This is why I started using Chromium instead of Chrome -- Chrome forces you now to use (and pay for!) the web store (it's impossible to install extensions not hosted by Google, if you're running on Windows because "think of the users!"[1]) and if your extension doesn't get along with any of their policies (i.e. the extensions listed here), then Chrome users can't use it at all. Super-awesome, Google.
Chromium doesn't (at the moment) have these restrictions.
For security, verified chrome store is better than someone's self-host. And many users might just download random add-ons and think they are legit when they are not. I am not saying all chrome store apps are safe, but when shit goes wrong it is Google's responsibility to take it down from spreading and mitigate the issue.
I can see it MAYBE being an issue in countries where income isn't as high as the U.S., but at least for any American, or anyone in any industrialized country, the $5 fee to get an account is not a significant impediment.
"at least for any American, or anyone in any industrialized country"
Yeah, nobody can't possibly be that poor, eww! And who needs talented people in the third world making great extensions and possibly finding better jobs or at least global recognition that way.
Err, I think you should think through your argument logically a bit more...
You're using a "Think of the poor!" argument, just like they use "Think of the children!".
It's a complete strawman.
Put it this way - if they can program a Chrome extension - that means they probably have access to a reasonably modern computer.
And working internet access.
And they they're probably fairly educated.
And they had all these things for some time, since this isn't the sort of thing you can learn and hack up in 5 minutes, unless your name happens to be Jeff Dean.
So yes, I'd say that the above group probably does have access to $5.
We're not talking about illiterate villagers in Africa or rural China here with no running water and one OLPC for the village.
I'm not saying we shouldn't do something to help those people (Red Cross does awesome work here, btw, good people to donate to) - however, I somehow doubt that programming Chrome Extensions is at the top of those people's list of priorities.
Yeah, I was getting a bit ahead of myself there. Fair enough. Also, Firefox.
But still:
> So yes, I'd say that the above group probably does have access to $5.
This doesn't mean it's not still a week's of income for where they're from, and money missed dearly. Even if it's not the "the top priority", which I never claimed, I find shrugging it off because it's (supposedly) not a problem for anyone in the first world a bit meh. Would it still deter driveby spammers if it cost 3$? 2$? Are there other ways to ensure this? To not even go further because "meh, just five bucks", kinda sucks. On the other hand, it's also stupid to tell Google how much to charge, let them suck :P
They can still be self-hosted, but you're not able to install just by clicking on them. You have to download the crx file and then drag it into the extensions window.
If it's important that your extension not be hosted on the Web Store, Windows users can still install it as an unpacked extension and perform updates manually. But it's definitely designed to be much more of a pain.
As part of our continuing security efforts, we’re announcing a stronger measure to protect Windows users: starting in January on the Windows stable and beta channels, we’ll require all extensions to be hosted in the Chrome Web Store. We’ll continue to support local extension installs during development as well as installs via Enterprise policy, and Chrome Apps will also continue to be supported normally. [1]
My understanding is that you won't be able to sideload extensions locally anymore, unless you're using the dev channel.
EDIT:Apparently this doesn't work on windows at all. Wow
The process is much more difficult(you have to actually drag it onto the extension page or open the downloaded file) and unlike in safari it won't automatically update so you need to design your own update system. You also lose the permissions systems when you do that.
> The process is much more difficult(you have to actually drag it onto the extension page or open the downloaded file)
I'm pretty sure that was the manual process before they actually disabled non-webstore extensions. Before they disabled them earlier this year, Chrome would download them in the background but refuse to install them with a message indicating that you could not install non-Web Store extensions unless you did that, but would allow you to install them by that means; what you have to do now is use the preferred method for development, which is unpacking the extension and adding it after turning on the developer mode -- which allows using unpacked extensions -- option in Chrome settings.)
You seem to care about this a lot more, and I'm honestly ignorant about these issues. But I'd just add that nearly every casual computer user is running some unwanted extension, toolbar, DNS hijacker, or worse. For whatever reason, it seems like this shit software ends up on a lot of computers through extensions
Wouldn't Google's decision this help to eliminate that problem?
I'm increasingly getting the impression that Google would just love extensions to disappear altogether. They probably just added them to get Firefox power users, now that Chrome is king and they're pushing it like crapware (large scale bundling), they probably don't care anymore.
They're walking a fine line, though, because Chrome extensions are the cousins of ChromeOS apps, which is an ecosystem they obviously want to promote.
While I've never released any of them, the extensions I've built on on the Chrome API have been a sheer pleasure, if somewhat limited in capability compared to Firefox plugins.
that's a little bit disingenuous. google pays huge amounts of money to Mozilla to be the default search engine because of the huge amounts of money Mozilla users make google by using google services on a daily basis. it's not like they're propping up a competitor just for the hell of it (or even to avoid anti-trust issues).
+1 I donated to Mozilla a few days ago, thinking how small my donation was compared to Google. However, Google must make $$ on Firefox hosted searches.
Unpack the extension, too? This process probably reduced the external extension installations by 100x, while they can still pretend that you can still technically install external extensions.
