"Do not create an extension that requires users to accept
bundles of unrelated functionality, such as an email
notifier and a news headline aggregator. If two pieces of
functionality are clearly separate, they should be put
into two different extensions, and users should have the
ability to install and uninstall them separately,"
Kudos to Google. Now if only they applied the same logic to the advertisements between the search box and the actual results. Search results and advertisements only represent the same functionality when my search query expresses my intent to purchase something.
I know advertising is Google's business model, so before anyone points that out, let me point out that I've also never been offered the opportunity to purchase the ability to use Google's search without advertising. They should follow their own policy here and give us the ability to uninstall advertising from Google even if it does come with a monthly subscription fee to do so.
The fact of the matter is: I'm happy getting Google search for free, and I've been a loyal paid subscriber to the Times since I've moved to New York. The business model of ads seems to work, otherwise there would be no Google or New York Times to complain about.
Furthermore, the comment I replied to has nothing to do with the article. Web pages and Chrome extensions are totally different things. Web pages present you with what the content creator wants you to see. Chrome extensions as documented in this article change that out from under you without telling you. Do you see the difference?
(Compare that to an extension like AdBlock, which makes clear that it removes ads from pages you visit, so if you install it, you won't wonder why you aren't seeing ads anymore.)
>The business model of ads seems to work, otherwise there would be no Google or New York Times to complain about.
Traditionally (i.e. in the print version) the ads in an edition of the NYT did not contain malware that was going to infect my computer and install toolbars and key loggers.
Google ads point to sites that contain malware. If you want people to stop criticising Google ads then maybe you should drop whatever Google+ stuff your boss thinks you are working on right now and fix the fact that searches for 'Firefox' return ads that point to sites containing malware downloads.
One of those sites even has a page offering a malware infested Chrome download (although I couldn't get it to show in an ad), so maybe that will motivate you to act. (googlechrome.xtremedownload.com).
A brief search seems to suggest that those sites bundle the apps with toolbars and unwanted browser extensions that do things like inject ads into pages and so on. Potentially they are doing even worse things.
>Web pages present you with what the content creator wants you to see. Chrome extensions as documented in this article change that out from under you without telling you. Do you see the difference?
The difference seems fairly unimportant when the content creator (in this case Google) is happy to serve me ads that are just as malicious as these malware browser extensions.
(Compare that to an extension like AdBlock, which makes clear that it removes ads from pages you visit, so if you install it, you won't wonder why you aren't seeing ads anymore.)
Why would anyone ever want to see ads?
I have always found them to be utterly useless, in terms of whatever they may be peddling, whenever I have had the unwanted irritation of them showing up on my browser (yeah, yeah, your website, your rules; but also my browser, my rules).
The worst idea in this respect is the Subscription+Ads model, which in my book is like adding insult to the injury. No, you may not have my money only to cram ads down my throat, thank you very much. There are plenty of ways I can consume my news on the web, without stupid advertisements, and I'll keep doing that. If you don't like that, you can take your oh-so-precious content and shove it.
Not only are they useless, they cost me money as a customer. Every company paying for ads, needs to earn a greater margin to cover the cost of ads. If the entire ad market collapsed and products instead needed to compete on price, quality and overall value delivered to the customer, we would all be better off. Advertising allows firms to compete in a vector which provides me no benefits.
I would love it if we had a law that said once a product achieves more than something like 10% market share, it could no longer be advertised. Advertising for new unknown products makes sense. Once I know about a product, advertising just serves to divert resources from making the product better and to generate noise that dilutes the message from new products of which I might not be aware.
One of the biggest problems in this country and all countries are people who live their live accepting what they are told, instead of seeking out an answer to their questions and doubts on their own. People accept information from Fox, CNN, NY Times, NY Post, radio, advertisements, etc. at face value. Culturally, we would all be better off with an attitude like those who read and write the reviews for products on Amazon. I and every other customer get 1000x the value from Amazon reviews than I get from advertising. It has saved me from buying many many dud products and helped me discover the products that provide the best value. Plus, there is only so much any manufacturer can do to game those reviews since it is eventually self-correcting (i.e. pay for good reviews increases sales among the misled, who later show up and post most honest reviews that will be less favorable or downright negative)
Configure your browser to drop nytimes.com cookies on exit. Works for me.
I never visit the site deliberately, but I do land there occasionally by following links. However, since I restart my browser at least once a day, I rarely come close to the limit of 10 free NY Times articles in a month in a browser session.
Well, I pay for the Times. Nobody is forcing me to do that, but I like them, so I give them some money. It would be nice to not look at ads, but it's their newspaper, not mine, so it's not really for me to decide except with my wallet.
It's tough for content creators to make money, so I'm grateful that the Times can subsist on my $12 a month and some sponsors. In another Universe where everyone was willing to open their wallet, I'd prefer paying $24 a month and not seeing ads. But I guess that's not enough money to run one of the world's top newspapers, otherwise, that's what it would cost. No reputable publication wants a potential conflict of interest to taint their reporting, after all.
