810 comments

[ 0.20 ms ] story [ 447 ms ] thread
Thanks for posting this publicly. I’m all for the general idea of reigning in unnecessary data collection/prioritizing user privacy, but sometimes you just need certain features to make things work!
Agreed. I really did see benefit to the changes I made that reduced our permissions requested based on the initial email we received from Google. When even that was rejected though, I kind of got slammed with a "well.... what do I do now?".
As a daily Pushbullet user, thank you for posting this! It's maddening that the best way to escalate a Google customer service issue is social media.
Well this is my favorite Extension, If Google kills it then how will users gets its pushbullet chat data back.
What's more is that chat history is broken, I can't see tons of messages on the web interface.

You can still access some on the web.

But your best option is to do a GDPR request to export you all your data.

Another happy PushBullet user here. Extremely useful for receiving text messages from my phone while on my laptop, especially for web apps that insist on sending security codes that way instead of TOTP.

This sort of behavior from Google really is infuriating. How they can just decide to boot an app from the Chrome Store that is installed by over a million users is mind-boggling.

It's a pity that Chrome doesn't allow extensions to be installed from the new Edge store, like Microsoft allow Edge to install extensions from the Chrome store. With both built on Chromium, that could've potentially been a workaround (though you may want to consider adding this extension to the Edge store anyway).

Hopefully someone from Google will see this and stop the madness or be able to provide more details on exactly what needs to be done, though I wouldn't bet on it.

I switched to Edge chromium when the first production release came out and I am extremely happy. I use all my extensions including unlock origin straight from chrome Web store and it feels a bit snappier than chrome itself.
> It's a pity that Chrome doesn't allow extensions to be installed from the new Edge store

Why would anyone want to do that? What's a real pity is that they make every effort to block users from installing their own extensions. App stores are terrible.

How does Chrome prevent people from installing their own extensions? Download-and-unpack still works fine, last I checked.
No, they make every effort to ensure that installing extensions outside the store is annoying so that you can't push your malware by just having users download and install it. This kind of malware plagued Firefox for years until they made extension signing mandatory
If I am in a position to install random shit into Firefox I am also in a position to just modify Firefox, so that doesn't accomplish anything at all except remove functionality from users.
Except most targets won't modify their Firefox.
I think I am not understanding your use of the word "target" here, as I would have expected that to be the person being targeted by the malware install, but that person isn't someone who by definition even knows what is going on: it is the attacker who is choosing to install something into Firefox without the express knowledge of the target, and so it is the attacker whom I am noting is able to choose to instead modify Firefox; if the target were making the decision to install the extension then clearly they should be allowed to do whatever they legitimately want to do with their software.
Makes me wonder how much of this is motivated by Googles Messages App now having a web interface...
It looks like they have a Firefox version of the extension.
This is awful. I'm going to send GCP support a message with the small hope that someone can flag it up to the right team.
GCP and the rest of Google are separated from each other similarly to how YouTube and Google are separated. Unfortunately, the odds of that technique working are very low.
Well they responded saying:

> Although I am sure that this is not the correct place to reach out, I have reached out to the Chrome privacy team to see if they can give us some advice for PushBullet.

Though I posted this before this article was on the front page of HN.

the corporate gorilla beats its chest, demanding you comply!

But with what, it does not say ¯\_(-_-)_/¯

(comment deleted)
The answer is to run a campaign to work with Firefox and Safari only, and convert all users to either platform.

Seriously, fuck google. I'm just done with them.

There are no WebExtensions on Safari
Another long-term PushBullet customer here.

Anyone at Google who is listening- this kind of behavior kills my desire to continue using your products dead. I need functionality, of the type PushBullet has provided for years, to do my work. The recent nerfing of ublock origin has already had me feeling iffy on things. Behavior like this is simply unacceptable. If you want people to use your services, you need to have some way to communicate. Period. "If you use our tools, we can kill your livelihood at any time for any reason and tough shit if you want a why" doesn't exactly inspire, you know?

Switch to Firefox. It has gotten much better.
And there's also a Pushbullet add-on for Firefox: https://addons.mozilla.org/en-US/firefox/addon/pushbullet/

Not sure whether the functionality is the same.

Yup, exactly the same. That's what I use. The only thing Chrome was better in the past was audio pitch correction in sped up videos. Firefox recently fixed that so now for me there is absolutely no need to use Chrome anymore.
Thanks for the link. So it's a subset of kdeconnect/gsconnect for Linux/Android [1] [2] [3]. I'm using it to share files and tabs from my phones / tablets to my pc and viceversa. It does many other things including sms from the pc. It works with any browser or with no browser at all. There is no need for an extension.

I'm sure Apple has had that too for a long time and I saw something like that from Microsoft a few days ago.

[1] https://play.google.com/store/apps/details?id=org.kde.kdecon...

[2] https://community.kde.org/KDEConnect

[3] https://extensions.gnome.org/extension/1319/gsconnect/

While Firefox is better than Chrome...

Mozilla is becoming more and more Google Like as time progresses, where a few years ago I would have believed it would be unthinkable for Mozilla do so something like this to an extension, today I am not so sure I would trust them either

Mozilla doesn't have the conflict of interest google does with ads...

That alone makes me use Firefox over Chrome.

Doesn't Mozilla get nearly all its money from Google; I've assumed that actions by Mozilla have been coloured by not wanting to ditch its multi-hundred-million dollar benefactor.

Google has apparently paid Mitchell Baker personally multiple millions of dollars too.

Seems Google know how to manage their risks.

Mozilla seem perhaps even more beholden to ad revenue than Google.

> Google has apparently paid Mitchell Baker personally multiple millions of dollars too.

What are you talking about?

Google fund Mozilla, it's not a secret, you can use a search engine and find such information.

Or did you mean to contradict me rather than ask a question?

I know that Mozilla has historically been paid by Google to make Google search the default search provider in Firefox. But you just claimed "Google has apparently paid Mitchell Baker personally multiple millions of dollars too" which is something different that I have heard nothing about. So, what is that claim about?
I agree to some extent, e.g. the pocket integration and Mozilla burning cash on things that aren't related to Firefox, but Chrome's decision to limit/break key adblocking APIs across their whole ecosystem is much worse. I'd be willing to ignore almost any number of removed extensions to continue using a browser that's not owned by a glorified adtech company.
Can you give a few examples of how Mozilla/Firefox have changed?

We all know about FF Quantum. Yeah it sucks what happened. Maybe there was an alternative, but any one saying Firefox should’ve just stuck to not being compatible with Chromium extensions is kidding themselves on how badly that would’ve continued hurting Firefox’s market share. The XUL powered extension I’m sure were powerful so the outcry in certain places was huge. Vocal minority.

The Pocket integration got lots of outcry which seemed pretty silly to me. It’s one product they own. Mozilla doesn’t have a ton of products. Yes that is Google like. Much like any synergy or integrating is Google like. Which is really just being a modern internet corporation. If this is one of the reasons. Why would Mozilla of 5 years ago not have done that vs the Mozilla of today and whenever they did do it. 1-2 years ago I think?

I'm not the previous commenter, but on Android Mozilla is removing the ability to install extensions from third parties (think GitHub, etc.) and will trim the only left official extension store down to a few extensions. (I think it's below 20 right now.)

An ecosystem where all extensions need to be channelled through one central power broker is pretty much the main requirement to allow them to do what Google is doing in the linked Pushbullet case.

edit: this is all factual, sadly downvotes won't change it.

This is temporary while the Android team builds out and stabilizes the add-on APIs supported in the new Firefox for Android. Otherwise it'd be a total crapshoot whether an add-on you tried to install worked or broke randomly (potentially in gnarly ways).
If locking down on the extension ecosystem were only temporary they could just defer the nearing downgrade of their main line browser until their replacement is fully functional.

But that's not what they do. Instead we do have a clear announcement on a feature removal and a vague hint that they might add it again in the future.

It's absolutely not sure that disabling non-store extensions is only a temporary defect.

If you have evidence that suggests otherwise, feel free to add it.

It does not help that their marketing language feels designed to consistently avoid any meaning whatsoever.

> If locking down on the extension ecosystem were only temporary they could just defer the nearing downgrade of their main line browser until their replacement is fully functional.

The update is going ahead because the new Firefox for Android is such a dramatic improvement along all other axes, and because, from a development perspective, the incarnation it's replacing is saddled with legacy and technical debt. It never received most of the benefits from Quantum, for example.

> The update is going ahead because Firefox Preview is such a dramatic improvement along all other axes.

...and even the extension axis, from a power-aware Mozilla position. That's what makes it suspicious in the first place.

A few years ago they had a bug that added seconds to every page load that they didn't fix for half a year, but once an update coincidentally consolidates power at Mozilla it needs to be pushed for all its supposed benefits and despite all its known drawbacks asap.

We wouldn't buy that if it were Google or Microsoft and we shouldn't buy it in Mozillas case either. ... If they even announced that they plan to reopen the extension system, which they (to my knowledge) did not.

Personally I don't notice any grave difference between Firefox and preview. Apparently scrolling should be different, but my mid-range phone scrolls just fine in both apps.

> A few years ago they had a bug that added seconds to every page load that they didn't fix for half a year,

What are you talking about?

They've rebuilt their browser from scratch and are re-adding the APIs. It makes total sense to prioritize the most frequently used ones now and expand to the other ones later on.

For me personally, Privacy Badger and uBlock Origin are already there. I don't think I need a third one at all.

You're not challenging anything of what I wrote.

You seem to be more confident on their reestablishment of the extension ecosystem but didn't explain how you arrived at that conclusion.

FWIW, killing XUL extensions wasn't even really about Chromium compatibility. The changes in the Quantum rearchitecting were going to break everything anyway; the decision was made to move everything onto an add-on system which wouldn't just break again and again with every architectural change (which, yes, did have the benefit of Chromium compatibility).
I don't think the Pocket was owned by Mozilla when they announced their integration. Looking it up, it looks like they bought it 2 years after the initial announcement so I can see it being controversial.
Quantum wasn't even about Chrome compatibility. The XUL extension mechanism was permanent technical debt loaded onto the browser because of how it exposed features, basically welding things directly onto the browser's guts, which on the one hand is super-convenient for making radical changes in an extension and on the other hand is a nightmare to maintain.

