Chrome killed my extension and won’t tell me why
blog.lipsurf.comWhat people seem to be missing is that this isn't a complaint -- it's a call to form effectively a union:
Therefore, we are starting a group today for Chrome Extension developers to work together in check with CWS. It's not a technical support channel, nor a platform to get attention when CWS is unresponsive. It's a place for Chrome Extension developers to rally together and discuss improving the foundation we stand on (it also won't be hosted nor managed by Google).
United, we can have a stronger, common voice to:
Pressure Google Chrome to allow for 3rd party extension stores. This would break down the walled garden of extensions, give extension developers a leveler playing field, and lower the risk of getting wiped out on CWS's whim.
2. Pressure CWS to be more fair and communicative with extension publishers.
Canned emails about rejections with only general policy information are “lose-lose” for publishers and CWS alike. Both parties waste time because of all the guesswork involved currently — especially when CWS makes a mistake.
"United, we can have a stronger, common voice to: ... Pressure Google Chrome to allow for 3rd party extension stores."
And so the mice voted to bell the cat.
Note that Chrome Extension developers are not employees of Google, but rather disparate businesses, so it'll be difficult to both successfully put pressure on Google w.r.t. terms of business and not fall afoul of anti-trust laws.
Is this true?
How would this be different than the Author's Guild negotiating ebook rates with libraries/Amazon? It seems like lots of industries have lobbying groups that represent multiple companies -- or is there an extra nuance here I'm missing?
Broadly no, because the barrier to entry for being a web developer is low, though there may be some subtlety depending on the exact actions the group takes. A high barrier to entry business would more easily face allegations of anti-trust and collision, eg all of the car dealerships in an area working together to keep prices high and keep competition out, but that's different due to how hard much more expensive it is to become a car dealership.
That's good because collision is generally bad for car consumers.
You probably meant "collusion" but what you wrote is, in fact, quite true as well.
Seems they were poking fun at the parent's typo which also states "collision".
> A high barrier to entry business would more easily face allegations of anti-trust and collision, eg all of the car dealerships
Is the barrier to entry to be a web developer really that much lower than the barrier to being an author of a book?
The current system benefits large companies and detriments small developers, so I think it would probably just open the door for large companies to take over all the popular extension types.
If uBlock Origin stopped supporting Chrome, AdBlock would fill that void. If Honey has problems, an executive from Ebay calls an executive from Google and it's fixed instantly, so there's no incentive for them to participate. In fact, anyone making a decent amount of money isn't going to want to change the system.
Publishers need authors to make money, google doesn’t need extension developers.
In theory, Chrome works fine without extensions. In practice, if Chrome was "banned by the Extension developers' guild" so that every other browser got to participate in the WebExtension ecosystem except for Chrome, people would leave Chrome quickly. (Sadly, probably for some "exactly Chrome, but not by Google" browser, rather than for Firefox.)
People won’t leave chrome quickly or at all, Chrome didn’t win the battle of the browsers due to having better or more extensions it won because of 3 major factors.
Better brand recognition - more people switched off IE to Chrome than from FF to chrome (hence why I’m not putting the terrible performance and reliability issues that FF used to have like crash and lose all tabs as a factor but it took a decade for FF to sort their shit together and by then it was too late).
Better integration with Google services right when a Google account became quite important.
Being the default browser for the Android eco system.
So I don’t know who would exactly leave Chrome because of extensions but I have a feeling that even you wouldn’t.
> google doesn’t need extension developers.
If this were true, wouldn't that make it even less likely that an Extension Guild would fall foul of antitrust regulation?
Google has nothing to fear from anti-trust laws. They just got away scot-free with publicly colluding with NBC to...oh you mean the little guys would fall foul of anti-trust laws. Yeah that would be a problem.
> and not fall afoul of anti-trust laws.
Well, it seems easy enough. Just don't call yourself a union.. call yourself a "standards body" and organize the way ANSI and ISO do.
Just make Chromium fork that supports 3rd party galleries, prove it is secure and desirable, than it may be upstreamed some day.
It doesn't matter if you're dealing with a store run by Apple or Google (or presumably anyone else): the stories are all the same.
