

I have no doubt Google ruthlessly takes advantage of tracking data but that’s for them, not for third parties. Anything is possible but I think they’d see giving up data like that to a company like Cambridge to be surrendering a competitive advantage.

> quickly

The "Google search link fix" extension by Wladimir Palant has existed for many years. (Source: I use it in Firefox.)

For reference, the Chrome version was released in January 2017. So - yes, they had plenty of time to object.

> web extensions to marketing corporations which end up filling them with tracking scripts and malware.

one of the worse parts about this is that they auto update without you knowing. So an extension might've been safe when you first installed it then a month later its infested.

All conveniently in time before chrome bans third party extensions unless they are approved in the store.

Google is also removing inline install in September, together with some other chrome web store clean-ups.

All in all, this is nothing new and it seems to be a lot of huff about a simple mistake.

Same thing happened to me [1], with a slightly different rationale for pulling the extension.

This happened despite tens of thousands of users, years of good reviews, and an extension so useful that Google's own accessibility team demos it at conferences.

I was only able to get the situation sorted because I know people who work at Google on the Chrome team. Even with all this, it took weeks to get the previous version restored, and after that weeks more before we could push an update without having it get automatically rejected.

The only "good" news is they didn't uninstall our existing user base.

1: https://medium.com/@BeeLineReader/google-yanked-my-chrome-ex...

Hey, it's off topic, but I just learned about your product and sent a link of the product page (beelinereader.com/individual) to my colleagues - only to find out that my email was filtered as a spam by FortiMail! Apparently, the offending text was that URL. Maybe it's somehow related? Was this product site previously infested by malware or something?

Wow, thanks for letting me know. We have never had any malware, though our inline install of Chrome/Firefox extensions has been flagged by Avast at times (despite our attempts to get whitelisted). Neither our website nor our tools have ever done anything even vaguely shady — we don't gather user-level browsing data or anything else like that, so it's a big bummer when we get flagged like this.

Do you know if there's a way that your company can report this as an inappropriate block to FortiMail? I will try to reach out to them also, but my guess is they'll be more receptive to a customer request than to one of their blacklisted websites!

BTW, we're not publicizing this, but right now we're testing out a "BeeLine Advocate" program. Basically, if you install the extension and complete the free trial (2 wks), you'll be invited to get free access to our Pro tier in exchange for filling out periodic surveys.

We've just opened up this program, and it'll probably be open to new users for 3 weeks or so. Thought I'd share with the community here, since HNers are great for feedback (as you've just shown with your comment!).

> Do you know if there's a way that your company can report this as an inappropriate block to FortiMail?

Our corporate email is outsourced to another company, where they apparently use FortiMail as a packaged solution. So I don't think it's very likely that they'll listen to me - but I'll try anyway. Good luck with the new campaign!

> I was only able to get the situation sorted because I know people who work at Google on the Chrome team.

Hehe, one thing all successfully resolved issues have in common - a friend inside of Google. Maybe that's by design... Google employees are not friends with bad guys!

Sounds like they don't really have automation that well set up for fixing up removal mistakes. Not a great sign.

Did you ever find out why this all happened?

I did not, and hearing this guy’s story means that the problem hasn’t been completely solved.

For us, this was triggered by a question about our privacy policy (which we have, and always have had). I assumed that it was just a glitch in their review and follows-up software — specifically, that it didn’t give the full 7 day grace period. But it sounds like it’s a bigger problem than this.

One of the big frustrations for me was that their system was run from an anonymous mailbox, and seemed to have different folks responding different times. Also, if they sent you a message and you replied immediately, you might not hear back for days. At times, it seemed like I was either corresponding with a bot or someone with very bad English.

Maybe a tech journalist can write a story about what’s going on, and actually get some answers from them?

Another good option is posting your story on HN: if it gets to the front page, you have good chances of solving your problem.

I did post at the time. Didn’t get much attention.

Well, it worked in this case (see the updates to the original post).

Stop contributing to google's ecosystem.

I have told them that this issue has pushed us to look more at other platforms. We are also on Firefox (much easier now that their extension platform is similar to Chrome’s), but we still have the vast majority of our users on Chrome (60k versus <1k).

I even submitted our extension to Opera. Months went by with no response. Dev forums show that this is a common experience.

We’re also on iOS, but since extensions don’t really exist on mobile, this isn’t a great substitute.

I’d welcome suggestions for another platform that we should be on!

You can start inviting users to install Firefox. If enough sites do it FF share will raise and Google will change their behavior.