The analogy I've used is the Amiga operating system design versus Unix when it comes to multi-core / multi-processor versus multiprocessing. Amiga welds everything to the hardware, the Unix design has a "system call" mechanism cleanly separating your programs from the OS and vice versa.

Because Unix has this relatively thick layer between the OS kernel and the rest of the world, you can just pick up your entire kernel, wrap it in a lock (in Linux this was called the Big Kernel Lock in some BSDs it was Giant Lock and other Unix systems gave it different names) and you've got a multi-processor capable system. Linux did this in about a year IIRC. For purely CPU bound software this minimal work gets you 99.9% of the performance of a custom built OS designed from the outset for multiple processors. Subsequent work to get rid of the BKL further improves performance on more sophisticated workloads, but you're off to a great start.

Amiga couldn't do that, every part of their system could interact with every other part as it liked, so if you tried to just add one lock to protect things the resulting system might randomly deadlock, maybe only on systems with specific hardware or software combinations, and you basically needed to reconsider everything from the ground up.

You need a degree of abstraction like this, the Chromium-style web extensions have it, the XUL extensions didn't, adding it to the latter would have been years of work only to deliberately be incompatible with both existing software on Firefox AND everybody else, madness.

There are definitely things we want in extensions. For example Firefox has a copy of the Public Suffix List baked inside it (all browsers should have this, in its absence you'll get weird security behaviour around how domains and sub-domains work) and I'd like to access their copy from inside an extension to make it behave how users expect. But obviously the extension can just ship its own copy of the PSL, and then keep that up-to-date it's just a waste of resources.

> The XUL extension mechanism was permanent technical debt loaded onto the browser because of how it exposed features, basically welding things directly onto the browser's guts, which is a nightmare to maintain.

There is no evidence for this at all. Extensions can't modify the rendering engine.

"guts" meant the XUL implementing the Firefox UI. tialaramex is absolutely right about that, extensions had total access to that XUL/JS state, which is why changes to the Firefox UI inevitably broke extensions.
First of all, they deliberately destroyed my bookmarks.

https://drewdevault.com/2017/12/16/Firefox-is-on-a-slippery-...

> For a long time, it was just setting the default search provider to Google in exchange for a beefy stipend. Later, paid links in your new tab page were added. Then, a proprietary service, Pocket, was bundled into the browser - not as an addon, but a hardcoded feature. In the past few days, we’ve discovered an advertisement in the form of browser extension was sideloaded into user browsers. Whoever is leading these decisions at Mozilla needs to be stopped.

> Here’s a breakdown of what happened a few days ago. Mozilla and NBC Universal did a “collaboration” (read: promotion) for the TV show Mr. Robot. It involved sideloading a sketchy browser extension which will invert text that matches a list of Mr. Robot-related keywords like “fsociety”, “robot”, “undo”, and “fuck”, and does a number of other things like adding an HTTP header to certain sites you visit.

https://www.theverge.com/2018/5/7/17326184/firefox-ads-spons...

> Mozilla’s motto is “internet for people, not profit,” however the realities of having to fund all of its ventures are forcing the company into adopting one of the web’s less human-friendly aspects: sponsored content. Having acquired read-it-later service Pocket last year, Mozilla has been populating new tabs in Firefox with Pocket reading suggestions — and those are now going to include links that an advertiser has paid for.

Being in a country that was the last holdout for Firefox (majority usage) before it was also taken over by Chrome, I know that several others as well as I have issues with Mozilla. Personally, I've always used Firefox, without exception, and stayed with XUL, rather than switch to their new browser, as add-ons are the most important part of a browser for me. I don't care if one is half a second faster or not.

Not to mention that stuff like stupid redesigns of logos as well as the Pocket issue made me basically lose all trust in Mozilla. Privacy is a huge deal here after all. Those who switched regularly complain about design issues (apparently the desktop browser is becoming somewhat "mobile-like") and most recently the address bar problem which upset everyone except for one person who didn't care about that. (Meanwhile, I'm happy with my address bar being my address bar and my search bar (being just right of it) being my search bar.[1]) If you would ask the people still using Firefox here whether they would recommend it...they would most likely say "no" but then would go on that while it isn't good, the alternatives aren't either.

So the question of change in direction (which is obviously there) regarding Firefox begs the question which people they are actually targeting? It's certainly not your average Joe because Firefox will never be able to out-Google Google. They are also annoying the more advanced users who just want privacy as well as useful things (add-ons, proper baked-in features etc) with their shenanigans, so it can't be them either. The only people I see actually celebrating new releases all the time (regardless of negative changes) are the crowd on HN. So, to me, it seems like they are targeting some kind of tech bubble (no offense) while basically ignoring the users out there. This is, of course, also reflected in them continuously losing marketshare while all the back-patting is happening.

[1] https://abload.de/img/address-search3hjh4.png

Mozilla has to target the mass market or they won't survive. They certainly have to target people who, unlike you, care about performance more than anything else, since that's most of the market. You can argue it's hopeless but you can't expect them just to give up, nor should they.
DNS-over-HTTPS was the big one for me. Mozilla betrayed us here. They've pushed something browsers shouldn't do into the browser, and in my case, started to roll it out to my browsers despite my network device being set to block it.

They actually managed to implement a policy that respects user choice and freedom less than Chrome, which only implements DoH if your set DNS provider supports it.

> DNS-over-HTTPS was the big one for me. Mozilla betrayed us here.

Betrayal indicates some intent to harm users; the intent of DoH is clearly to safeguard users. However, the rollout was absolutely hamfisted & shortsided.

It's notable that the DoH deployment is about the only example here of Firefox harming users. Compare that with Google rewriting Chrome's code to hobble uBlock Origin & leave users more vulnerable to nefarious ad tech.

The former was Mozilla putting user safety first (in a poorly handled way) while the latter was clearly Google doing the opposite.

Don't get me wrong, I would always choose Firefox over Chrome, but I lament the lack of a major option that seems to not follow Google's plans and generally assume they know better than the user how to use the web.
> The Pocket integration got lots of outcry which seemed pretty silly to me. It’s one product they own. Mozilla doesn’t have a ton of products.

I switched to Firefox after the Pocket thing happened, so I didn't follow the "outcry" and can't say if the tenor was justified.

However, as a new Firefox user not familiar with the history, the pocket integration just felt "icky", particularly in combination with the new tab page. Regardless of Mozilla's intentions, it seemed like another instance of Software A trying to push me toward unwanted unrelated Service B, as so many modern tech products are wont to do. Mozilla should be a sanctuary from that crap.

Luckily, I found out about the about:config flag to disable Pocket, and I've been happily ignoring it ever since. I just think it's an unfortunate experience for new users. Hopefully I'm wrong and Mozilla is right about what most new users want.

Have they done it or is it just an uneasy feeling?
Who do you trust? Certainly not Chromium-Edge. That leaves "only browse the internet on a Mac with Safari" or browsers with such tiny market share that they'll never be tested against, and sites will routinely be broken for you. My company doesn't do any non-Chrome compatibility testing, so all our intranet sites require Chrome.
Plus any smaller browser likely just another Chromium or Blink fork. There is very little out there these days that is truly independent.
Why not firefox?
In the past, it used to be (at least for me) because of Gecko. Websites didn’t render the same as in WebKit.
Not sure when that was but I have no rendering issues with firefox. As a webdev I can say that FF's rendering these days is pretty much spot on.
I have a very silly reason but it just irritates me so much that I cannot use Firefox. It does not support win10 precision gestures to zoom and go back/forward.
I use firefox. The parent comment said they didn't trust firefox or chrome.
> Who do you trust? Certainly not Chromium-Edge.

Why not? Chromium (= Blink, plus some other stuff like a network request stack) development happens in the open, just like WebKit development. It might be steered by Google to such an extent that there's always the possibility of it going in a bad direction; but it's not like you're not going to hear about it if something privacy-violating is introduced into the Chromium codebase (rather than the downstream Chrome codebase.) And you can switch away from the browsers that use it if/when that happens.

For that matter, if upstream Chromium ever did start "going bad", those browsers that rely upon it would also likely switch away from it, either cooperatively forking it into a new community-maintained project, or switching over to WebKit (with which it is still mostly ABI-compatible.)

> browsers with such tiny market share that they'll never be tested against, and sites will routinely be broken for you

Even if you don't want to use anything based on Blink, WebKit is also a large ecosytem, and minor WebKit-based browsers can "inherit compatibility" from developers targeting (mostly Mobile) Safari. Several Linux browsers (GNOME Web, Falkon, Midori) use WebKit, for example. They render everything just fine (i.e. just like Safari does.)

I wanted to like Edge but...

> The browser also sends unique hardware identifiers to Microsoft, which is a "strong and enduring identifier" that cannot be easily changed or deleted.

https://www.bleepingcomputer.com/news/microsoft/research-fin...

Oh, ah; I thought the above meant "why not Chromium and/or Edge" rather than "why not the Chromium version of Edge."

Yes, I can see why you'd avoid Edge specifically, same as avoiding Chrome specifically.

But that's not an argument against using upstream Chromium (which is, in fact, a browser all on its own, stadnalone downloadable and shipping with several Linux distros); or against other Blink/Chromium-based browsers (e.g. Brave), no? Either choice would get you compatibility with anything Chrome itself is compatible with (in terms of websites; not necessarily in terms of extensions—though the difference is just in the legacy Chrome extension APIs; WebExtensions work fine everywhere.)

It's Chromium that's hobbling the content-blocking extension API.
Unless you frequently use spyware websites that are too lazy to do server-side scripting, using a browser with a less used engine is fine.
I’m absolutely loving Firefox at the moment.

I have temporary containers extension plus an extension to manage google and Facebook containers and the whole thing has become such a pleasurable experience. Combined with pihole it feels like I’m reclaiming the web back again. Such a blissful experience.