Presumably because to make the economics work, review and approval are done by poorly trained contractors who don't have time to do a proper job and need to meet quotas. And with anything security related, there's an inherent bias toward not giving information on the exact violations because this can be used to get around the "spirit" of the law while sticking to its "letter" (very true for spam, questionable for app stores).
Serious question: is there any better model though? In the non-virtual world, similar standards for the public good are achieved through things like FDA regulations, health inspections, building codes and permits, etc.
Since it doesn't seem like there's any kind of elegant free-market or crowd-sourced solution here, what should the standards be for regulating apps and extensions? What kind of "due process" ought there be, or appeal, or whatever? Is there going to come a point when app stores get regulated by a democratically legislated government agency?
But regulations, inspections, codes and permits are all government-run systems. As a result, at least in principle in a democracy, citizens (including companies) can request to learn why those systems rejected them. Otherwise they can take them to court.
Neither Apple nor Google are governments. When laws and constitutions were crafted, those framers did not comprehend a future where private companies had effective control (and even monopoly) on what might amount to critical infrastructure, and if not critical, then infrastructure nonetheless.
But that's my point. If app stores are an important enough part of our economy -- not just monetarily, but particularly with regard to privacy and cybersecurity -- then there may reach a point where we need laws around their policies.
It doesn't matter that Apple and Google aren't governments. Either app store approval could be done by a new government agency (after all, aren't doctors and lawyers regulated?), or (far more likely) the legislature could pass laws determining how Apple and Google have to run their own or face stiff penalties that actually have teeth.
So that, at the end of the day, if Apple or Google make a wrong decision and refuse to correct it, you can ultimately sue them in court and win.
This seems like more a solution to open, transparent platforms. It’s a shame that we are going backwards: you used to be able to download software from the internet, direct from publishers with no limitations. Now everything’s all stupid requiring developers to beg the “powers that be” for access to distribute their work.
But that isn't sustainable anymore now that everyone and their mother does all sorts of sensitive thing on the internet. App Stores may not catch any and all malware, but they'll catch some, or even a lot, and they give Google (or whoever runs one) tools to deal with what slips through. They make getting new extensions transparent and they're trustworthy.
What's missing is legislation to level the playing field; either allow alternate stores on equal terms, or abide by rules that force you to play fair in your own store, things like that. There's no going back to the 90s, it's just a whole different world now.
Yeah I agree the legislation would help—but the legislators mostly don’t know much about tech I’m guessing. And the experts they call in I’d wager are from big companies with their own interests in mind.
It's not stupid, though.
Remember how when an older relative would complain about their computer slowing down, and you had to uninstall like 15 toolbars from their Internet Explorer?
Protecting users from malware and spyware is a huge step forward. Most users can't protect themselves from it. Controlled distribution is a net good for society. The question is, how do we minimize the negatives it also brings along with it, such as seemingly arbitrary, inconsistent, and/or vague rejections?
It's not about what we would personally prefer, as smart tech people who know how to protect ourselves. It's about what's best for everyone -- the societal good.
I strongly prefer the internet of the early 2000s than it's cable TV version of 2020s in the name of "safety".
That was vastly preferable to the current status quo where your older relative doesn't even complain about their computer slowing down, because they've been trained by 20 years of planned obsolescence and unupgradable hardware to just buy a new one when given the slightest hint of a problem.
The two have nothing whatsoever to do with each other.
The conversation is about app stores not hardware upgrades.
Progress in one has nothing to do with progress in the other.
Why are you trying to combine them?
Alternative! Software distributions - community maintained packages.
As Arch Linux user if I found a software I like and want to help with distribution I can create package and push it to AUR [1]. This works as recipe - list of make and run dependencies, configuration, installation. Package is not safe and should be reviewed on installation.
Popular package may be pulled to official repository [2], distributed in binary form. "community" repository maintained by Trusted Users [3], "core" and "extra" by Arch Linux Developers [4]. It is evergreen - rolling release. Some distributions provide Stable releases which should be even safer.
Distributions may remove package, block version, patch to its standards. I think if opt-out addons were distributed by Debian they would be patched to opt-in.
In other words - many 3rd party distributions, by users to users, pulled - not pushed, not required to accept all packages.
[1] https://aur.archlinux.org/
[2] https://www.archlinux.org/packages/
"many 3rd party distributions, by users to users" is not how Arch works. Arch has a single official repository, AUR, that everybody uses. Becoming a Trusted User requires you to run for office under a standard voting procedure with bylaws.
