from Hacker News

Our Chrome Extension Is Safe

by imran3740 on 5/15/20, 4:18 PM with 197 comments

  • by raybb on 5/15/20, 4:25 PM

    Previous discussion where Pushbullet was worried about being killed off the chrome store: https://news.ycombinator.com/item?id=23168874
  • by _fat_santa on 5/15/20, 5:15 PM

    You know this wouldn't be so much of an issue if Chrome didn't disable the ability to install extensions outside of the web store.

    As an extension developer its absolutely infuriating to realize that:

    1. There is no way to install extensions outside the web store

    2. Google won't approve anything to the web store.

    3. The vast majority of people use Chrome vs other browsers.

    ------

    I get it, Chrome is Google's browser and they can do what they please with it. However Chromium is open source and it's still impossible to do so.

    Like thanks Google. I spent months developing an extension only to realize that as it stands today for the majority of developers, the chrome web store is closed for new submissions.

    And Google didn't even have the courtesy of telling us it's essentially closed, they just string us along with "pending reviews" (for context I've been trying to get my extension approved since February).

  • by lqet on 5/16/20, 12:02 AM

    So, judging from the discussion on Twitter, there is basically a single guy at Google handling issues like that.

    > FWIW Tweeting at other Googlers will probably just get them to me – not that I have a problem with that. At the moment there isn't really a better way, and as a single human I don't scale well. TBH we have systemic issues to work through to improve the comms process here

    https://twitter.com/DotProto/status/1261058935085101058

    > I'm literally the only one for extensions.

    https://twitter.com/DotProto/status/1261155320740499456

  • by juped on 5/15/20, 8:59 PM

    Wow, they used the "complaining online and getting enough upvotes" support channel. It should not reflect well on companies when they fix things that come to their attention this way.
  • by DrJaws on 5/15/20, 4:24 PM

    They could also tell what was wrong to the customers.

    Also, I laugh about the google promise of being more open. Every single time they screw it and goes viral, they promise the same until 6 months later when another business is screwed again.

    Call it having your mail shut down, your cloud, app deleted on the play store, the extension on chrome, etc etc.

    We've already heard that story dozens of times.

  • by seanwilson on 5/15/20, 7:39 PM

    Until Google gives us a roadmap with what they're going to change about the review process and when, I'm not hopeful right now. I don't understand why they need to be this opaque about it if they want a healthy developer ecosystem.

    It's currently expected behaviour that extension updates from developers can take up to 3 weeks to be reviewed and go live (same as before the pandemic):

    https://developer.chrome.com/webstore/faq

    > "If your item's status says "pending review" for more than three weeks, you should contact support."

    Is it going to change? When? See here for all the developers waiting over 3 weeks for their updates to go live (that's not including what happens when they don't pass review):

    https://groups.google.com/a/chromium.org/forum/#!topic/chrom...

    All we seem to get back from the few people on the Chrome extension team that communicate with extension developers is along the lines of "I understand your concerns, I want it to change as well, and I'll talk to the team".

    It's like the person from Google is talking about getting in touch with a team that work for entirely different company, as if what the team can't be influenced.

    Who's the one making the actual decisions and why don't they talk to us directly?

  • by jakozaur on 5/15/20, 6:33 PM

    The current internet giants got huge monopolistic like power that many dictators of many countries would envy. The set their rules, execute them, and judge them.

    I believe once you become a platform there should be an independent nano-courthouse where you can appeal. Today being rejected by Apple, Amazon, or Google platform is equivalent to the economical death penalty for many individuals.

    It should be possible to pay $100 by individuals and appeal to an independent nano-courthouse if the original platform rejects or blocks you. If you win, the appeal fee is refunded and the platform has to cover the cost. If you lose, your $100 is gone.

  • by graham_paul on 5/15/20, 6:33 PM

    As a Firefox fan, I really hope it happens again and again. It's good for the web as a whole when Chrome fails and Firefox doesn't.

    As a technical person, you should be advocating the use of (real, community owned) open source browsers not just whatever the majority uses.

    I feel that Google's monopoly on the browser market for desktops will be more and more endangered as they (for legitimate business reasons) refuse to provide the services and processes that a modern browser user/developer deserves.

  • by jboydyhacker on 5/15/20, 6:26 PM

    The problems with the Chrome store are likely not over. What good is it if you have to stir up half the internet to get through their process?

    It's not as if developers can go to other platforms since Chrome has 70% of the market. Most of us in tech are in it to innovate and disrupt but hard to do that if everything is a Google or Amazon monopoly.

    If Chrome is broken then the browser market is broken. Devs should organize to solve this since Google doesn't seem to be paying attention.

    We need to collect and organize feedback from those experiencing problems which is everyone. Get it to antitrust folks in the EU and DOJ to start an investigation (to add to their other investigations). If Google knows the EU and Feds are watching, they might start behaving.

  • by benatkin on 5/15/20, 5:02 PM

    I don't think this is proper use of Chrome extensions, and it hearkens back to the days of search toolbars, like the Ask and Yahoo toolbars being installed by Java. https://www.pcworld.com/article/2940688/java-installer-ditch...

