www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
Google to remove ability to sideload Chrome extensions
By Thom Holwerda on 2018-06-12 23:21:41

We strive to ensure choice and transparency for all Chrome users as they browse the web. Part of this choice is the ability to use the hundreds of thousands of extensions available in the Chrome Web Store to customize the browsing experience in useful and productivity-boosting ways. However, we continue to receive large volumes of complaints from users about unwanted extensions causing their Chrome experience to change unexpectedly - and the majority of these complaints are attributed to confusing or deceptive uses of inline installation on websites. As we've attempted to address this problem over the past few years, we've learned that the information displayed alongside extensions in the Chrome Web Store plays a critical role in ensuring that users can make informed decisions about whether to install an extension. When installed through the Chrome Web Store, extensions are significantly less likely to be uninstalled or cause user complaints, compared to extensions installed through inline installation.

Later this summer, inline installation will be retired on all platforms. Going forward, users will only be able to install extensions from within the Chrome Web Store, where they can view all information about an extension's functionality prior to installing.

Am I the only one who's assuming this will eventually allow Google to remove all adblockers from Chrome?

 Email a friend - Printer friendly - Related stories
.
Post a new comment
Read Comments: 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-50 -- 51-60 -- 61-70 -- 71-73
.
Okay, Google ...
By WorknMan on 2018-06-13 01:38:16
> We strive to ensure choice and transparency for all Chrome users as they browse the web.

https://www.youtube.com/watch?v=z...
Permalink - Score: 5
.
Comment by ssokolow
By ssokolow on 2018-06-13 01:56:19
Always nice to see Google giving Mozilla a helping hand. (Firefox still allows inline installation, but mitigates the risk by having more human overview on what extensions they sign.)

That said, this seems to only affect the APIs used for triggering an extension install from within a website, so I'm sure this will just push such extensions to encourage people to add --enable-easy-off-store-ext ension-install to their Chrome launcher and then install the extension via the offline workflow for unsigned extensions.

...and if that goes away, we'll probably see ad-blockers that run inside userscript hosts, daring Google to restrict all userscripts.

Edited 2018-06-13 02:03 UTC
Permalink - Score: 3
.
Locking down the "open" browsers.
By Alfman on 2018-06-13 06:05:23
Firefox and now chrome. We expect this from closed/proprietary software, but it's disappointing to see open source browsers going this route now too. This is so short sighted and goes against the principals of FOSS philosophy. No users were asking for forcefully imposed restrictions in either case. Sideloading should be a choice.


https://developer.mozilla.org/en-...
> Add-ons need to be signed before they can be installed into release and beta versions of Firefox. This signing process takes place through addons.mozilla.org (AMO), whether you choose to distribute your add-on through AMO or to do it yourself.

...

Starting with Firefox 43, add-on extensions and multi-item add-ons that include extensions need to be signed by Mozilla before they can install in release and beta versions of Firefox. Themes, and other types of add-ons such as spelling dictionaries, don't need to be signed.


This disgusts me, 3rd party innovation should be a right, not a privilege. At least with open source, 3rd parties can remove these anti-features and publish unofficial owner-friendly versions like waterfox and srware iron.

https://www.waterfoxproject.org/e...
https://www.srware.net/en/softwar...


Ironically we have to sideload the full browser now just to allow sideloaded extensions. However sideloading browsers is another right that's under attack by some vendors.

What happened here? Computers used to be about promoting innovation and empowering users, but we're making a decidedly dark turn by stripping our choices and deploying technology in ways that restrict us and hold back innovation in order to control us :(
Permalink - Score: 2
.
RE: Locking down the "open" browsers.
By ahferroin7 on 2018-06-13 12:13:16
Strictly speaking, Google Chrome is not open source, it's proprietary. Chromium is open source, but Chrome is not.
Permalink - Score: 3
.
Testbed
By darknexus on 2018-06-13 12:17:17
If users accept this, Android will probably be next.
Permalink - Score: 1
.
RE: Locking down the "open" browsers.
By oiaohm on 2018-06-13 12:22:02
> Firefox and now chrome. We expect this from closed/proprietary software, but it's disappointing to see open source browsers going this route now too. This is so short sighted and goes against the principals of FOSS philosophy. No users were asking for forcefully imposed restrictions in either case. Sideloading should be a choice.

Sorry there are users asking to be protected from malware infected browsers. So claiming no users are asking for this is wrong.


> https://developer.mozilla.org/en-...
> Add-ons need to be signed before they can be installed into release and beta versions of Firefox. This signing process takes place through addons.mozilla.org (AMO), whether you choose to distribute your add-on through AMO or to do it yourself.

...

Starting with Firefox 43, add-on extensions and multi-item add-ons that include extensions need to be signed by Mozilla before they can install in release and beta versions of Firefox. Themes, and other types of add-ons such as spelling dictionaries, don't need to be signed.