(Consumer Reports is an example of content that is solely paid for with subscriber's money. Good, but not as good as the Times. And there are still controversies, like employees at CR getting jobs at companies whose products they've reviewed. It's hard to eliminate all conflicts of interest in the skeptical eyes of Internet critics.)
I think it would be really helpful if Google disabled automatic updates for extensions. Letting third parties to push modified code to clients without any user intervention is just so insecure that I can't believe it actually is a feature. Just the fact that Chrome updates automatically is bad enough.
>>Just the fact that Chrome updates automatically is bad enough.
Don't agree with that. As someone who has had the misfortune of having to support out-of-date browsers, anything that can be done to force browser upgrades is a plus in my book. I'd rather have a few people angry at me than deal with another IE update-style browser that just gets lost out there with nearly zero hope of updating.
For example, I applauded Mozilla for this[1] move.
>>"We don't think self-selection will ultimately get us to the place we need to be," he said. "We will force 3.6 on 3.5 stragglers not choosing to update to Firefox 4 or 3.6 (give them the stick). We feel comfortable making the major update choice for users because a) the versions are very similar and b) we'd rather lose a small amount of miffed users than leave a large amount of users vulnerable."
Keeping an old browser version is something I wish a user could not do unless they went out of their way to install a nightly by themselves and that nightly should nag them to death after 15 days to stop using it. The internet would be a much cooler & smoother place if all webapp-devs could assume that everyone is using the most up-to-date, cutting-edge browser. I wish Google would enforce this by choosing 2 saturdays every month to simply break Youtube for anyone on an out-of-date browser.
> The internet would be a much cooler & smoother place if all webapp-devs could assume that everyone is using the most up-to-date, cutting-edge browser. I wish Google would enforce this by choosing 2 saturdays every month to simply break Youtube for anyone on an out-of-date browser.
This sort of attitude really, really disgusts me, as an end-user (and webpage-writer). Many of the things that are being pushed on us, many of us do not need nor want. We want stability, not constant change. Breaking things that used to work is one of the worst things to do. Requiring users to use (and in many cases relearn) newer, more resource-consuming software just creates waste, in the physical and chronological sense.
>>This sort of attitude really, really disgusts me
The idea that you have an environment that relies on an out-dated browser really, really disgusts me! :)
What if instead of actually fixing the real problem, everyone decides to just freeze on whatever version of a browser fits their needs at a specific moment? Fragmentation happens... and that's bad for everyone. I rather have people like you upset at me for forcefully upgrading your system than dealing with all the support tickets of "My IE6 and Firefox 3.5 show a blank page during checkout". There are major advances happening in webdevelopment and they'd move even faster if webdevs didn't have to worry about people who refuse to let go of some old browser.
If it's an old version of TurboTax, fine. That's your thing. It only effects you. But the percentage of different browsers out there has an effect on everyone. It's like the way I was holding on to an out-dated at&t SIM card. They mailed me 4 new SIM cards but I refused to upgrade. Eventually, they just cut my service and I had to go into the shop to upgrade. When they're trying to support all the cellphones out there and upgrading the infrastructure, they can't have people dragging their feet with old SIMs they need to support. There is a very real cost to supporting old SIM cards that don't fit into the infrastructure they're trying to build out for new phones & SIMs. There is real cost in supporting old web-browsers when technology in web-development is moving ahead in leaps.
I stand by what I said; if you think you've solved an issue by staying on an old browser version, you've made a mistake somewhere upstream that needs to be fixed there. If you truly can't move forward for some reason - go download some developer/nightly branch and install that. I'd want that branch to update itself to production path every month though because holding an old browser version is not a valid solution. It's just delaying the fix to whatever is really wrong in your environment.
> There are major advances happening in webdevelopment and they'd move even faster if webdevs didn't have to worry about people who refuse to let go of some old browser.
The point is precisely that we don't want you to "move even faster", because it more often than not means breaking things that used to work perfectly fine for the end-user, and the only people who are really benefitting from these changes are the ones getting paid to "fix" things that weren't really broken in the first place - i.e. the "web developers", of whom there are far fewer than end-users (or just people who want to share their knowledge with the world and write a few HTML pages)!
> As someone who has had the misfortune of having to support out-of-date browsers, anything that can be done to force browser upgrades is a plus in my book.
I hope someone starts force-updating your terminal and editor/IDE, introducing all sorts of random changes. Maybe then you would understand why it is bad to make your users' lives worse to make your own life marginally easier.
You'll love getting new versions of the Ask toolbar every time Flash force-updates...
More seriously, I have a software setup that I have configured to be secure and useful. Switching to a newer version of $whatever might help or hurt in either category, but it's a change I want to make deliberately. I don't see why changes preferred by $randomBrowserVendor or $adCompany will automatically be in my interest.
To be honest, we're talking about Google Chrome. the UI for Chrome hasn't changed that much (except for the Wrench/3lines menu button) since version 10.