This is a good point, and it actually fits with our ethos of minimal tracking, which I've been meaning to emphasize in our onboarding process.

Maybe a nudge toward Firefox can be part of that message.

They somehow have the man power to ban your extension in 2 hours and 30 minutes without an explanation as to why, but than when I get a fake copyright claim on my most popular YouTube video somehow it takes three months, 12 emails and I still don't get the ~$900 lost revenue back.

They optimize for their own profit, not yours. ;)

Cannot upvote this enough. People complaining about such things think that "customer is always right" where reality is "customer is always right if he pays enough for us to care". Have some reality check.

Every company does what is in their best interest not particular customer.

I'm not sure what their approach is. My article links to another about fake ad blockers - flagging these usually yielded in no results, neither when flagging trademark infringements nor malicious functionality. The process took months even for the obvious cases, and Google did little to prevent these extensions from being resubmitted. Yet when my article on them got picked up on HN, all of them were suddenly taken down. So it doesn't look like they have any man power whatsoever - the scarce resources they have are busy fighting bad press and threats to Google's business interests.

Hello from the other side! Someone stole our copyrighted audio script from our website and uploaded on their own youtube channel. 4 months later (!!!), about 30 emails back and forth and $1,800 in attorneys fees, we finally gotten it down.

I would guess this was automated somehow.

Mirror your videos to other services. If you want to make sure your content is preserved you can upload it to archive.org.

There's also a huge difference in scale. There's not that many browser extensions to consider, but they have millions of videos on YouTube. It's not really comparable.

These are good suggestions but don't help the parent poster's lost revenue.

They took down my bookmarking extension with no notice, replied none of my e-mails. Although @GoogleChrome gives support on Twitter, they completely ignored my and also some user tweets. We had good description, many screenshots and a screencast, our extension is even open source (https://github.com/kozmos/browser-extensions).

I don't even know the reason why they took it down.

I just had to re-publish my extension: https://chrome.google.com/webstore/detail/daababmdfacmmkokdf...

Tweets from users: https://twitter.com/JesMullins/status/1014085292133888002

Tweets I sent; https://twitter.com/getkozmos/status/1013511183519879168

Google is terrible at support. I had to wait 2 months to get my oAuth application reviewed. I had to write an email in all capitals to get their attention.

Back when Facebook didn't support linked hashtags I made an extension that removed them from posts on facebook.com (they just annoyed me). It still worked perfectly even after Facebook added native support.

It was active for many years with great reviews and a few hundred users.

Google pulled it early this year because Facebook asked them to... They claimed it violated copyright. There was no option to appeal.

Not trying to make a point here. Just offering another anecdote.

Nice. If I had known about this extension I might have used it.

When people started hashtagging on FB, I thought it was the stupidest thing. Then, when FB made it a feature, I just had to shrug and go "I guess the hashtaggers are the ones in the right, now..."

Happened to my own extension this week too ( https://habitlab.stanford.edu ), except without warning - especially frustrating since I've been developing it for nearly 2 years and Chrome no longer allows users to easily install anything from sources other than their Chrome store. May end up having to port it to Firefox, except there's so much inconsistencies in CSS and webextensions between the browsers it would take a month or more. It's quite frustrating how these walled gardens can easily destroy years of work at someone's whim.

Meanwhile there’s an extension on there with our company name and logo (both trademarked) that might be stealing peoples data and Google have done nothing about it after many submissions of their trademark infringement form.

Thank goodness that Google is not a court of law and you can engage the legal system for restitution. I mean, wouldn't you want to go that route anyway given the potential damage to your brand by a third-party abusing your trademark? Would pulling the extension undo all the harm the infringement caused you?

Given that these copycat extensions usually aren't giving you a way to find their creator - good luck with the legal system. And even if you can find them, what will you do about them if they are located somewhere in China? The legal route is only good enough to force Google into removing infringing extensions. For you, it means more effort and money wasted. And these malicious extensions get more time to catch unsuspecting users. Of course, after being taken down they will immediately resubmit their extension and you start from scratch. All while Google has a way to report such cases but won't act on the reports.

We should spend thousands of dollars on a lawyer for a clearly fraudulent extension... because? The legal system is a waste of time and money and is where you go as a last resort.

And yes, it would. The Chrome Web Store isn’t exactly a high traffic destination. We just want to prevent the thing from stealing data since it asks for domain permissions.

Why have the form specifically for this if you’re not going to process it? Oh wait, it’s Google... never mind.