Yep, for me Multi-Account Containers and Tree Style Tabs are both killer features. Being able to load the same page with multiple accounts within the same browser and without losing everything after each session is a game changer for all sorts of situations, as is being able to keep dozens or even hundreds of tabs open without squeezing and squishing them unreadably into the top of the window like some kind of maniac.
And with temporary containers isolation pages that don't have their own dedicated containers get all their history deleted after they close (by default a few minutes later, so undo close tab works), just as if you'd opened each new tab in an incognito window.
Chrome is a trivially easy product to switch off of compared to other Google properties like Gmail and YouTube. Have you tried Firefox recently?
ProtonMail has come a long way as a replacement for Gmail as well. Suuuper happy with them, they're really responsive to feature requests and support inquiries. I requested for an iOS feature to choose browsers so I could open all links from PM in Firefox. They had it implemented in a month or something... it a quick fix but that impressed me. hence me shilling here They recently added ProtonCalendar too.
Switching email isn't nearly as friction-free as switching your browser. Not only do you have to change your email in every service you've registered for, you also need to convince your friends and other contacts to use the new email.
It's a year-long project in the minimum:

1: Start up new email (for me it was Fastmail) and preferably get your own domain

2: Forward all mail from gmail to your new account

3: Create a rule that flags messages that are still delivered to gmail, go through them at your leisure and swap to the new address

I'd stress the "get your own domain" part. This is a _requirement_, or you're going to be going through the same pain again in a few years.

Also, make sure you take backups of your old emails every once in a while. Google Checkout should be able to provide those.

What’s the risk of losing your domain from a forgotten renewal?
I would assume most domain registrars send you reminder emails as your expiration gets closer.
There is always a risk of loosing an asset, that includes hijacking. However to reduce forgeting of renewal there is the recipe I have once read here on HN:

Renew your doman for 10 years now, and then every next year do 1 year renewal. If you forget it then you still have 9 years of buffer.

Some registrars let you enable automatic renewal, so in that case the only risk is to keep paying for a domain that you forgot of.
How is credit card expiration handled? Or do you suggest another payment method?
I think they sent me a notification about the expiring card once.

Another alternative is using one that accept recurring payments through PayPal; that way you would have to handle card expiration only with Paypal.

If a domain is important to you, you should have it set to autorenew.
I have all my domains on autorenew, probably many I should have let lapse now, and some of which I have regretted letting go of.
I feel your pain.. I accidentally let my main blog domain go a long while ago when I decided to drop most of the domains I was holding.

Beyond this, I've had a few pretty good ones over the years... right now, I've got about 30 of them, and just keep thinking I should let most of them go.

I've used auto-renew ... but it turned out my biggest risk was actually the expiration data on my credit cards
I loaded up credits at my registrar to last a couple years because of this.
That's we something like PayPal is nice, your cards can expire and be replaced without interruption to automatic payments. And like the email problem, you don't have to go around changing it every couple of years.
If your domain name provider is serious, almost none: there's a transition period (a few weeks) between the expiration date of your domain and when somebody else can buy it again. So if you forget to renew it, your emails stop working and you'll renew it really quickly ;).

Source: it happened to me last month (the provider being OVH).

You'd probably have to really work at it.

Most registrars are going to send you multiple emails leading up to the expiration, when it expires, and after it expires reminding you it expired. You'd have to miss a lot of emails.

And once it has expired, you have (depending on the TLD) over a month of grace period where it's not available for general registration where you can still renew it. You'd have to miss the fact that all of your services were offline for over a month.

I only work with a company who’s team I can actually call. i pay a bit more, but that direct access is great.

It’s actually hard to lose a domain if you have a good registrar. There is 90 day quarantine period even if you cross the renewal treshold. You can also domain lock, which means you need to manually unlock a domain before moving.

getting your own domain might be fine for tech-savvy people, but for the general population it isn't really an option.
The most important change you can make for your email is to own your own domain. Once you own your own domain, changing providers is much easier since it is transparent to the people that email you.

Even if you decide to keep Gmail, you should switch your email to your own domain.

One worry about tying your identity to your own domain, is the security of your identity (aka your domain) hinges on the security of your registrar. If a bad actor can socially engineer their way into controlling your domain, your entire identity is compromised.

Here's a blog post about this nightmare happening to someone: https://medium.com/@N/how-i-lost-my-50-000-twitter-username-...

I agree that that would be catastrophic, but I’m not convinced that using custom DNS changes my risk factor. If someone took over <my name>@gmail.com, they could do as much damage as they could by taking over <my name>@<my domain>.
Yes, but there's still an increase in the attack surface - it's a lot harder to convince a registrar to turn over gmail.com than <my domain>, for most values of <my domain>. It's not a deal breaker, of course, but it's something to consider when looking at the risk factor.
If you use an email provider to host your domain's email (e.g. Fastmail, GSuite, etc.), I believe you're actually increasing your risk factor.

The security of your identity will depend on your registrar, your DNS provider, and your email provider.

So, which ones are the good registrars?
I generally trust the major cloud providers a bit more than the companies focused on acting as a domain registrar.

The domain registrars are generally a race to the bottom and focused on "add-on" sales as most people are shopping on price and that's going to reflect in the overall quality of the things that most people don't really notice like, y'know, security and validation.

You don't hear a lot of stories about Amazon/GCP/Azure handing over someone's entire account based on a couple digits of a credit card number and it would be a PR nightmare if they did (hell, look at the flak they catch just for the data that people leave public on their services that ends up released... imagine if they handed it to someone). An active account with 2FA/etc enabled and a secure recovery email is probably safe enough for most people.

Spend the extra couple bucks to register through one of those guys instead of JimbosDiscountDomains.

So use Google or Microsoft to register your domain?

Doesn't that bring us back to the same potential problem though?

I think the idea is to use their "enterprise", paid offerings as opposed to relying on the "free" services that Google or Microsoft offer.
Google, Microsoft and AWS offer registrar services becuase it keeps you in their ecosystem for their higher margin products. THey generally offer competitive pricing for things like doamin registration and don't pull stunts like charging 2x as much for "privacy protection" or the even more dirty tricks like godaddy and other bottom feeders.

I recently trialed hosted email with AWS and while it is very basic it only costs 4/user/month - cheaper than my google apps service. I was also able to register a new domain at market rates and get dns automatically setup (I think?) on AWS as part of the service. Now because I tie my monthly AWS spend with my registrar I'm more confident I can get some customer service as well.

staying inside a vendor's ecosystem for very selective services can actually work out quite well, as long as the seller/customer incentives align and they are relatively commodity services.

No.

The main issue raised several comments up is portability. No provider locks you to only using their email offering/cloud offerings if you register their domain through them. Even if they did, transferring domains is trivial and well-supported everywhere.

As far as any other objections people usually raise around using hosted email and the like, a domain really has no comparable privacy implications in the real world (you're not handing Google or Microsoft a huge corpus on your life). It's also through their enterprise offerings where as long as your bill is paid they're generally not going to have some automated review suspend your account with no reason, and if they did they have actual support you can get in touch with.

This solves basically all of the problems with using an @gmail.com/@outlook.com/etc email address.

Or… use a smaller registrar which actually charges more in order to provide support which you can contact personally. Most (if not all) large registrars are indeed in a “race to the bottom”, but that does not mean that all registrars are.

(Disclaimer: I work at such a small registrar. No, I’m not going to tell you which one; we aren’t targeting the global market, anyway, only our local area.)

Google is great for this because they will never actually let anyone talk to a human in order to apply social engineering techniques ;)
But do you lose your domain if google bans your account?

The requirement is being able to switch email providers, especially google, when they lock your account. You don't secure your flow of email with a domain if that domain is managed by google, too.

So my statement was a total comedic effort not to be taken seriously, I'd never suggest anyone use a company on the basis of terrible customer support. That's what the semi-colon parentheses at the end was meant to signify.

To attempt to actually answer your question, I believe the nature of the governance around registrars would ensure you have recourse to transfer your domain in the case that Google be Google. It might not be slick. I don't know. But, it's unlikely they can override the overarching policies for such things and continue being a registrar.

I think the bigger question is how much work it is to update the DNS servers with your registrar and then change your DNS provider. If google locks you out of your email that you use to manage your domain you could be in trouble...
If you don't use your google account for anything but domain registration, what could they even possibly ban you for?

While I am aware that Google tends to have quite a few false positive account bans, it is one of the most extremely unlikely things to happen, if all you do with it is pay for your domain registration.

I've been happy with Joker and AWS Route 53. I've used Joker for years and years; at the time they seemed sane both technically and as a business, and that's how it still feels. Route 53 is more recent, but it's been solid and reliable for me. And it's been very nice to control it declaratively with Terraform.
I use namecheap which has two-factor authentication, domain locks, and support pins.
I use Namecheap too, but they took forever to add 2FA (it was added a few months to a year ago, maybe?) and I don't have any faith they'll add FIDO2/U2F any time soon.

EDIT: Oh daaamn it looks like they did it! Huh, faith restored. jgc, CloudFlare should follow!

EDIT 2: I'm just full of failures today, CloudFlare supports U2F as well. This is great news all around.

EasyDNS (https://easydns.com), based in Canada has been around for years, and has a good reputation for not blindly actioning DMCA requests (which can be important for some). :)
owning your domain and having control of a domain through a trusted registrar is better than relying on the worlds largest advertising company to manage your digital identity (email), which is offered as a free service, that's subject to a catch-all ToS.
The article is literally about a user who was attacked because Twitter, Facebook ad GoDaddy have bad security, while his Google account was safe.
An isolated fail in 2014 by one vendor, primarily due to poor support processes, is not a convincing argument to keep all digital identities in Google's possession.

There's also the risk of Google shutting down your account because you do something they don't like. This will lead to a similiar outcome and you won't have any recourse.

I think that GP's point is that "safe" is a tricky word to use when your data is in the custody of the world's largest non-governmental surveillance network with a a catch-all TOS.
I know some will reject the idea.. but if Google is your domain registrar, they'll do email forwarding without an extra charge.

I've started using @mydomain where the is the website/service I've registered for... doesn't help with my existing stack though.