First off, I think their original excuse was BS, because I very much doubt more than a marginal number of users were affected by malicious extensions this way. And second, there has to be a balance between what's safe by default, and what level of freedom/flexibility you have. If that "freedom" is hidden away in 10 layers of submenus, then might as well kill it for good, because it's not going to help anyone.
> Unpack the extension, too? This process probably reduced the external extension installations by 100x, while they can still pretend that you can still technically install external extensions.
Er, no, they say you can't, except for development (and the method that you can use, whether or not you are actualyl doing development, has always been the preferred method for development.) They aren't pretending that they making things available to Windows users, they are saying straight-up that, outside of development, Windows users cannot use non-Web Store Chrome Apps.
Heck, even before they disabled the old, less onerous manual method, Chrome pretended that you couldn't -- if you tried to install extensions directly from the web without setting a command-line flag, Chrome would just tell you that you couldn't install extensions except from the Web Store (you could then drag the downloaded extension to the extensions page and it would install, but Chrome did everything to hide it from you.)
> First off, I think their original excuse was BS, because I very much doubt more than a marginal number of users were affected by malicious extensions this way.
I'm glad you think that. Is there any reason you'd care to share why anyone else should believe it?
> And second, there has to be a balance between what's safe by default, and what level of freedom/flexibility you have.
Any position you choose on the continuum is a balance between those things.
> If that "freedom" is hidden away in 10 layers of submenus, then might as well kill it for good, because it's not going to help anyone.
I think the flexibility retained for developers helps exactly the people it is designed to help.
As I understand it, this rule primarily targets extensions that do sketchy things without their users' knowledge, like how HoverZoom recently started silently tracking their users. This feels like a good policy to me, and I'm not aware of any benevolent extensions that will suffer for it.
Well, it's great that they keep their browser the way they want it to be. We can download Chromium if we want so I don't see any problem here.
Anyway, if they could think of the publishers and remove AdBlock once for all instead of giving money to their developers, I would be more than happy.
> It might have been helpful for Google to have created a sample extension as a “don’t do this” example. Bizarrely, Google chose instead to illustrate the problem using an infamous gag screenshot of the seven-year-old Internet Explorer 7 stuffed to the limit with toolbars and add-on panes.
It's not bizarre. If you read the original blog post, the IE screenshot is there to illustrate the motivation behind Chrome's longstanding goal of making addons/extensions unobtrusive: "The name "Chrome" came from this principle as we wanted the browser to be about "content, not chrome." "
> Google won't allow third-party developers to build toolbars for Chrome, but the company still makes its own toolbar for Internet Explorer and distributes that toolbar widely.
As do Bing and Yahoo. Since IE has not put the same emphasis on minimizing chrome in their browser, and since all major search engines distribute toolbars for it, it is not hypocritical to follow the local conventions and distribute a toolbar for IE like everyone else does. When in Rome, do as the Romans do.
> The real reason for the new policy might have less to do with user interface guidelines and more with Google's attempt to shut down extensions that intrude on its advertising fiefdown.
Or it could have to do with the fact that an extension that unexpectedly starts injecting ads into all of your web pages is extremely annoying, and (worse) is hard to attribute to the unrelated extension you installed. The article itself shows an example of one star reviews from unhappy users.
> In other words, images on the pages you visit, be they ads or content, can be replaced with ads from the Superfish network.
Yep, sounds pretty seriously annoying, doesn't it? What sane person would install extensions if this behavior became commonplace?
There is a lot of aspersion-casting here, but no mention of any innocent actor who is hurt by this. This seems like a pretty common-sense move that benefits users. And yet the article and some of the comments here are hostile. Google has become the company that people love to hate.
I think that Microsoft associated bloggers should try and resist the urge to "puntificate" on Google related matters and announcements in any professional capacity, it always comes off as though they are trying to take advantage of the situation and somehow spin it to the benefit of those who have them 'not quite on their payroll'.
Thanks for the career advice. But perhaps you didn't notice that, as I always do, I provided a prominent link to the original Google post (the same one you just provided) in my original write-up. I always make sure my readers have the opportunity to go to the original source.
PS: I'm not on anybody's payroll. I am a freelancer and my compensation for this post comes from ZDNet, a division of CBSInteractive. You can take sides if you want to. I write for the benefit of my readers, a very diverse group.
July 20, 2012 - First step to ban plugins. NPAPI plug-ins in Windows 8 Metro mode
October 31, 2012 - 2nd step to ban plugins. Smarter NPAPI installs from the Chrome Web Store
November 15, 2012 - Banned packaged Apps v.1 Restricting extension APIs in legacy packaged apps
December 21, 2012 - First step to ban external extensions. No more silent extension installs
September 23, 2013 - Banned plugins. Saying Goodbye to Our Old Friend NPAPI
November 07, 2013 - Banned external extensions. Protecting Windows users from malicious extensions
December 19, 2013 - First step to ban all extensions Keeping Chrome Extensions Simple
Next? When Chrome extensions will be disabled at all?