    As a user I want my browser's extension support to be more like Visual Studio Code's than like Atom's. Visual Studio Code has fine grained permissions, and prevents extensions from going through and changing everything. Still, it's nice that Atom exists so if I want more powerful extensions, I can use Atom.

    There's two ways to go that I see. One is for someone to release an alternative browser that let you install pretty much any extension, sort of like Atom. The other is for the company that wants to provide the user with an innovative browsing experience to develop their own browser, which is what Brave has done.

    My reaction to Pushbullet is, as the author of the top comment on a recent post put it, "Yikes" [0]. They have funding from reputable VCs but they require way too much permission and store way too much user data for what seems to be occasionally useful utilities, and this places them alongside the Ask Toolbar in my mental model of the space.

    https://news.ycombinator.com/item?id=23172856

  • by fouric on 5/15/20, 7:33 PM

    Who's keeping a list of all of the times that Google has shut down someone's Adwords/YouTube/Gmail/Play Store account / rejected their app / something else without any communication (this doesn't count as communication, as communication has to convey information) or apparent cause? Bonus points for finding the correlation between an article being linked to on Hacker News and the problem being resolved.
  • by dilandau on 5/15/20, 9:50 PM

    This is exactly what PushBullet was hoping would happen, so I don't know why they're surprised. Everyone loves a good "Google's algorithms are destroying my livelihood and I have no recourse" story... Why? Because it's fucking compelling and, to people outside of Google, it provokes a strong emotional reaction.

    Nobody wants their life and livelihood to be fucked over by an algorithm, especially when there is no recourse. These stories almost always end with some random person at Google "fixing something, really sorry" with no explanation. This is how Google operates, and I think they actually try to cultivate this image of themselves. It adds to their mystique and helps them hire bright engineers.

    What can I do? Same as last time this came up, the best thing you can do is just to not use Google properties or software, and turn on your adblocker.

  • by RHSeeger on 5/15/20, 4:50 PM

    > All of that attention resulted in our issue being resolved. This is good for us. It is not yet clear if the attention will help other developers that are struggling with similar vague rejections.

    I think it's been made abundantly clear that Google will not, in fact, improve anything from experiences like this. They happen over and over and every single time it's the same; if it gets publicity, someone helps resolve it; but nothing ever improves in the way of communication.

  • by ulises314 on 5/15/20, 10:22 PM

    Just a couple of loose thoughts on this:

    -The permissions that pushbullet needed originally where a bit overaching.

    -We never knew which was the offending one.

    -Reading the original article it crossed my mind that some of the permissions the extension asked could be used for marketing (I'm not implying that they were used for that), and maybe google just didn't wanted extension developers to have a cut on that.

    -I really don't like how this marketplaces have made big companies gatekeepers for market share.

  • by ocdtrekkie on 5/15/20, 5:34 PM

    I actually had a similar experience with Google Ads: A site was flagged for malware, no explanation what they had found, once I got answers out of them, days later, I found where a non-resolving but probably former malicious link ended up on the site. I purged it, cleared the CDN, asked for review, and was quickly rejected because I allegedly hadn't removed the malicious link.

    I asked them to show me where they still found it... and they then realized it was indeed gone, rejecting my re-review was incorrect, and reenabled the account.

    The only positive on my end, was that since it was the Ads team, where Google's money is, I got human email responses.

  • by spaceribs on 5/15/20, 7:55 PM

    As an aside to all this, seeing Google's team attempt to fight off Zoom's extension has been pretty hilarious to watch:

    https://imgur.com/a/4RwlI0S

    It started out with "Add google meet" not being a button, and below the Zoom button. Last week it shifted to the Google Meet button being a larger blue button. Today, they moved the Meet button to before the Zoom button by shifting their DOM around.

    I assume Zoom can't do anything about this for 3 weeks at least, definitely goes to show how much authority Google has in this situation.

  • by rosywoozlechan on 5/15/20, 4:59 PM

    I imagine the value that Google gets from chrome extensions is a small fraction of what they would get from Android apps.

    They're not going to be able to spend millions of dollars to fund better human moderators and tools for the extension reviews when a typical extension brings what, a few cents for Google?

    They probably can't justify the resources to do the sort of specific feedback that would make this process much better.

  • by afandian on 5/15/20, 5:16 PM

    Pivotal phrase being:

    > things are back to normal now

    I bet this happens again.

  • by aasasd on 5/15/20, 9:46 PM

    There's a great moderately-popular opensource extension providing a desktop-quality image viewer interface: zoom, rotate, stretch by default, all that jazz. Specifically, ‘there is’ this extension for Firefox. It was also there for Chrome, but the dev received the same crappy letter and didn't feel like playing the guessing game. New CRXes are still made available on the site.

    Since Big G's treatment of extension developers is incompatible with their self-respect, I wholeheartedly support devs who decide to dump the web store—despite me making some use of two Chrome-based browsers.

  • by HackOfAllTrades on 5/15/20, 4:58 PM

    So what was the actual change they were required to make?
  • by Someone1234 on 5/15/20, 4:47 PM

    It is good that this was resolved, but not so good that they had to shame Google on HN/Twitter to get it looked at.

    I understand that the Chrome extension store is free, but if you're going to point a bunch of bots at it and have them de-list extensions based on unknown metrics, the least you could do is communicate the "gotcha" rules the extension supposedly violated.

  • by aspenmayer on 5/15/20, 5:01 PM

    What happened to the iOS app? I have it, but it isn't available in the US App Store anymore, nor is it linked to from the site's page anymore.

    https://apps.apple.com/us/app/pushbullet/id810352052

  • by BiteCode_dev on 5/16/20, 7:01 AM

    > Apologies to Pushbullet for the rejection after addressed the original violation

    Wait, what?

    So you have an completly black box ultimatum, and even if you somehow magically guess what needs to be done, if you do it, they can still reject you?

    That's worse than debugging IE6.

    That's dishonest.

  • by 7ewis on 5/15/20, 7:07 PM

    On a positive note, I signed up to get a Chrome Developer account today - made a submission and it was approved within an hour.

    Read it could take a month plus be delayed due to COVID-19. I was pleasantly surprised.

  • by schoolornot on 5/15/20, 4:58 PM

    Can someone from Google use a throwaway to explain why the hell their support is garbage. From the Chrome store, to G-Suite, to Pixel Support. It's just awful.
  • by coronadisaster on 5/15/20, 6:32 PM

    Mozilla Sync along with Nextcloud and Riot.im provides most of the same functionalities (never tried Pushbullet though and wish them luck).
  • by escape_goat on 5/15/20, 6:20 PM

    I'm less qualified to opine on Google than most of the people here, but in hindsight, what Google products remind me of is the way that black walnut trees slowly poison the soil so that the seedlings from other species of tree cannot grow nearby. The good intentions that poured energy into all the 20% products are no longer the point. Somewhere along the way, someone figured out how to use them strategically. The free products are good, good enough to use, until you realize that there is no path for continued growth or investment of resources, and run into seemingly arbitrary disappointments and limitations; it as if at some point, someone stopped the projects from adding cool utility to the product, and started making sure that hindered, crippled versions of the feature were offered instead. I experience this most acutely with the languishing "Google My Maps" product. It feels as if the target is not just potential competition, but the imagination and demand of the market itself.

    I don't actually know the story of Google Reader and RSS feeds, but I remember how integral RSS feeds were to the golden era of blogging, and how abruptly that era seems to have ended with Google Reader's apparent death. And to me, that has a similar feeling. The idea is that the target is not potential competition wherever it might spring up; the idea is to sap the demand that might nourish competition, to suck the air out of the room, and stifle the imagination of the market itself.

    It isn't Google alone who is responsible for this feeling, to be fair. There is watching the growth of the walled garden of Facebook, watching the collapse of the old chat services which allowed independent clients, watching successful startup after successful startup turn new ideas into content for a routine process wherein we see the exact same sheen of gloss on the promises, the same dance steps towards the pirouette, the attempt to pivot gracefully and effortlessly towards monetization in a maneuver that is in fact a mating dance desirous of acquisition.

    All of it really sucks. It's not like there's an easy alternative. People like free things, and with computer-based resources there is often so much opportunity to scale the value of a thing that free things can be sustainable; a project can succeed and be useful to thousands of people merely on the basis of the labour that some are willing to commit to to sustain it. Again, I'm less qualified to describe this than most of you are. But that's what open source is like.

    It doesn't work with services. Code that runs of different platforms can be replicated/adopted for infinitesimal cost, and the underlying costs of running it are naturally distributed. Services are different. The replication/adoption and the creation of value both involve on a massive rush of the many to the one. That relationship pretty much sums up the whole story. If capital accrued to capital by a square law, attention would accrue to attention by a cube law. In idiosyncratic niches that cannot be satisfied by the mass service, alternatives are actually viable and flourish. But anything that would be beneficial to us all encounters this problem of needing to absorb the real costs of operation while seeming to be as free as possible, or else the users will flit away to a different flower.

    There's no good solution to this, but the way in which Google has graciously assumed responsibility for directing our attention does not make it better. All the improvements to search results over time seem to focus attention more and more to what an archetype of user is likely to be satisfied with. I would not be surprised if the energy costs per search had gone down. As many have noted, esoteric results are increasingly invisible.

    Anyways, this is what we have done with the new universe of human communication that has opened up in the last few decades, which we imagined we would leverage into new systems of effortless communication and collaboration. And we have, to a lesser extent. Second best or third best. But we've discovered this really intractable problem with the distribution of costs.

  • by duxup on 5/15/20, 5:11 PM

    It was approved ... but did Google ever communicate exactly what the issue was with the permissions they used?
  • by cryptonector on 5/15/20, 10:54 PM

    Is there a list of all the permissions they stopped asking for?
  • by asdf21 on 5/15/20, 4:59 PM

    So... what was the issue?