You can just do forwarding. I’ve run my own mail service since the 80s, and when I need a google login to work with someone I just create it and forward my mail. When the project is over, just delete it. Easy-peasy.

Unless a client wants to use google docs I‘ve never found an account to add any value anyway. I don’t use google search much any more but when I do it works fine without cookies.

And I try chrome occasionally (it’s needed to use google docs) but it uses too many resources to use as any kind of default. It’s also harder to enforce privacy with it.

I was referring to google hosting the mail service, so no need to diy or pay for another server, and you don't need to use gmail with it.
Oh, ok. In my case some of my servers are over 20 years old, though I run less critical services on them. My newest machines is about 4 months old. My buddy in the rack next to me is a few servers from the same batch as my 20 year old ones. Obviously the most critical stuff runs on the newest hardware but when you’ve had a machine running uninterrupted for a decade or so why mess with it? Annualized cap ex + the op ex is negligible at this point.

As personal servers of course “critical“ is pretty idiosyncratic, though I have used them to start and host various companies overnthe years until it was worth giving them their “own” hardware and identity.

I admit the age of managing a rack full of servers in a colo has largely passed.

Google Docs works fine in Firefox and Safari.
A bunch of features like context menu, many key shortcuts don’t work under safari but do under chrome. Dunno about ffx
> Even if you decide to keep Gmail, you should switch your email to your own domain.

Do you pay for Google Domains, or just have some other thing forwarding to gmail, and gmail configured to send with that as a 'from' address, which I think is possible? What's your advice?

I recall seeing this recently on another HN post, where they had set up a blanket forwarding rule from their Gmail to another email account. Their Gmail later got dinged but the forwarding rule continued to work.
I did that years ago. The only downside is that every 2-3 years some email gets stuck in gmail’s spam folder.
You don't have to switch overnight, i simply forwarded all my incoming Gmail e-mails to my new account, and then reply to all my Friends (etc.) from my NEW e-mail address. That way they will all, eventually, automagically update me in their address book. It worked very well :)
Have to respectfully disagree here...we tried protonmail for ages and it wasn't good. Wet feature adding it sounds like you got lucky but we ask for several features over the course of a year - ranging from simple things such as HTML signatures (that they fully support, they just hide the button on their editor) to more enterprisey user management 2fa enforcement style features and it just didn't hold up in the slightest. No features got added and we ended up going back to o365..for a personal email it's ok though but I wouldn't tout them as responsive to feature requests as this wasn't our experience at all. We were a sma the on their visionary package if that makes a difference.
You can set up forwarding rules and switch gradually. It's pretty much painless.
I have happily paid for ProtonMail for the past couple of years. I moved all my important email (i.e. anything involving money) off of gmail.
I as well. Gmail is now my spam account. Very happy with ProtonMail.
ProtonMail user for years too. And non-tech people who get my e-mail immediately like (and ask about) the protonmail.com domain, which opens up an avenue to discuss privacy and the upside of non-Google products.
I used protonmail for a week, but i got tired of waiting hours and days for some emails to arrive. some we so late the verification links were no longer active. ugh, if only proton mail was up to par with Gmail.
I had similar issues early on but have been happy with Protonmail for the last year or so.
Is there a provider that lets you send emails from free format users on your domain? With catch all addresses the mail goes into my other@domain account. I use a different email address per site. Now with gmail if I want to reply with that account I first need to create it as an alias. If I want to reply from my phone it even needs to be a full account. Is there any way to fix this? Short of using mutt and write the from header myself?
I can do this with fastmail, though fastmail is a subscription (like $5/month? IIRC, mine auto renews every 2 years so not sure). I have my primary email setup as <firstname>@<lastname>.org. If you set your dns records correctly with them, that allows you to use without any ahead of time setup <randomtag>@<firstname>.<lastname>.org. Setting a different tag where I have <firstname> is can be done too, but you need to set those up individually.

replying to emails, I can change <randomtag> to whatever I want.

They also offer random domains that you can setup burners under, though that does involve some ahead of time setup.

Fastmail lets you create wildcard identities like this so you can send from any username at any domain you have with them, but if you are sending from a third party app you usually still need to set up the sending identity in the app itself, which is annoying. The email programs I've tried haven't let me type arbitrary addresses into the 'from' line.

Many programs won't even automatically reply from the same alias the message was received at.

I think most people are never going to choose ProtonMail, but it can be good for people who like simplicity and consistency. I don't need a million bajillion options, "plugins" or "apps" for my web mail. Just show me my emails, let me load attachments, and I'm good. That's why I pay for ProtonMail instead of Gmail. Well, that and all the other reasons to distrust Google.
I'm a paying customer (paid for 2 years upfront), and I only found out after paying that ProtonMail has an incredibly poor implementation of 2FA. All it supports is app-based authentication[1].

No support for U2F (FIDO) keys[2].

No support for sending SMS to phones.

In comparison, my Google account is protected with: (a) three distinct U2F FIDO keys that are stored safely in different countries, (b) three separate phones for SMS authentication (my phone, dad's pone, mom's phone), (c) lastly there's the authenticator app which I rarely use. This is so much more versatile and reassuring that ProtonMail's extremely-mininal 2FA implementation.

Also, ProtonMail has no excuse for not supporting SMS-based 2FA. They can send a SMS to your phone, when you setup a new account -- but for some reason can't do this for 2FA. Despite being a paid service, they trying to save on the SMS charges that SMS-based 2FA would incur?

[1] https://protonmail.com/support/knowledge-base/two-factor-aut...

[2] https://en.wikipedia.org/wiki/Universal_2nd_Factor

Not sure about the other stuff, but SMS 2FA is generally frowned upon for auth.. though obviously they've decided it's fine for the one time setup just as a verification on signup (not used as 2fa in that case, more like crude proof of identity). U2F has been a challenge for everyone from what I've seen.
I've been using Fastmail for more than a decade and I don't know why someone would trust something as important as email to a company like Google.
I second the Fastmail vote. I have been a happy user for... maybe 3 years now? A while at least. The web UI on mobile and desktop is second-to-none (I love not having an app) and the spam filtering is as good or better than gmail and the other big players.
My current yearly subscription to Fastmail was about to expire today. Didn't think about it for a second before I renewed it for the third year.
Because when it first was released, they were one of (if not the only) (free) email providers to give every user over a gigabyte of storage. At the time, most email providers only allowed mailboxes in the dozens of megabytes range.

Nowadays, everywhere gives you plenty of space, but for me personally, it’s just been the fact that I’ve been using it for so long and switching is a hassle. I’m sure it’s the same for a lot of other people, and for the majority, they probably also don’t care enough.

Dozens of megabytes?

Pretty sure Hotmail (which at the time was like 20% of all web traffic) was still offering a whopping 2MB of space when Gmail launched. It was only after Gmail came out that they started bumping the quota from where it had been since the mid-90s.

Gmail was a HUGE deal. People were going nuts over the invites.

I am not sure why would one trust something as important as email to any company. Register and use your own domain. Then you are totally free in your choice and switching is no problem
Downvote for expressing reasonable opinion? Google is that you?
I have fastmail bookmarked waiting for me to find some time to switch over my gsuite admin and some cname redirects off of Google's platform. It's definitely past time for me to get a little less dependent on them.
I transitioned to FFox myself. I occasionally have to use Chrome for work, and it's nothing I find myself missing. If Chrome is messing up your day, it's really easy to cut it out.
Sure, and I use it daily. But my frustration isn't about me particularly, it's about Google's increasingly hostile behavior. They're the 800-pound gorilla of the internet, and the way they behave affects all of us.
I've found the exact opposite to be true in my very specific experience. Five years ago I used every Google product under the sun, today the only Google product I use at all (even search) is Chrome because it's the only one I haven't been able to replace.

I try Firefox with a fresh install on nearly every major release and I keep it installed as a secondary browser, but I can never manage to use it as my daily browser. For whatever reason, none of my company's (major tech company but not a competitor to Mozilla in any way) internal web pages load in Firefox. No error, no warning, nothing in the console, just zero content. Blank page. I've tried it on two computers with the same result and just nothing. No extensions installed, nothing I've installed on my network or computer to block anything. It just doesn't load anything.

On the other hand I keep Firefox installed because Chrome refuses to load my dev environment with a self-signed certificate. Firefox will let me click "I accept the risk" but Chrome just refuses to load with a self-signed cert.

I'd love to use just one (preferably Firefox) but I guess the web is still hard to get right.

You can bypass the Chrome dialog by typing "thisisunsafe" in the error page.
That's a stupidly hidden way to go about it.
IIRC, the intent is that no one should be doing this and anyone doing it should be at least technical enough to figure out what they're doing and be reminded that it's a bad idea.
And instead many people will just do a Google search for "Chrome [insert error here]" and run the first command they find, while people like me will say "okay I'll just Firefox where I can click past this warning".
For what it's worth I've always been able to click straight through a self-signed cert on Chrome - in fact I just did it right now to log in to something internal. I am a nearly 50-50 split Firefox/Chrome user.

Are you sure you aren't sending HSTS headers that demand the site be TLS in some way?

Also, have you considered the slightly-saner way of doing it, which is making an internal self-signed CA, trusting that internal CA, and then having it sign the rest of your "self dev stuff" certs?

If it was HSTS it wouldn't load in Firefox, would it?
If it was HSTS it would not load in both, with no button to bypass.

If it was not HSTS you can click through a non-obvious button in both.

Well Chrome has no button and Firefox has a button, so...
Yeah, I actually think these sorts of strategies are clever. They're a way to protect normal users without outright barring power users from doing as they wish.

macOS operates in a similar way. I really like how the difficulty increases depending on the task:

• Want to allow one app through Gatekeeper? Instead of double-clicking the app icon directly, right click it and select "open".

• Want to turn off Gatekeeper for all apps? You need to open the Terminal and execute a command.

• Want to turn off System Integrity Protection? You need to reboot your computer into recovery mode and execute a Terminal command there.

Except for those of us who are finding out about it only via a Hacker News comment. As happened with this user, who seems, you know, sufficiently a power user to need that info. Even a "if you know this site to be safe, please read this knowledge base article (link)" and buried in that, amidst all the reasons you shouldn't use untrusted certs, are the instructions.
If you keep up to date with commits on the chromium code repo, you'd see them change it from time to time. For a while it was 'youshallnotpass'.