I've described that in Arch part. Arch has several official repositories [0] and AUR is not one of them. I've also mentioned Debian.
"many 3rd party distributions" is many distributions - Debian, Arch, Gentoo, Fedora, Mint, etc. It is often cited as inefficient but it provides choice. And if there was only one distribution it would create too much pressure on maintainer not to sell its users.
"by users to users" is general description of distribution. I would be surprised if distribution maintainers does not use distribution they work on.
I've created my own addon and shared it [0] - just a few lines. From user to users - just because someone may find it useful.
I understand it is hard to maintain community and trust. Anyone can create distribution but real working distribution is a lot of work. But it should start somewhere. I review addons I install, I can share it.
[0] https://wiki.archlinux.org/index.php/Official_repositories
Then those users mess up dependencies, or simply forget to update the package for a few years.
Then open source maintainers get spammed with angry users because of a poor user experience they can't control.
That is general problem with Open Source - people expect product and authors provide tools.
Free as "paid by data collection and advertisement" really messed peoples mind. Walking around, thinking "I am a product, my data is valuable". Not for me. The whole story is unfortunate. But there is also Pulse Audio and systemd with toxic responses on real problems, hard not to become angry.
I think an open system with easy to add 3rd party stores would be better. The official stores could focus on super high trust applications from huge brands and let the market find a solution to the bottom end. However, the current system is about maintaining outsized control rather than providing a good product to consumers.
As soon as you give up the idea of preventing people from distributing malicious software, and they're not even doing a good job of it right now, you can let competition in a curation market solve the problem for you. I'd way rather have a system where I can get recommendations from someone that's an expert in an area. Ex: Like JonnyGURU is for power supply recommendations, but for software / extensions.
If you extend that concept to the mobile app stores, a system where someone from my city could run a store for local businesses would be significantly better for users and developers than what we have now. For developers it would be amazing to go to a local business, show some local ID, and get a signing certificate. For users it would be amazing to have a local store where established businesses with ties to the community all have a vested interest in it's quality / trustworthiness. That would be at the lowest end for tiny apps. For anything bigger, someone could build a brand / reputation around curation. For example, think of something like a specialized password manager extension store.
When it comes to Google I think there are two problems that prevent them from building a better system. First, they're arrogant and think users are too stupid to control their own devices. Second, their search has devolved to be an atrocious garbage pit of paid content that's optimized for SEO. It's a cyclic dependency where Google's failure makes it difficult for users to make good choices. Google interprets that as the users being dumb and makes the system even more complicated / less effective by adding more ML and automation.
That also probably plays a role in the reluctance to open up some of the current systems. The attempts at scaling with automation and ML are such failures (everywhere) the only way to make them look half reasonable is to ensure no one else can build a competing system.
> review and approval are done by poorly trained contractors
That's the "middle ground" scenario that isn't true for either side. Apple does directly hire employees to do this, so their policies and rules are often the pain point. Google doesn't hire anyone - they have the team that runs the approval systems and will review certain extensions, but it's completely automated for 99% of all cases.
The only people that probably do use contractors are Amazon for their Alexa skills and Kindle apps.
Apple has contractors as second-class employees, same as the rest of the valley.
I notice this a lot with tech companies - secret rules. They won't tell you what the rules are because they want to keep you dancing. Nobody knows where the borders are, so that gives the company a lot of power and leeway to ban anyone they don't like or that crosses them in any way. More than once, I've seen the "Nope, sorry. TOS! Hands are tied!" when a company dares speak out and gets cancelled.
Imagine if you were getting your house inspected and your insurance drops you as a result of the inspection, but won't tell you why.
> Complaining on the internet should not be a support channel. Developers should not have to rely on the internet attention lottery.
None of the huge tech companies (Google/Apple/MS/Amazon/etc) have an easy (or in many cases any) way to contact human service representatives. This is intentional.
People have been complaining about this for more than a decade. Every week there are multiple writeups on the front page of HN about apps and extensions being killed off.
These corporations will never fix this. They have no incentive to do so. They don't care about individual users or small developers, and don't want to get involved in their "petty" issues.
Why? Because these have no impact on how much money they make.