Create an extension with similar name then cite the other for something. When they challenge you reference your trademark etc... or take them to court in front of a judge.

Legal demand letter time.

Which can and will be promptly ignored.

Which, when you eventually sue them, is looked upon extremely unfavorably when you are in the right.

I'd guess that the warning period was set to 168 minutes (2hrs 48 minutes) instead of 168 hours (7 days).

Isn't that extension going straight against Google's ability to track what users are clicking on, i.e. against their core business? Maybe the warning wording is cumbersome or opaque, but what would the author expect? Company not protecting their turf? The only surprising thing is that they did it in this unimaginative hidden fashion, not fitting their friendly progressive image.

Nowhere in the Chrome Web Store policies does it say: "Extensions aren't allowed to violate Google's business interests." Supposedly, acceptance in CWS depends on user value, and the policies protect the user rather than Google.

The surprising thing is that they let the extension exist for so long.

Google makes most of their money from ads. If you interfere with that then of course you'll be in trouble.

Then why are there still ad blocking extensions? Wouldn't uBlock Origin interfere way more than this extension?

Maybe it's the next hidden step and this one was just testing the waters for the level of public outcry?

It's interesting to observe current landscape of app delivery, previously it was just binaries or sources on developer's site now it's shifting to centralized model in the name of protecting users from malicious actors. I wonder if there is a way to have a cookie (developers don't need to worry about random behavior of your centralized owner) and eat it too (fight malware).

In this case the centralized owner is the Chrome Web Store; you're leasing space in their list of offerings at their terms, for better or worse. It's worth noting that the Chrome Web Store is just an easy (and highly visible, of course) way of installing extensions but not the only one; developer mode and self-installing is totally possible (though admittedly higher friction).

Protecting users from malicious actors serves in the best interests of the Chrome Web Store, certainly, but there's nothing stopping users from running their own security software.

In a more ideal world a developer would distribute an extension from their own platform and the user would run a security check against it (and all future versions). Until we get to that world, though, a store that is focused on integrity of security and expresses its right to remove things that don't fit it's model is convenient.

Self installation is disabled on Windows. And Developer Mode pops up constant nag warnings, to users asking if they want to disable the plugin.

Maybe something along the lines of having Firefox/Chrome/etc allowing people to specfiy "extra" extension/addon repos to query?

That'd let external places create collections of extensions/addon's, which would probably open things up enough.

Firefox still allows installation from third party websites, they merely require add-ons to be signed by AMO. This allows Mozilla to revoke a signature for malicious add-ons, not sure how often this happens in practice.

Isn't signing supposed to solve some of that? You sign the binaries you host on your site, and the OS checks to make sure the signature is valid. (Maybe against a non-profit "Let's Sign".) If it's a valid signature, then you know it was signed by someone your OS trusts. Ideally, the OS would not trust signatures from malicious actors.

I've never been involved with that kind of thing, so I'm just guessing. Feel free to correct me.

There have been cases where malware authors were able to change package contents while keeping the signature.

What kind of package? That probably means the signing is way too complicated. There's not much to get wrong in doing a single hash of an entire zip package and then appending a simple signature of that hash.

And in the end the malicious actors are the centralized hosts. Even if they don't start that was centralization leads to perverse incentives for censorship.

Quite remarkably, they are only moderately successful in keeping malicious actors out of Chrome Web Store. Centralizing deployment won't give you that automatically, you also need the manpower to enforce policies. And Google isn't even acting when extensions are flagged.

well the solution is sandboxed temporary runtime environment with user controlled session duration, user managed permissions and strong profile siloes, also known as: your browser.

How would browser extensions fit into this model?

They aren’t application they extend the environment on which the untrusted application run, as such they’re more like kernel modules in regard of security and threat modelling

Im a bit confused:

- https://chrome.google.com/webstore/detail/google-search-link... is still in the store

- it IS missing the picture

Oh, that's nice - it was restored without giving me any kind of notification. Developer Dashboard says that the screenshot is there, not sure why it doesn't show.

Edit: Got a mail now, supposedly the issue here was an internal miscommunication resulting in a rejection. So all is good again and all I have to do is resubmit that screenshot.

I've never really been a fan of the whole "browser extensions" thing, with perhaps the exception of UI mods, and things like this only serve to reinforce that notion. I prefer to use a MITM filtering proxy, which works in all browsers and is independent of, so isn't beholden to, the authoritarian institutions which control them. Incidentally I also have a filter which does the same thing as his extension, and I probably added it the same day Google decided to mess with those links.