You probably shouldn't be using an opensource project without at least a cursory glance at the code anyway, especially as a power user.

You're kidding right? You look at every commit of every open source app you use, or that a closed source app is built atop? For me, off the top of my head, that would mean, yes, Chrome, Firefox, the Linux Kernel, Libre Office, Android, VLC...probably plenty more that I am unaware are open source, and that's not even considering the dev tools to do my job. When would I actually have time to have a life?
Exactly. Reading the source of every program you used was certainly possible back in the 80's when the FOSS movement started; but nowadays, with every program being millions of lines of code, it's implausible to get through all that and still have time to actually use the software.
Not to mention background updating. I don't even know when Chrome has updated half the time, unless something stops working.
If you're on OSX/macOS (what a silly rebrand) then if you look in ~/Library/LaunchAgents (and possibly /Library/LaunchAgents and /Library/LaunchDaemons) for any .plist from Google (or Keystone) in there and add

    <key>Disabled</key><true/>
under the first <dict> and then unload each file, e.g.

    launchctl unload ~/Library/LaunchAgents/com.google.keystone.*
The auto-updating stops and stop them reloading after a reboot/logon.
Im not sure a cursory glance at the 25 millions lines of code will do much if you dont already know what to search.
> Even a "if you know this site to be safe, please read this knowledge base article (link)" and buried in that, amidst all the reasons you shouldn't use untrusted certs, are the instructions.

I don't think that's a bad way to go about it either, if it's sufficiently buried.

I'm primarily just thankful there's a workaround, hidden or not, given how many tech companies seem to respond to these things by disallowing them completely.

> I don't think that's a bad way to go about it either, if it's sufficiently buried.

Just put it in the manual. If experience has taught me anything, it's that "normal users" never read the manual.

On the other hand these stupid dialog tricks are why I stopped using Chrome. I'm not an idiot and I know what I'm doing. It's pretty arrogant to assume that I shouldn't be visiting my router's configuration page just because it uses a self-signed certificate. I don't care to set up an X.509 infrastructure at my house, thank you. Please stop mollycoddling me.

Firefox continues to do a good job of just letting me visit the damn website after warning me.

I'm confused - Firefox and Chrome act completely identically to a self signed cert for me. Both let me click through after looking at the cert or expanding a section. I have never been "blocked" by some hidden modal unless the site chooses to be HSTS-enforcing, and in that case Firefox does not allow a clickthrough either.

Both examples on latest current, taken right now:

Firefox: https://i.imgur.com/4VMjDZ4.png

Chrome: https://i.imgur.com/YosvXEu.png

For HSTS, both Firefox and Chrome act identically and do not allow clickthrough: https://i.imgur.com/WPCTep1.png

Youre confused because you're not using Chrome on OSX: on osx there's no "Proceed to <website>" option.
I'm now even more confused: https://i.imgur.com/jl9agwG.png
You’re right to be confused because I’ve never seen a rhyme or reason to it either. I generated a cert using OpenSSL’s command line tools and told Django’s manage.py to use my self-generated cert and it works in Firefox but not Chrome.

It did work in Chrome. And then after an update it didn’t work anymore. I don’t know why and it seems like no one else here does either.

I was literally going to say that at one point that screen didn't look like that, and it appears it still doesn't but only sometimes.
Your router's self-signed cert can be imported into your browser and trusted from thereon — that will also stop any potential attacks from someone pretending to be your wifi ap nearby because I am pretty sure you are not double-checking the cert fingerprint every time you visit the router's admin interface. Provided you were not MITMed once you added the cert in the first place :)
At least Chrome lets you use that trick to bypass an hsts error message. Firefox won't let you.
Reminds me of the default admin password for an app I've worked on... "You should change me."
> No error, no warning, nothing in the console, just zero content. Blank page.

Have you tried disabling the tracking protection, maybe it's mistakenly blocking some JS?

Try sending your company's internal sites a Chrome User-Agent from Firefox. There are extensions that let you do this.
I was doing that but it does break things so you need to remember you're doing it. For weeks I wondered why Slack wouldn't work via my browser until I found it was loading some Javascript only when UA was set to Chrome, and that was breaking something.
Assuming you are on a Windows domain, since they are able to control your Chrome. Chrome uses all the built in Windows settings. Have you check for proxy settings in internet options? Firefox I believe still uses standalone settings, and will need to be configured manually.

Other thing they could be doing is adding certificates to the Windows certificate store, that Firefox does not trust. Though I expect you would see an error about invalid certs in that case.

Wouldn't the fact that your company's site doesn't work on Firefox need to be filed as a bug on your site's bug tracker?
You’re assuming I have access to my huge mega tech company’s website’s bug tracker. I do not.
The only Google product I still use is Android. I won't switch to iOS, that's like cutting off your nose to spite your face. Sadly, the FOSS alternatives do not support Blackberry phones, and for physical reasons I _greatly_ prefer a real keyboard.
I have a firewall appliance at home.

One day I noticed that some of the stuff I blacklisted (mostly ads) started showing up again.

Why? Firefox's new DNS over HTTPS was bypassing all my firewall DNS rules.

> Firefox's new DNS over HTTPS was bypassing all my firewall DNS rules.

A misstep by Firefox, though it was done with genuine intent to safeguard users (as opposed to just being spun that way). Though they've walked it back it still needs to be opt-in or be trivially easy for average users to opt-out.

I switched from Pushbullet to Join and one of the hurdle the dev is having is that something regarding push messaging was severely lacking in Firefox compared to Chrome, hence the lack of an extension for it on Firefox.
Do you know any more details about what's lacking?
I switched when Google killed of ublock origin in Chrome. Firefox is quite nice these days. I just use chrome for development because I'm more familiar with their dev tools.

I will very occasionally find a site that's broken in Firefox and works in Chrome though.

Check out Vivaldi, never looked back (chromium based so same dev tools, though admittedly I do.my dwv in edge these days just to keep stuff separate)
uBlock Origin isn't killed. Some changes are proposed, however.
It's nerfed into uselessness. Last I checked it's restricted to just url blacklists.
Firefox is actually a significantly better browser on GNU/Linux. Chrome is pretty awful.
Firefox’s security is a lot less than that of Chrome.
Firefox gives me much more control than Chrome and that makes it much more secure.
Here is a button. You may now decide if you want to push it.
Hard to quantify, but neither Firefox nor Chrome were compromised at Pwn2Own this year. The sandbox architectures are very similar now. Chrome's still ahead in having a slightly tighter sandbox and already shipping process-per-site, while Mozilla is working hard to catch up on those. Firefox gets a slight advantage from using Rust in some places instead of C++. I'd say Firefox security is still behind Chrome but in practice not by "a lot".
elaborate on the ublock nerfing?
Chrome's Extension v3 API will remove the ability for uBlock Origin to filter web requests in code, instead the application will have to submit a list of URLs to filter to an internal API and this list has a maximum size and limits the flexibility of the URL filtering.

See the uBlock Origin author's post: https://github.com/uBlockOrigin/uBlock-issues/issues/338#iss...

This is ironic, because uBlock implements an extremely efficient filter and is even looking into using WASM to speed it up even more. Google's public position is that implementing functionality in JS or WASM is unacceptably slow. They say "[Preventing or weakening ad blockers] is absolutely not the goal. In fact, this change is meant to give developers a way to create safer and more performant ad blockers."[1]

Google's public position is also that WASM is "consistently fast"[2], fast enough to rewrite Google Earth to target it[3], and "It's entirely feasible to build a complex code-base to run performantly in the browser using WebAssembly"[4].

So which is it? Is the Web Request API being deprecated because it's not possible to write performant code in extensions using Chrome's powerful JS and WASM engine, or is it possible but there might be some other, different reason that they're blocking it?

[1] https://blog.chromium.org/2019/06/web-request-and-declarativ...

[2] https://developers.google.com/web/updates/2019/02/hotpath-wi...

[3] https://blog.chromium.org/2019/06/webassembly-brings-google-...

[4] https://developers.google.com/web/updates/2018/08/wasm-av1#f...

> In fact, this change is meant to give developers a way to create safer and more performant ad blockers.

Imagine anyone actually believing Google is trying to help ad blockers. What a dumb thing for them to even say.

These days Google's core value appears to be a Kafkaesque hypocrisy.

They promote efficient websites to increase ranking with their search algorithm, while operating ad services that bog websites down. Not to mention the whole AMP business where they looked at Facebook and developed a severe case of walled garden envy after previously being a champion of open web standards.

> They promote efficient websites to increase ranking with their search algorithm, while operating ad services that bog websites down

The online-advertising economy that Google operates in does slow-down websites.

Google's own ads, don't. AdSense ads are loaded asynchronously and I've been happy to run them on my websites. Google Analytics is also fast and light.

It's other scripts that bog things down - right now on my most AdSense-laden webpage the real killer is ZenDesk's chat widget - even when loaded asynchronously it still blocks the page render and pulls in over 600KB of resources, which is ridiculous: https://support.zendesk.com/hc/en-us/community/posts/3600042...

> Not to mention the whole AMP business where they looked at Facebook and developed a severe case of walled garden envy after previously being a champion of open web standards.

I'm not a fan of AMP either, but you don't have to use Google's AMP cache CDN to use AMP - it may surprise you (as it surprised me!) to learn [that Google endorses Bing's AMP cache](https://amp.dev/documentation/guides-and-tutorials/learn/amp...), for example (Google owns and runs amp.dev) - but I won't be happy with AMP until it's possible for people to run their own AMP CDN/caches.

That said, I fully understand why original-content providers aren't keen to adopt AMP: because it restricts the kinds of advertising displayed in a page and restricts monetization, and means you have to trust your CDN to accurately report pageviews.

Why? When Apple made the exact same change in Safari, they also gave these reasons, and everyone believed them.
Apple doesn't make their money selling ads.
uBlock Origin is not available for Safari in its original form. It only exists as a (somewhat neutered) fork that's basically dead[0].