Realistically speaking, older versions aren't going to receive bug fixes and I'm going to always want the newest version anyway, so yes. But perhaps that's cheating because so far vim hasn't developed too many strange UI changes :)
Marginally? Have you ever heard of IE6? The requirement that nearly everyone, many of whom don't know what a browser is, update theirs before most serious websites can use new features makes the positive impact of autoupdates much more than marginal.
What "new features" exactly, and how do they have a "positive impact" on the end user?
I disagree with the sentiment that somehow using new features is obligatory and directly related with how much "better" a website is; in fact the most informative and most visited sites I use, are also the ones that tend to be the oldest and not use any of these new features- often hand-written HTML4 or even 3.2.
> What "new features" exactly, and how do they have a "positive impact" on the end user?
You've got to be joking? Even if it's true that you mostly use websites that don't make use of new features, then you are extremely unrepresentative. Anyway, even simple content-driven sites like Wikipedia make use of a lot of HTML5 stuff now in ways that aren't necessarily obvious to users. And although much of that stuff could theoretically be made to work in older browsers, it's not viable to do that because it would be prohibitively expensive to maintain. So not as much good stuff could get built. That's how end users benefit.
1. Better usability through a more well-defined standard.
2. Geolocation, allowing for localized data.
3. Video support without basically needing Flash or obtuse browser plugins.
4. Better cross-browser support. Users use a variety of browsers these days. Being able to support more than one browser is essential.
5. Offline/local cache, which improves performance and usability. Lose your power while typing in your comment? Still there when you get back!
6. Improved performance allowing for more performant applications.
But the real problem is this:
> in fact the most informative and most visited sites I use
You are mistaking yourself for the majority. Therefore, the reality is, none of the above will be "better" as defined by you. However, if what you are saying is true, then any site of yours using HTML 3.2 would be a better site as a result of using HTML5, as it's more semantic in nature, and as a result, provides better support for providing usability and accessibility.
You are free to disagree, of course, but you'd be wrong because your reasons are not 'better' than mine.
Part of it is that many of the new features are much more useful for 'web applications', as opposed to simple webpages. Whether or not grandparent finds such applications useful or that they are worth the increased browser complexity, it seems clear from usage statistics (e.g. of Google's suite) that many people do.
I agree that automatically-updating extensions has the potential to be somewhat insecure. However, I don't see how the alternative could be a better alternative. If they didn't auto-update, then the majority of users would likely never update their extensions, and the ones that do would be unlikely to audit the extensions that they update for malware. Do you audit the apps on your phone before you update them?
To mitigate the problem, Chrome does have the permissions model to limit what extensions can do, and if an extension requires more permissions after an update, Chrome will give you a warning, along with an option to remove the extension. Your best defence is to not grant overly broad permissions when you first install the extension.
Regarding your comment about Chrome's automatic updates being "bad", I disagree wholeheartedly - the web platform would not be able to move forward at the same rate that it can today. One of the biggest problems with IE was simply that it was updated so infrequently that it was really hard to support the large percentage of outdated versions. We'd be in the same situation with Chrome if it didn't auto-update. Furthermore, I trust Chrome to make good decisions for my security. I'd rather have my browser updated quickly so that vulnerabilities in the browser can be fixed quickly before they affect me.
I like that, but maybe instead of several pop-ups it would be just one local Chrome page showing you the extensions that got the updates along with details. Google also needs to make developers put the change log in there, too. At the very least offer them a box for the change log, even if all they put there is "New stuff". If they do that you can decide to stop using the extension if you lose trust in them.
Back when extensions were first released I wrote one, and over the years it became pretty popular and built up a good (200k plus) install base. I foolishly took some money for it last year, and the buyers stuck ads in it.
The rating have declined from 4.5 stars to 2.5, but I still feel bad for the users.
Somewhat ironically, it is actually open source, and the code is available for anyone to fork. I beleive there is a fork out there now too, so hopefully that will do better.
That's nice. Maybe they could see to the other end of the equation and stop making me jump through hoops to install non-approved extensions when I choose to.
If the extension can modify webpages could the extension MITM my surfing? E.g. harvesting login data, any form data, cookies and other stuff? I did not saw a discussion about these aspects but from the distance (Never developed an extension) it looks like this all these things are possible?
Yes, extensions can have full access to pages you browse and they could potentially read any data from pages you have access to and perform actions as you.
Just a bit of passive moderation by a humans like students or amazon turks in app-stores/extension libraries for fake and malicious apps would go such a long way.
The only reason these two extensions were pulled was because they were causing bad PR for Google. Until that article on Ars Technica, Google had consistently taken the position that there was nothing wrong with what those extensions were doing.
I know advertising is Google's business model, so before anyone points that out, let me point out that I've also never been offered the opportunity to purchase the ability to use Google's search without advertising. They should follow their own policy here and give us the ability to uninstall advertising from Google even if it does come with a monthly subscription fee to do so.