Good luck with that once hsts, cert pinning, and TLS 1.3 become more common.

MiTM proxying TLS 1.3 connections works just fine.

Browsers ignore cert pinning when the CA certificate was manually installed, so this is not a problem either.

I have no idea what HSTS is doing on your list.

> I have no idea what HSTS is doing on your list.


We're talking about voluntarily installed proxy. Why would anyone want to mount an HTTPS stripping attack against themselves?

How carefully have you analyzed the MITM proxy you are using? Many have security holes and you may be opening yourself up to attacks. Modern browsers have placed a lot of effort into security, you may be undoing a lot of the transport security.

Which local proxy do you use?

I almost lost a Google account because the Amdroid App I uploaded was I violation of their Terms. I had to work a few emails/calls with Google to demonstrate it wasn't a violation, but it was a very close call.

Someone should set up a website listing plugins banned by Google for reasons that fall in a gray area or for reasons that are just outright indefensible. Banning extensions in this manner is a signal of value to the end user. Could also list extensions available on Firefox but not Chrome.

Something similar to hiddenfromgoogle.com but for extensions (doesn't appear to work anymore) [1]

[1] https://www.bbc.com/news/technology-28311217

also create third party store focused on foss. Somwthing like fdroid

I've had similar stories, accounts banned, extensions denied because they didn't understand what it did, one was denied because it had minified code, the review process could use more work.

It’s a tough situation, because the amount of access that these extensions have to users’ actions can be extreme. Malware is a much greater concern than, say, the AppStore, as access to sensitive information is far less controlled.

Agreed. Until extensions as itself get some guidelines - it needs to be inspected closely.

I had similar problems with an extension that I am developing. They threatened to take it down because it didn't have a privacy policy attached, although their developer guidelines state that you only need a privacy policy if you collect personal or sensitive user data, which I am not. It took me several resubmissions (each time I was scared I would be banned from all google products), before they finally approved my extension. The clincher was that my extension was marked as unlisted the whole time; it wasn't even open to the public.

another StallmanWasRight moment?

Yes. And because of that I cannot empathise with this developer.

It's not longer a case of "don't put your time into a closed ecosystem, for your own sake", but "you have the moral duty not to contribute to a closed ecosystem, for everyone's sake".

The developer was doing something imoral and something bad happened to him. It's karma, Kramer.

Side rant: I have an extension which has been published for about 6 years now. They've broken the extension several times due to removing or changing the APIs. I have a couple of bad reviews due to having to remove features from the app because they removed functionality or APIs. The past couple of years things have been more stable, but still, it's been painful.

My google apps account is being shut down the same way. Apparently using it everyday doesn’t constitute activity for 365 days...

A fun related issue with the Chrome Web Store is that you can submit random gibberish to their DMCA takedown form and they'll pull an extension down anyway. Then they take upwards of 4 weeks to process counter-notices and refuse to fulfill their obligation to provide the identity of the reporter so you can sue them.

I had an extension, NoBing which redirected Bing searches to Google. Removed due to copyright so I rebranded it as "Bongle" removed again due to copyright despite no mention of Bing. Gave up.

> I guess, Mountain View must be moving at extreme speeds, which is why time goes by way faster over there — relativity theory in action.

The other way around. The OP must be the one moving at extreme speeds.

If you remember special relativity theory, it's the same thing - merely depends on your point of view. From my point of view, Mountain View is moving. But if you are a Google employee, then I must be moving of course.

What does the user story look like for installing a Chrome app locally? Do you need to go through tons of menus or is it just dev mode + easy/scriptable setup process?

For Chromebooks? I thought Google was deprecating chrome apps.

I’m way out of the loop then, I guess. Back in my day you could move code files around your computer’s file system, and even run them with interpreters.

It's funny because my app just got removed from the Play Store for similar (weird) reasons https://twitter.com/edhelas/status/1014265845940441088.

Basically I'm also providing a link to F-Droid on the home screen. The app is blocked and I can only resubmit a new one…

How to get tech support from Google: get a lot of upvotes on HN. Sad.

Its their sandbox.

but, but, they are NOT evil, are they?

My extension, which was just a script block and some CSS tweaks was banned as it was a paywall bypass for a popular news site in Australia.

Fair enough according to their policy but I couldn’t help feeling disappointed when I got the email as the extension was quite popular at the time.

Adblock: OK.