There's a disconnect in the sense that a lot of people think that adblocking in Safari is fine, even though it is pretty objectively less capable than Firefox/Chrome in this area right now. There's no disconnect in saying that Manifest v3 is going to hurt adblockers, because the same changes in Safari also hurt adblockers, and (as of last time I checked) Chrome's proposed changes go even farther than Safari's did.

But in general, yes, you should already be avoiding Safari today if you want to use the best adblockers on the market. Safari suffers from the exact same problems, that's why I use Firefox even when I'm on a Mac -- because the adblockers and security extensions for Firefox are just a lot better.

https://github.com/el1t/uBlock-Safari/issues/158

> The recent nerfing of ublock origin has already had me feeling iffy on things.

What did they do to ublock origin? The single best Chrome extension ever. If it stops working and I must suffer YouTube ads again, it's bye bye Chrome.

(comment deleted)
(comment deleted)
They're going down the Safari line of limiting the number of rules an extension can use, significantly reducing the efficiency of adblockers.

If it goes as planned, you won't see ads on YouTube for sure, but there likely won't be enough space to add rules for less mainstream ad networks and some of the specific sites you visit.

It's a lot more than just limiting the count; expanding the count would not offer equivalent functionality. Basically they're hobbling adblockers' ability to compete in the arms race, which makes sense as Google is an advertising company.
If Youtube ads mean that much to you, why not just pay for it? I'm all for ad blocking (I use ublock too) but if I heavily use a site that offers me a way to pay a reasonable price, I think it's the right thing to do. Uploaders with monetized videos still get paid that way (and I don't want to bother with Patreon etc, that doesn't nearly scale to everyone I watch videos from).
I pay for youtube premium. But I still want fully powered ublock origin.
Eventually there's a whole deal of stuff you end up paying for, a few bucks at a time. I draw the line somewhere. Ads are one such line. I won't watch them anyway, so their only purpose is to annoy me -- and I tend to swat away annoying things.

Never let anyone make you feel bad for blocking ads. It's the right thing to do.

Google is the new Microsoft. Using it is mandatory, liking it is optional.
Using it is not mandatory, using it is convenient.
To me it is far less convenient. I have to establish some kind of system that makes regular backups in case google elects into banning me.

With Apple ecosystem that is not a problem because every single cloud tool they have supports “download everything locally” option

I whole-heartedly agree and this is why I give money to AWS and Azure will not give any to GCP until the lack of transparency and random product killings stop.
So many people claim for change, but so few migrate to Firefox, DuckDuckGo, or another alternative.
I switched to Firefox because of Google banning Bypass Paywalls extension that is available as a Firefox add-on. When I was building my bootstraped company, Google really taunted us with emails like this, when our AdSense monthly earnings reached $10,000 and we're my only source of income. We had 20 million user profile pages, and they were saying that something is wrong with some of them, without saying what, forcing us to "review" them all. We built sophisticated ML content filters, to receive more unspecified warnings and get the account shut down. I managed to reinstate the account, but it left a very evil taste. I am in the process of degoogling, using Bing as the default in Firefox.
You should have stopped using chrome years ago. What will it take for you to wake up?
It's not about just me. I use a half-dozen different browsers during my work day. It's how the provider of the world's dominant browser is behaving, with ramifications that affect all of us.
> I need functionality, of the type PushBullet has provided for years, to do my work.

If you can use the Apple stack this functionality has been built in for years and is pretty robust.

Just FYI as you say the functionality is needed — I know this won’t help if you can’t switch to Apple

They blocked ublock origin?! Really?! What was their stated rationale (I assume they didn’t admit it is because they want people not to block ads)? Might I suggest using Firefox? I use it and don’t have any trouble with it.
It would be interesting to hear Google's actual reasoning but I don't expect that we will. I will speculate that it is exactly the clipboard permissions as there have been apocryphal reports of Android apps and web extensions that use this to steal passwords that password managers put there for users to "paste" into their pages.

If that is the case, then a much better solution would be for Chrome to implement a secure channel for password managers to use for just that purpose and make access really really explicit. But again, without them saying anything we won't know.

My advice is to watch for a CVE regarding sniffing sensitive data off the clipboard to surface in the next 30 - 90 days.

> this kind of behavior kills my desire to continue using your products dead

Having already moved to firefox for over a year since quantum came out, what are you waiting for?

If you haven't switched to Firefox, you should! There were a few things I didn't like at first, but after searching StackOverflow and blog posts for how to change the settings, I am now fairly happy!
(old dude here) I knew this attitude was coming when i saw the billboards recruiting PhD's back in 2008 (or so). I figured they'd be completely infected by arrogant (but clever) twats around 2015. i believe my guess proved to be true and it's been getting worse ever since. also, the fact that their (organic) search is so awesome also-also that they were allowed to buy Waze, ffs, get out of my life!.
Can you elaborate on the ublock origin nerf?
I've been using PushBullet for years. Great product! It's not fair what big companies are doing to what it seems to be, prioritizing their own features over third party well-built products. It's abusive.
Slightly related, Google is also tightening up Android 11 location permissions (with good reason). In this blog post[0] they outline a process for getting approval that was supposed to be underway by the start of May.

So far I have not been able to locate this form nor have I been able to find any Android developers who have.

If anyone here knows where it is or what the deal is, please let me know.

[0] https://android-developers.googleblog.com/2020/02/safer-loca...

The SMS access process never worked after it was introduced in a similar way several years ago now. Google even put some minority groups in significant danger to their safety as a result.

Nobody at Google gave a shit and it was never fixed.

Have been through a similar experience.

Developing extensions for Google Chrome is a particular form of masochism. They really don't seem to care. And things took a turn for the worst last December when the approval process went from hours to weeks.

Check out the Chrome Google group for a sample of the lost souls who hitched their wagon to the Chrome platform and now cry futilely into the abyss for support: https://groups.google.com/a/chromium.org/forum/#!forum/chrom...

This one looks particularly relevant: https://groups.google.com/a/chromium.org/forum/#!topic/chrom...

It seems like all extension developers play the same game of guess-and-check to find out which permissions they should remove, and the unlucky ones get banned for trying too often.

When I read something like this I have to assume Google is just trying to kill off extensions, it's such a glaringly obvious problem there's no way any human has seen and okay'd it with good intentions.
I'm the person at $dayjob who has to chart a course through the recent chrome web store changes and this is honestly my conclusion too.

These extensions don't make any money at all for Google, in fact some of them lose money for Google (privacy oriented extensions, ironically.)

They are a security nightmare for Google, capable of side channel browser attacks or direct abuse via a permission (all_urls permission can read your emails to grandma.)

Google doesn't want extensions to exist, and they also can't outright kill them without creating a new foothold for their competitors in the browser wars. So we get this intentionally masochistic process change. Jump this high or we'll ban you. Now jump higher but with your eyes closed. Okay, now backflip or you're banned. The extension developers have absolutely no power to fight back.

This is sad but they're just responding to market hysteria on permissions.
The general idea of "please limit the permissions you request", maybe. The secrecy about what they don't like isn't part of that, that's just Google's preference for keeping things vague.
> but they're just responding to market hysteria on permissions.

And responding poorly.

What the market wants is for companies to lay out understandable policies that protect their privacy. People I know want more clarity about what's happening in the extension store and on their devices, not less.

As a consumer, it doesn't make me feel any better for Google to say in vague terms, "we booted off an app that doesn't respect your privacy." Okay, what was it doing? Are there other apps I should be concerned about? How bad did the app need to get before you booted it off? Are there exceptions to these standards? Are they being applied to internal apps as well?

My feeling is that Google's inability to communicate with developers and users is its own problem; it's not the market's fault. Tech companies in general have had difficulty with customer support for a while, even before the media started picking up on privacy issues. Nothing has really changed, Google just happens to be notably bad at this.

I'm not mad about them increasing scrutiny on permissions, that seems fine. What sucks is Google giving a short deadline, no details, and zero response to the developer's repeated communication attempts; all with the threat of Google nuking every single Google resource tied to the developer if they step over some invisible line.
Does chrome already offer features like PushBullet? Firefox somewhat does with Pocket, so I assume chrome has something similar.

If they do offer something of the sort, or start to shortly, this seems like a perfect antitrust case.

Zero chance this will happen without a much bigger party involved
Under the Clayton Act, the Sherman Act, or both? Is this a legal realism commentary on the comparative cost-benefit of civil antitrust litigation in modern America?

Or are you just pretending you know things to feel good on the internet.

I was going to respond in earnest, but then I read the second paragraph. If you want a civil discussion you might hold the insults next time.
Chrome extension developer here.

Google ripped my Chrome extension off the app store about a month ago.

I got a similar cryptic message, and then I scrambled to fix it, like you're doing now. Somehow my extension reappeared the next day.

Email me pat [at] trypigeon [dot] co and I can send you some of the things I did that maybe have helped.

Tweeting my support as well: https://twitter.com/thepatwalls/status/1260638967793242113

> Email me pat [at] trypigeon [dot] co and I can send you some of the things I did that maybe have helped.

Please post here so everyone else can learn too.

I assume GP is trying not to help those the automated system intends to catch
That's a lot of good faith you're giving these automated systems...
Or, of course, said poster would like the maintainers of the automated system not to realise the workarounds for their system. :)
Haha, my "workarounds" consisted of being persistent with a few different support emails I found, posting on the Chromium support forums, and a few other things. Pretty boring stuff, and I'm not really sure that it even worked.

Weeks or months from now, I'm sure someone will get their extension removed from the store, and may come across this post scrambling for a solution. If that's you, please reach out to me and I can send you the support emails and everything I tried.

> trypigeon [dot] co

Unrelated, but you got multiple ids with value 'feature-1' on your landing page.

I had a similar experience but it wasn't important to me and I let it go despite being a growing extension with 10s of thousands of users and lots of good reviews.
I have written about this recently on the Android side.

https://medium.com/@lazherrera/that-one-time-google-made-it-...

If you use any of the words related to the COVID-19 pandemic, they will pull your app, suspend you and ding your account.

I tried to follow you link but just get prompted to make a medium account.
Google has effectively created a private monopoly on any Android applications related to Covid-19. And the last time this sort of information was posted to HN the comments section was a race to see who could do the best apology for Google.

This policy by Google is hurting people and businesses.

Meanwhile, Apple has a similar policy but all they do is just take extra care when reviewing your app. I suggest you port your app to iOS and submit it to the App Store. Apple will accept it and approve it.

A monopoly is the only logical path to take when, you know...they go around claiming they know nothing about an app to support the US govt .../s
"Sign in to view this draft" :/

Seems like you hit the wrong button or something, when trying to publish it.

What kind of people make these decision at Google? Engineers? Or did they automate everything with "machine learning"?
It's very automated, especially during the pandemic when many of the content moderators can't go to work.
Yikes! I've used PushBullet for since several years and I can't imagine not using it.

I can understand why Google is doing this though. They have a "Send to device" feature in Chrome. Killing the top 3rd party app is the perfect way to grow adoption of their new & in-built feature.

"Do no evil"

You know, at the very least it would be nice to get something a bit more direct, like, "We are no longer permitting extensions that do X on our marketplace", or heck, even just a "We're permanently rejecting this for unspecified reasons."

But if that's what you're doing, don't claim that the extension is being rejected for "overbroad permissions". I understand that Google may not literally come out and say "We've decided to eat your extension's functionality and you can just burn." But don't lie about why it's being rejected... however much you may wrap the result up in marketingspeak, don't actively lie about the reason for rejection, so that someone can burn the candle at both end for two weeks futilely trying to appease the lying error message.

As for the fact it may not look that great no matter how much marketing-speak it gets wrapped up in for Google to just eat some functionality and kill all competition... yeah, well, suck it up Google. Don't lie about it. I mean, you can always spin it as security security blah blah security if nothing else, which ought to be enough of a fig leaf.

Outright admitting this may cause issues with antitrust laws.
Neither here nor there but it was "Don't be evil", never "Do no evil". The latter evokes the Hippocratic Oath and sounds virtuous, but the former is a somewhat tongue-in-cheek reference to the (at the time) megacorps they wanted Google to not be like.

(Mind, they're arguably not complying with the "Don't be evil" version either, especially lately.)

Any reason that Google doesn't give reasons and ways to comply?

I haven't ever had to deal with a Google person regarding Android development, but when I built stuff for Blackberry (miss that company), they always provided nice and detailed feedback. Blackberry famously let legal influence design, so I would be surprised if it was a cover your ass thing.

Because they are attempting to automate all of it. This message is generic and based on some analysis of the "manifest.json".

They have also turned off all reviews in the Chrome Web Store: https://news.ycombinator.com/item?id=22935092

Huh? They turned off reviews because a worldwide pandemic eliminated their ability to maintain staff to moderate reviews. That's the opposite of "automating it".
I'm not saying that's why they turned them off, just another sign that Google is not investing time/money/resources into the Chrome Web store.
Huh? Moderation is one of the easiest tasks to transition to a work-from-home model.
> Blackberry famously let legal influence design,

Do you have a source or link for this at all for further reading? A quick search doesn't turn up anything, but it sounds like a great read

Famously might be too broad and a bias from my own experience. I went to school in Ontario and knew a bunch of Blackberry interns and employees and people generally know a lot of absurd stories about RIM.

An intern who I went to school with told me about how legal once chose the colors for a dashboard he worked on as they did not want to seem to be copying some other company.

A co-op complained about them being in every meeting and constantly shooting stuff down.

The one written reference to it I know about was in a 2011 open letter.

https://bgr.com/2011/06/30/open-letter-to-blackberry-bosses-...

Most likely an automated system to prevent abuse. For a company that takes pride in their machine learning they sure do have a lot of false positives.
(comment deleted)
This is a good extension but here is a cool hack I've discovered that let's you do this anywhere without any chrome extensions:

- Create a new whatsgroupp called 'ping self' and add your friend to it.

- Then kick your friend out from this group

- Open web.whatsapp.com and now you can access your messages, files, photos across any device anywhere, anytime! (telegram also does this and allows file up to 1gb)

For the more limited use case of “get a link from a desktop to my phone right now” I have really enjoyed using an extension on the desktop browser that pops up a QR code linking to the current tab. Then I just point my phone camera at the QR code on the monitor to open the link on my phone. I like this setup because it doesn’t require any pre-configuration to link the desktop and the phone. Your friend sitting next to you can scan the QR code too.

I’m not linking to any specific QR code extension because I haven’t audited them for privacy but it’s easy to find one that claims to generate the QR code locally.

I use

  wl-paste | qrencode -s 20 -o - | display -
for this purpose. Shows the contents of the current Wayland clipboard as a QR code. For X11, replace `wl-paste` with `xsel -b`.
Oooh nice. Better yet, you can show that QR code directly in the terminal:

  qrencode -t ansiutf8 google.com
Looks identical. In WSL, you can use 'powershell.exe Get-Clipboard':

  powershell.exe Get-Clipboard | qrencode -t ansiutf8
I use Slack for this, using a chat window with myself.
My issue is that whatsapp really compress the photos. But decent workaround.
What about SMS from desktop?
I've replaced Pushbullet with Telegram as I already use it for daily communication.

Telegram's built-in "Saved Messages" is where I share links, files, text snippets, photos, etc. for follow up and archiving; seamlessly between my devices and the Telegram desktop app.

Telegram also has an export feature, so I can backup all (thousands) of saved URLs, messages, media files, and so on for offline safe keeping; both in human and machine-readable formats.

Chrome extension developers should start hosting them on Github.

I use a flavor of Chrome called Ungoogled Chrome (https://ungoogled-software.github.io/) and the only way to install plugins is to manually install the CRX file.

It is a common theme with Google, what they do makes sense, but communication is impossible.

I don't know if it is an artifact of overusing machine learning "our neural network trained on a variety of malware gives your app a score of 4.3, you have 15 days to get it down to 4.0". How is that calculated? No one knows, maybe you shouldn't use the location permission if your icon is red and your domain is not in .org, or something like that.

Or maybe it is a form of security by obscurity. Or maybe they just don't want to pay for people to support you. Who knows?

It's that last one. Chrome Extensions, as a whole, are a value-add to Chrome. Individual Chrome extensions have negligible added value.

As long as Chrome isn't killing extensions "everyone cares about," their system can bias pretty far towards making it had to get an extension accepted and maintained in the store without killing the whole ecosystem.

> It is a common theme with Google, what they do makes sense, but communication is impossible.

You could say the same about some machine learning algorithms.

As much as we can criticise Google's handling of this situation, the fact that the developer was able to reduce permissions from accessing data on _all websites_ down to _their website_, as well as tighten up a few other permissions, shows that Google is correct that the extension is asking for more than it needs.

I hope the developer finds another load of permissions they can tighten up, resubmits, and is approved. As long as it results in permissions being more correct this is a very positive thing for users because for every PushBullet there's hundreds of attempts at malicious Chrome extensions that are abusing permissions.

I really did try to call out the benefits that happened when I was told to "give permissions another look". Like all software, needs change and I was able to make a great improvement.

The issue I have is that it's not clear if I'm even addressing the correct issue(s). If I don't make the Correct change, all other changes are irrelevant since they'll never get published.

Yeah, it's crap that they didn't give you guidance, although it seems like you managed to find plenty of issues quickly so perhaps the guidance is less necessary than it might seem.

Ultimately you know your extension, codebase, and use-case, far better than Google does, so it may not really be possible for them to give you the detail that you're looking for – you may be the only person who can do that.

I hope that they provide the support you need in understanding the problem to the point where the extension can continue to live on the Chrome store.

Permissions seem to be a pretty empty metric if you don't' know what the result is...

What was the impact of fewer permissions?

Let's assume PushBullet was doing something bad with some of those permissions and gathering data? Do they no longer have access to that data? I'm not sure that's the case, permissions alone don't determine that.

If PushBullet wasn't doing anything bad, did anything change?

Is it a positive thing for users when the extension disappears in a few days?

Why can't Google provide support instead of vague threats? Provide a permissions audit tool, recommend ways to reduce permissions, provide a dev tool to automatically report on permissions that haven't been used while running an extension.

Is banning someone's entire Google account across all services a proportionate response to a developmer having trouble with Google's confusing permissions API?

Usual answer is that this would make it easier for malicious actors to bypass the limitations.

Likely there is some automated system running these checks.

Security through obscurity is no security at all.

Edit - this is a basic principle of security: https://en.wikipedia.org/wiki/Security_through_obscurity

Anti-cheat through obscurity on the other hand is absolutely a thing.

As a metaphor, there’s a damn good reason you can’t just pay an Olympic anti-doping facility to test your urine; it would be trivial to develop protocols that evade the tests if you could do that.

If anti-cheat through obscurity worked, there would be no cheaters. The fact that cheaters exist means it does not work.
Your logic does not follow.

There are certainly less cheaters than if there were no anti-cheat methods. To use OP's example, an open source urine testing procedure would be trivial to game. The same thing goes for open-source multiplayer games.

This is an all or nothing fallacy; the standard is not 100% success. It’s bit like saying “all locks can be picked, therefore they’re useless”.
That’s not what we’re discussing though. We’re discussing if anti-cheat through obscurity works, and I’m saying if it did there would be no cheaters. Instead companies have to build technology solutions that also don’t work 100% but that’s beside the point.
What next - if philanthropy worked there would not be any poverty in the world. So let's stop all philanthropic actions.
> it would be trivial to develop protocols that evade the tests if you could do that.

If it's trivial to evade the tests, then the tests are inadequate in the first place, and should not be trusted to be accurate.

Likewise, if an anti-cheat system relies on obscurity in order to not be bypassed, then it's a crappy anti-cheat system (and, mind you, would be far less necessary if multiplayer games didn't have a fetish for trusting the client to do potentially-exploitable things instead of insisting upon server-side validation, but I digress).

And likewise, if making your policy publicly-known will result in people skirting around the spirit of that policy, then the policy is poorly-written and should be rewritten to better reflect the intent.