This disgusts me, 3rd party innovation should be a right, not a privilege. At least with open source, 3rd parties can remove these anti-features and publish unofficial owner-friendly versions like waterfox and srware iron.


Malware infected browser is not an owner-friendly thing. Yes what Mozilla has done is hard. Doing nothing is also wrong.

> Ironically we have to sideload the full browser now just to allow sideloaded extensions. However sideloading browsers is another right that's under attack by some vendors.

What happened here? Computers used to be about promoting innovation and empowering users, but we're making a decidedly dark turn by stripping our choices and deploying technology in ways that restrict us and hold back innovation in order to control us :(


Really open source software has to protect reputation as well to have end users. Having malware sideloading is not a good thing for reputation.

Basically instead of being annoyed see if you can design a more flexible system that meet the requirement of protect users who want malware protection with third party vetted extentions and those who want to side load.

Really I think those two are in fact mutually exclusive. To prevent malware loading all executable extensions have to be vetted by someone.

This might be a case were firefox and chrome need two brand names. One for those who want to side load and one for those who want the security of third party vetted. Of course nothing says mozilla/google could not make both.
Permalink - Score: 3
.
RE[2]: Locking down the "open" browsers.
By WorknMan on 2018-06-13 12:44:25
> Basically instead of being annoyed see if you can design a more flexible system that meet the requirement of protect users who want malware protection with third party vetted extentions and those who want to side load.

It's really not that hard. Just make side-loading a hoop you have to jump through to turn it on, such that nobody's ever going to do it without having to look up directions. And when they turn it on, make them 'OK' about three dialogs that say, 'WARNING: THIS IS NOT A GOOD IDEA!!!!'

At that point, I think app developers have done their part to sufficiently protect users from themselves, and also giving users the freedom to do what they want, while sufficiently warning them of potential dangers.

IMO, unless they're on an enterprise network or something, it's ultimately up to users to decide what to do.

Edited 2018-06-13 12:46 UTC
Permalink - Score: 1
.
RE[2]: Locking down the "open" browsers.
By Alfman on 2018-06-13 13:26:19
ahferroin7,

> Strictly speaking, Google Chrome is not open source, it's proprietary. Chromium is open source, but Chrome is not.

Hasn't chrome (the proprietary build) always been restricted?
https://www.howtogeek.com/202825/...
> Extension Restrictions. For Chrome, Google disables extensions that are not hosted in the Chrome Web Store.

It's possible that I'm mistaken, but with this announcement coming from chromium.org, I assume it means that the open source chromium version will also become locked down going forward.

https://blog.chromium.org/2018/06...


It makes me wonder if linux distros will push out browsers with sideloading by users prohibited?

Ubuntu repos only offer chromium, you actually have to add a 3rd party repo to install google's proprietary chrome browser.
https://askubuntu.com/questions/5...

If anyone has answers, please weigh in.
Permalink - Score: 2
.
RE[2]: Locking down the "open" browsers.
By Alfman on 2018-06-13 13:30:41
oiaohm,

> Sorry there are users asking to be protected from malware infected browsers. So claiming no users are asking for this is wrong.

Malware infected browser is not an owner-friendly thing. Yes what Mozilla has done is hard. Doing nothing is also wrong.




Well then I challenge you to find a single instance of a bug report/feature request where an end user has asked the devs to disable their ability to enable sideloading.

The reason your premise is wrong is because users who don't want siding don't have to enable it in the first place.

There's a huge moral difference between changing the defaults to help keep users safe and forcefully imposing restrictions on everyone; we need more Richard Stallmans to fight this mentality!

Edited 2018-06-13 13:36 UTC
Permalink - Score: 2
.
RE[3]: Locking down the "open" browsers.
By ahferroin7 on 2018-06-13 13:39:17
The thing is though, most people really don't need to be able to sideload extensions from an inline link on a website, which is what this is disabling. In fact, that method of sideloading is a common secondary component of social engineering attacks, which is most likely why Google is doing this. You can still side-load via direct injection into the profile, or by manually loading things on the local system, you just won't be able to click a download link and directly install stuff.

Realistically, I doubt that most distros will care, it's technically improving security, and not likely to impact a vast majority of their users.
Permalink - Score: 3

Read Comments 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-50 -- 51-60 -- 61-70 -- 71-73

Post a new comment
Username

Password

Title

Your comment

If you do not have an account, please use a desktop browser to create one.
LEAVE SPACES around URLs to autoparse. No more than 8,000 characters are allowed. The only HTML/UBB tags allowed are bold & italics.
Submission of a comment on OSNews implies that you have acknowledged and fully agreed with THESE TERMS.
.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?