Paywall bypass: Not OK.


Yeah I know right?

The reason given was:

> We don't allow products or services that facilitate unauthorized access to content on websites that circumvents paywalls.

The functionality from the extension was roughly possible with a set of adblock rules anyway, I just packaged it up for the less technically inclined.


Probably far more difficult than #DeleteFacebook

More like #MarkGoogleAsDeleted and #MarkFacebookAsDeleted -- nobody actually ever deletes anything.

Not really. I don't use a Google account.

That's the thing that makes Google a more challenging beast than Facebook: you don't have to have an account to be an asset for Google, and you likely feed them more data all the time.

All those like buttons on the net can be used by Facebook to create shadow profiles, too.

Definitely, though between search, communicating with the many Gmail users, AdWords, YouTube, and Android's marketshare, Google Map's dominance, etc, Google is IMO far more ubiquitous

And you can't live without a Facebook account?

You can live but you can’t date!

I'm very curious to see how this plays out. Obviously, the reason for banning the extension is that it prevents Google from tracking our clicks (I'm surprised it took them so long!) But they can't clearly spell out the reason as it would make them look bad, so they just used some template and try to sweep it under the carpet. Now that it's on HN it's no longer so easy to ignore, so I'm really curious to see what happens next.

There's a much more obvious reason: the OP's extension presumably requested permissions to inject scripts to google.com. This is a very common pattern for malicious extensions, which can use that permission to hijack the user's Google session, or to inject third-party ads into Google search result pages. Coupled with the lack of information on the extension page, it looked risky.

If it's really so, and it's just an "AI mistake", let's see how quickly Google discovers it and apologizes to the author.

No, the reason isn't obvious. The extension wasn't popular enough on Chrome, Google simply wouldn't bother doing anything about it. This might be a trademark issue, the extension's name has "Google" in it - then it's a major messup then, failing to spell out the correct reason. Or maybe it was flagged by some automated tool and whoever checked output of that tool didn't properly validate it. Impossible to tell from the outside.

It seems that they quietly brought it back without explaining the reasons. So yes, we'll never know.

> Anyway, dear users of my Google search link fix extension. If you happen to use Google Chrome, I sincerely recommend switching to Mozilla Firefox. No, not only because of this simple extension of course. But Addons.Mozilla.Org policies happen to be enforced in a transparent way, and appealing is always possible. Mozilla also has a good track record of keeping out malicious extensions, something that cannot be said about Chrome Web Store (a recent example).

It's interesting to hear this, when Firefox Mobile keeps uninstalling uMatrix and uBlock Origin, while these keep running on Chrome without issue.

How can you say extensions run on Chrome without issue in comparison to mobile Firefox, when mobile chrome has no extensions?

What kind of twisted logic is this? uBlock can't run without issue on mobile Chrome, since there's no uBlock for mobile Chrome. Even super locked-down mobile Safari has ad blockers available.

I had UBO disappear once or twice from my desktop Firefox, but that appeared to be a bug of some kind. Never vanished from my mobile version, and AFAIK it's never been removed from Mozilla's add-ons store.

Mozilla also doesn't stand to gain anything by forcing you to view ads. Google does. That's why Firefox Mobile has historically been the mobile browser that lets you install add-ons and ablockers, while Chrome for Android has not.

They certainly don't keep running on the mobile version of Chrome.

Have you filed a bug report with Mozilla? They're obviously not intentionally getting rid of uMatrix and uBlock.

Are you saying that Firefox mobile has uninstalled add-ons from your browser multiple times?

I've been running Nightly mobile for more than a year and never had that happen. It sounds like a very strange bug, maybe it had something to do with Sync?

> Are you saying that Firefox mobile has uninstalled add-ons from your browser multiple times?

Yes. Checked while posting this, and they're uninstalled again.

Try wiping Firefox's app data. Sounds like a corrupt profile to me.

I've had uBlock disappear from the main menu in mobile Firefox, but it was still accessible from the add-ons screen. I can get uBlock to reappear in the menu by force quitting Firefox.

It also happens to me. I assumed it's some bug or internal crash. However it seems to keep working even if it doesn't appear in the menu. It's just impossible to pick elements to hide if it's not in the menu.

> when Firefox Mobile keeps uninstalling [...] uBlock Origin

What? I'm using it without issue of any kind for several years...

On nightly, never had ublock or umatrix uninstalled.

Same for me on stable (desktop and mobile).

Especially interesting with the whole Looking Glass ordeal.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact