I think people should be able to do whatever they want on their own machine. If the setting is there, then let me use it for whatever extension I see fit. Sure, make it harder to do so, but don't treat users like children. I can't even screenshot banking apps on my own damn Android phone now.
It's not about you being able to do whatever you want on your machine. It's extension authors being able to. Malicious Chrome extensions are a huge problem.
On the off chance that Google is truly benevolent and was just worried about users' security, then they could have easily hidden the required network-reading functionality behind a flag or "developer mode", or only allowed it for a small set of manually-audited extensions like uBlock Origin.
The fact that they provided absolutely none of these alternatives isn't a coincidence. Google is a for-profit company with 300+ billion of annual revenue, a giant chunk of which comes from their advertisement services. It's a blatant conflict of interest and there's no good reason to believe that they're acting in good faith here.
> then they could have easily hidden the required network-reading functionality behind a flag or "developer mode"
For all intents and purposes, that's basically equivalent to deleting uBlock Origin for 99.9% of the 29M users it currently has.
> only allowed it for a small set of manually-audited extensions like uBlock Origin
That would most definitely lead to accusation of favoritism. That would be just as annoying of a pipeline to maintain.
> The fact that they provided absolutely none of these alternatives isn't a coincidence
They delayed the release 3 times, it was first announced in 2020. The whole time, they were taking feedback and making changes. They made a ton of changes that made MV3 adblockers possible.
If they really were concerned about user security, they'd do a better job blocking scammy & misleading ads instead. uBO basically _saves_ users from installing dubious Chrome extensions and other malware only because they show up as ads or other annoyances.
Don't they have a vetting process for extensions? Even if they don't, you, the (power)user should be able to manually turn on whatever you want, should you so desire. What's stunning is that we're moving away from this, for our "security." And by then "use Firefox/something else" won't be helpful when entire websites will refuse to work on anything else but Chrome.
> Don't they have a vetting process for extensions?
No.
> Even if they don't, you, the (power)user should be able to manually turn on whatever you want, should you so desire.
It's not as simple as that. As long as it is possible for extensions to have no-holds-barred access to your browser then they'll make that a condition of use, and unsophisticated users (approximately everyone) will just say "eh ok".
Browser extensions are a particularly dangerous case because they auto-update by default. It is very common for popular extensions to get sold to bad actors who then update them to inject ads into everything you view, or worse.
If you make it impossible for extensions to do that, then they can no longer make it a condition of installation.
> It's not as simple as that. As long as it is possible for extensions to have no-holds-barred access to your browser then they'll make that a condition of use, and unsophisticated users (approximately everyone) will just say "eh ok".
Then make it complicated enough so the user has to click through several screens, type in that they know what they're doing and be warned that if extension/website X asks them to do Y, they're getting f'd and should stop. Beyond that, it's their fault.
Why can't we treat browsers like we used to treat PCs? Why do we have to have to make them so "safe" like we did with phones? Tons of scams happen on phones now, so it didn't quite work out, but we still gave up a lot.
Personally, I'm rarely a Chrome user. I'm most afraid of stuff not working in non-Chromium browsers, though.
> Then make it complicated enough so the user has to click through several screens, type in that they know what they're doing and be warned that if extension/website X asks them to do Y, they're getting f'd and should stop. Beyond that, it's their fault.
Yeah I mean... that's just an arms race. You now have to type "allow pasting" into the dev console to paste Javascript there. Guess why.
Browsers can't ever win that race. Malicious extensions will just say "go to settings and blah blah blah".
> You now have to type "allow pasting" into the dev console to paste Javascript there. Guess why.
Would you be content with Chrome (hypothetically) taking away the console instead? Your average user has no business using it anyway.
> Browsers can't ever win that race. Malicious extensions will just say "go to settings and blah blah blah".
You're absolutely right, they can't win the race. People have been plugging holes in software for decades and malware still hasn't been defeated. Taking features away just to plug more holes instead of restricting them doesn't seem right to me. One could argue (I haven't looked this up, though) that even more users fall victims to malware in spite of today's "locked" browsers (and phones) simply because there's an ever increasing number of people online. A lot of that malware is being spread through misleading ads and malicious code that uBO blocks.
With uBO vanishing, a lot of users will be left without an adblocker. Those who aren't tech-savvy enough won't know what to install instead (eg uBL). They'll go on browsing unprotected. Google will see a spike in ad revenue and will be pleased. They have no real interest in blocking scammy ads.
Putting security in scare quotes doesn’t make the actual risk go away. This is a blatant anti ad block move, but you aren’t making reasonable arguments either.
I'm not sure how not being able to use websites without Chrome is unreasonable, though. If it hasn't come to that already, it will soon.
One can find reasonable use cases for every security measure that takes away freedom. That doesn't mean that all such decisions are balanced, and I'm advocating that the user be the one deciding their level of security, knowingly. That's the most important part being taken away, actually. Until there's palpable resistance (or even doubt or endless debate), those taking things away have no reason to stop.
At no point did anyone argue you should be required to use chrome to use some websites. That is a complete strawman you made up here. No one is requiring you to use chrome.
As to your security argument: If you've never seen the past user's desktops filled with browser hijacking and ad / virus ware, then I'm happy for you, but ignoring serious security concerns isn't a valid approach to managing an end user product regardless of the nebulous slippery slope freedoms argument you're attempting to make.
This is not an advocation to ban all adblockers, but you are advocating for basically a free for all, and we've seen how that works. It doesn't and this entire discussion is a waste of time.
> the nebulous slippery slope freedoms argument you're attempting to make.
But it is a slippery slope and we're already sliding down, even if we don't want to. It's hard to make users switch to something else. I know it, I assume you know it, probably everyone on HN knows it. But, and this is key, Google knows it. People are resistant to change, especially if it means altering their workflow. Where said workflow depends on a monopolistic product that's key to unlocking even more ad revenue, do not think that those with incentive won't hesitate to push for more restrictions while claiming they have our own best interest in mind.
No one brought it up now, but there have been cases of websites being deliberately made slower on Firefox. I don't think it's unreasonable to think that this will continue happening. If you do, then let's agree to disagree.
> but you are advocating for basically a free for all, and we've seen how that works.
I'm not advocating for a "free for all." I'm advocating for a "free for the knowledgeable & responsible." I'm advocating for informed consent in computing. We've been moving away from that, more so because of greed than goodwill.
Absolutely. I have no idea if their store requires signing, but in any case, I think you should be able to sideload your own extensions after being lectured on how it might be dangerous. I'm not saying it should be easy, though.
To put it in the flatest way, it's not a given that users trust the platform owner more than some extension providers.
In theory that shouldn't be the case, and not trusting a platform that runs natively and has potential acccess to everything we do sounds crazy. But in practice there's only so many platforms, and depending on one's work or environement, not using Chrome isn't even an option.
In that context, extensions are the most direct tools the users have to get back some control.