The only way to fix this is through government regulation, but good luck with that.
> None of the huge tech companies (Google/Apple/MS/Amazon/etc) have an easy (or in many cases any) way to contact human service representatives. This is intentional.
https://www.amazon.com/gp/help/customer/contact-us/ - I have never failed to talk to a human that way.
(For AWS: https://aws.amazon.com/contact-us/)
> Complaining on the internet should not be a support channel.
Oh the many times I have written to a company's "Support" forms and never got a response. And then I wrote to them on Twitter (message) and I got my answers in 2h or less... Unfortunately social media tend to be the escalation point..
I fully agree with that. But I think there is another angle to this that is often ignored/overlooked.
With their (intentional) behavior you described, these companies often violate even basic legal principles and sometimes even specific laws (depending on country/jurisdiction). Moreover, these same companies (again, intentionally) also use their financial/legal weight to pretty much stifle/kill any individual attempts to bring them to task for those violations. In fact, that itself is illegal (antitrust) behavior in many places.
This isn't just about governments failing to regulate these companies, but probably even more so about their failure to even enforce existing rules and protect citizens against such abuses.
It's a pretty good demonstration of how bad the state of class (in)justice really is, including all the corrupt governments that keep it a reality.
Could you explain, maybe with a few examples, how they are doing illegal things with this behavior?
Some previous discussions from a quick search to give some context to the frustration (sorry for the length, it's intended to be illustrative, I cut it at 10):
https://news.ycombinator.com/item?id=23219427
https://news.ycombinator.com/item?id=23229073
https://news.ycombinator.com/item?id=20186915
https://news.ycombinator.com/item?id=21232438
https://news.ycombinator.com/item?id=23285466
https://news.ycombinator.com/item?id=12442048
https://news.ycombinator.com/item?id=21990566
https://news.ycombinator.com/item?id=23168874
https://news.ycombinator.com/item?id=21233041
https://news.ycombinator.com/item?id=20587440
I'm not suggesting Google doesn't care, but...
Google doesn't care.
This happened to an extension of mine as well, with 10k users. After repeatedly emailing them and getting back different snippets of the policy each time, I think there's some kind of AI or a very process-driven team that doesn't do any critical thinking handling each request.
I've ignored them now and the extension is still up so let's see what happens.
It's pretty clear that the walled garden approach will eventually stifle innovation, and building businesses or even apps for fun inside the frameworks of giant corporations is just not a good long term strategy.
This is why I like the hybrid approach that Android has for apps, at least as of 2020.
That it has its walled garden, but it is possible to install from arbitrary sources (with sufficient warnings to users of those dangers). In iOS, you can't sideload at all.
The flow for installing apps outside of Google's approved method on Android breaks 3rd party app stores like F-Droid, such that automatic updates of apps installed via F-Droid, or updating several foreign apps at the same time, cannot work.
Tangential but for those who are developing Chrome extensions, I've made a post about what to expect when submitting a update and how to avoid the manual review from CWS.
It can be found at https://getsnapfont.com/posts/avoiding-lengthy-review-times-...
Google/Apple/MS app stores are pretty much a bastardization of software repositories found in the Linux world for years beforehand[1]. I doubt we'll see requirements to allow importing 3rd party repositories/signing keys at this point without some legislation.
Yes, I get some users don't always know what they're doing and it might be a big security risk, but just put up a big enough warning. People shouldn't be locked in to what software they're allowed to run on their own devices.
[1]: https://battlepenguin.com/tech/android-fragmentation/#packag...
You already can run your own Chrome Extensions repo: https://developer.chrome.com/apps/external_extensions
This is the behavior of a monopolist, and Google needs to be broken up. Google and the various sub-entities get away with no customer support or completely inadequate support and they are a vital part of the Internet.
If there were competition, then there's no way with Google not being able to answer urgent customer support tickets. Because they are a monopoly, they can get away with saving money on customer support. All their subentities like Chrome, Gmail, etc are funded by their search and ads monopoly.
The only way this gets better is by breaking up Google, and forcing them to actually compete. If Chrome had to earn money the same way all the other companies did without having the hundreds of billions that Google makes, it would be a totally different product. They would need to earn their money the same way Firefox does, and would need to earn a portion of their money from things like extensions, and then they would need to compete with better customer support. But because they are a monopoly, they don't have to. It's basically a form of raising prices with no recourse, except what they do is deny services to competitors by having no support.
The only solution is to break Google apart, and force the parts to earn money the way all their competitors have to.
So, I thought chrome was a loss making project, and the only reason it exists is because Google fund it for the data it generated and as part of their wider "use our stuff in exchange for your data" business model.
So if you break up Google, chrome would have to cut its budget or stop existing. And either way, chrome extension Devs wouldn't be better supported than they are now would they?
This is always my question with "Break up X": then what?
A hypothetical Chrome Inc. (or Chrome Foundation) could make its money off of selling rights to the search bar (hypothetically to Google anyway), and, I suppose, donations. Enterprise support would be another thing they'd have to provide (and could sell), especially if they got the Chrome OS project.
It'd be a speed bump, and they wouldn't have the full resources of Google, but I think it could make it. (But I don't know if it should, the open-source Chromium base isn't committed to only by Google.)
And bear in mind: The amount they make this way could adjust, Google would have to be prepared to outbid Bing for default search placement. Bearing in mind, that whoever is the default search engine on Chrome controls the Internet, there's a lot of money at stake.
That's fine, but to out bid bing, you only have to outbid bing. Microsoft have been forced to divest under this new antitrust regime. A maybe yahoo or askjeeves will come to the rescue?
And remember, to improve chrome extension support, you need chrome to get more money from the new sponsor than they got from the Google, one of the richest companies on earth...
But it needs to more than make it. It needs to increase revenue to spend more on correctly policing and supporting its extension store...
"There has grown up in the minds of certain groups in this country the notion that because a man or corporation has made a profit out of the public for a number of years, the government and the courts are charged with the duty of guaranteeing such profit in the future, even in the face of changing circumstances and contrary to public interest. This strange doctrine is not supported by statute or common law. Neither individuals nor corporations have any right to come into court and ask that the clock of history be stopped, or turned back."
-- Robert Heinlein, 1939
That's not what I said. I just said chrome relies on Google for survival. No Google, no more chrome.
I remember back in the day, before Google went evil, getting a reply from an actual human with a name. How times have changed.
From the article:
> It's very possible for a 3rd party extension store to do a better job than Google at blocking malicious extensions.
I don't know that that is the case. Google clearly does a _terrible_ job on this, but they are at least theoretically financially motivated to do the job correctly. It's hard for me to imagine a 3rd party extension store being financially viable with correctly aligned financial motivations.
There are about 200000 chrome extensions, if 200 defected that is not a lot. It should be some minor things. Interestingly it is hard to make educated choice - does it contain opt-out spyware? what is the license? how much JS code it contains and why? is code readable or minified?
Compare with
https://www.openhub.net/p/chrome
https://www.ruby-toolbox.com/categories
Between this and Apple (profit/brand motive) and YouTube (incompetence/copyright bs), you have to be really careful building anything that relies on a platform you don't control. This is why RSS and similar tech is so important...
UGC web (including app stores) has to externalize dispute resolution or they lose all credibility with developers
'separation of powers' is a useful concept in the law, it's coming to the private sector (except with shorter arbitration timelines)
Ironically, after complaining that Chrome Web Store killed their extension without saying why, the author doesn’t answer why either beyond “it was a mistake.” Pray tell: mistakenly hitting “deny,” mistakenly interpreting rules in an unfavorable way, someone marked the submission as “in their queue by accident and then forgot about it? I get that it was a mistake but it makes a difference whether it was a mistake of clumsiness, carelessness, or malice covered with “it was a mistake!” when found out.
You can easily see for yourself on the twitter thread that is linked in the article. There's also this tweet for context: https://twitter.com/DotProto/status/1273824813270700038?s=20
They thought we weren't using the TTS permission, but we are.
You think Google told the reason beyond "it was a boo-boo"? Highly doubtful.
Notice how we don't have this issue with, say, Debian or Arch package repos. Is it because third party source allowed in package managers?
This happened to us by Google just now too. They deleted our app for a violation in version one of the app when we are on version 4 (over a year later) after 100 emails with basic replies, and inability to escalate we are at a loss. This is for Google Play store. Serves us right to try and build a business on Google/Android
Why insisting on staying with Chrome?