Security through obscurity is not security. Full stop.

>> As much as we can criticise Google's handling of this situation, the fact that the developer was able to reduce permissions from accessing data on _all websites_ down to _their website_, as well as tighten up a few other permissions, shows that Google is correct that the extension is asking for more than it needs.

OK fair enough, but why aren't the big violators held to this? (I realize this example isn't Chrome, but it is Google Calendar -- ever try to add a Zoom meeting invitation to your Google calendar? Zoom wants access to read and write all events ever on your entire calendar!

Extension developers monetizing their extensions by selling the data that they get from users is a big problem. It's the reason that I don't freely install useful extensions that I find today. I have no way to distinguish those who sell my data from those who dont.

I love that Google is starting to solve this problem, and from my perspective an extension that is sending and receiving SMS messages should not be requesting the ability to read and change all data on all websites that I access.

They aren't solving this problem, they're killing off extensions. And I say this having received many unsolicited attempts to "purchase" Chrome extensions.
I disagree. I think this practice could be seen as anti-developer, but it is pro-consumer.
The bit that improves user’s privacy is pro-consumer. The bit that removes user’s access to products is anti-consumer.
It's obviously a balance, but you could use that argument to allow any plugin on the store. It gives more choice.

I think it's important to remember that while PushBullet is known to many of us, is posting on Hacker News, is a valued part of "the community" in some respect, at Google scale this fact is not know. PushBullet is obviously good to _us_, and maybe just needs to tweak permissions a little, but to a reviewer at Google it probably looks very similar to the hundreds of extensions they may review a day, many of which may contain malware.

They have to use certain metrics to sort the good from the bad, and abuse of the permission system – intentional or not – is a pretty good one when you care about the end user.

(comment deleted)
You can freely sideload any Chrome extension it doesn't have to be on the Chrome Web Store
(comment deleted)
I often wish for a separate browser for consumers that are also devs. I'd happily lift the permissions for some open source extensions I'm using if that means better functionality.
I've noticed more recently of software products having an opt-in option for data collection
> I love that Google is starting to solve this problem

They aren't solving the problem. They are making sure only they can get all the user information.

I would rather give all my information to everyone rather than giving all my information to google.

"Solve the problem" ok, so you're starting that this selling only happens when a third party dev does it?

Do You have an android phone? Do You use google for anything? Gmail? Google docs/drive? Youtube? Chrome? ChromeOS? Anything google owns? Then they're selling your data.

Try reading all those fun TOS agreements that come with using any of the aformentioned products, or heck, visiting sites that use google analytics.that won't tell you how much or what data google gets from you, but it'll tell you that you agreed to it.

The big crime isn't the request to reduce permissions. The big crime is the lack of details and lack of communication. It's having to drop everything and work in a panic trying to guess how to please the faceless mysterious robot.
yeah, it would make way more sense to codify the policy and just tell devs that they are using banned functionality or something.
This exemplifies Google's reputation well.
I strongly disagree. If they were actually interested in this, they could simply tell the developers what to fix. This is beyond arrogant and counterproductive.
> I hope the developer finds another load of permissions they can tighten up, resubmits, and is approved.

You're missing the point here. The developer isn't given any guidance on what needs tightening. This shouldn't be guess and check. These rules impact this developer's livelihood. They should be well defined, documented, and communicated.

> These rules impact this developer's livelihood.

Let this be the millionth lesson of "the perils of building on a platform instead of on a protocol".

You misspelled "sharecropper".
I don't know why you are being downvoted, sharecropper is exactly the right metaphor.
Well they did give details on what needs tightening, it's just that those details are in the form of policy points not being hit.

What do you think they should be providing? Honest question, I have some ideas but they all feel very tricky/error prone to implement.

At the very, very least, they could identify which of the permissions are in violation and need to be made more restrictive, and which aren't. Someone at some point at Google clearly had that information when they decided to flag the extension, but Google's processes failed to ensure they communicated it.

For the record, I actually agree with you that this is a good policy and will be a positive outcome for users. But while you seem to agree that Google could have handled this better, you're not doing a good job of acknowledging just how developer-hostile Google was here, which is why you're getting a lot of pushback.

Most of the discussion on this link is about how Google is being developer hostile. I think that's getting plenty of attention.

> At the very, very least, they could identify which of the permissions are in violation

If they've flagged this through user reports of the permissions being too wide then they may not actually know which permissions need to be changed. This is purely speculation though.

> they may not actually know which permissions need to be changed

How can they not know? They decide whether the update is accepted or rejected, and there's somebody or something at google that makes that decision, so google has to know.

If they didn't know what permissions need to be changed, how is the accept/reject decision made? Something like "accept the fourth try if the developer makes it that far because it is probably an improvement?"

> ... may not actually know which permissions need to be changed.

Sure, the first notice may have come from user flags, and the motivation for those flags is unknowable.

But it's been rejected again, after substantial permissions pruning.

Either they know why they rejected the update, in which case they should tell the developer; or they don't know why they rejected the update, in which case they're holding developers hostage to an inscrutable black box.

Both scenarios are shitty.

Most of the discussion on this link is about how Google is being developer hostile. I think that's getting plenty of attention.

You are certainly within your rights to state things divisively if it pleases you. I was merely suggesting how you might make your point in a way people will agree with you.

If they've flagged this through user reports of the permissions being too wide then they may not actually know which permissions need to be changed.

Even if this were true,

1) what about the update that narrowed the permissions, surely Google knew which permissions remained in violation? Remember, it was the rejection of that update that prompted this post

2) user reports of permissions being too wide should also be required to identify the specific permission that is in violation. That would not only help the developer, but also help Google make the decision on whether to ultimately ban the extension

3) Google should have clearly stated in the initial message that they hadn't actually verified that the alleged violations are occurring

For comparison, some anecdotes elsewhere in the thread about how Apple attaches screengrabs and even decompiles apps to point to exact methods/lines of code in apps they reject from the iOS App Store, even small free ones: https://news.ycombinator.com/item?id=23170498
Disagree that G's motivation here is to reduce permission footprint, because:

- if G has the ability to automatically audit necessary permissions, they'd do it when you upload to the plugin store

- if they're doing this manually for popular plugins, then (1) they'd publicly certify safe plugins and (2) the interaction would be way more high touch

Plugins are inherently unsafe + require trusting the developer.

Could be malicious, or G may not even have a reason for this (it may be some forgotten dinosaur instinct to knock over other people's stuff when it gets too big).

Also, Google could just block the permission and let the extension developers deal. Even that would be less hostile because at least the developers would know what to fix.
> - if G has the ability to automatically audit necessary permissions, they'd do it when you upload to the plugin store

If they added it more recently then they are just back-applying it to an already existing extension.

Alternatively, you can report plugins as requesting incorrect permissions – I've done this. Perhaps that's what's happened here, lots of reports triggering an investigation.

I'm trying to figure out why that was their setting to begin with.

> We do not need to request access to data on https://*/* and http://*/*.

Was this not determined before, or they changed their minds now that Google is threatening to pull their product? Either they thought that was appropriate before, or they didn't think about it at all. Inexcusable either way.

Exactly. Not once in their diatribe did they provide a reason that they need those permissions. The fact that noone there knew why they were asking for those permissions in the first place is a huge red flag for me.

Why are they asking for https://*.pushbullet.com/*, http://*.pushbullet.com/*, and http://localhost/* read permissions? I suspect it's the localhost permission request that is currently blocking them.

And why in the world are they asking for the cookies permission? That's a big, fat nope for me. It's as if they don't understand what they are asking for and the potential implications of passing that data around so haphazardly.

These folks need to take another hard look in the mirror before they point the finger, because their own house is way out of order.

Yes, it seems pretty bad that by default they were accessing user data everywhere. Gross.
That's what you got out of it? Google doing a good job? They sent an email with no guidance whatsoever.

These guys went above and beyond what most developers would've done, which would have been to contact support until they get a clear answer.

This only alienates the extension ecosystem. And this was the primary reason I switched to Firefox. Google is the new Microsoft. If I remember correctly, they started Chrome exactly so this very thing wouldn't happen.

This is an unsafe extension that had access to every website but did not need it. Yes, that is what I got too.
As mentioned, I think Google have handled it poorly, but their fundamental position – that this extension is incorrectly using permissions – was significantly correct and may prove to be fully correct.

Google deserve criticism for the lack of clarity in the communication, they deserve criticism for the lack of human touch, customer support and many other aspects.

They do not deserve criticism for calling out incorrect permissions usage and forcing developers to do better.

It's confusing because whatever system (whether human or automated) they're using to flag permission issues has more precise detection abilities than they chose to expose with a simple "Permission is too wide - fix it".

The fact that the extension has over broad permission asks isn't good but I think saying their communication lacks clarity is underselling just how opaque they were with their feedback. It also concerns me a bit because it looks like their opaqueness might be an attempt at security via obscurity by trying to cloak what the rules actually are - which is a generally bad approach to trying to fight malevolent actors.

It's possible that the flagging has come from user submitted reports. In that case if Google trust the reports (and they have enough data about users to know if reports are likely to be genuine) then they don't necessarily need to know any more details.

Alternatively it could be vague to restrict the possibility of bad actors circumventing the letter of the rules without adhering to the spirit of them, or even just protecting themselves from legal repercussions (perceived or real).

Your later point is the one that concerns me. Organizations like governments have issues where the spirit of the law is valued over the letter due to inertial restrictions over revising the law - when it comes to private corporations the ability to restructure rules remains unless it's explicitly surrendered. In these cases keeping the set of rules exposed to the public (and even demoing changes) can allow revisions to those rules to increase their accuracy.

And, when you get right down to it, any rule that isn't well structured will be exploited by bad actors, people looking to roll out malicious browser extensions have a strong motivation to try and discover those rules with a high level of accuracy by testing them - only the good actors remain uninformed.

That may have been true for the first round, but after they fixed those permissions their extension was still rejected.
Do it properly or don’t do it all is my motto. They could have been more forthcoming from the start. This is mystery meat communication.

> the concealment of relevant information over basic practicality and functionality.

I agree mostly. But why shouldn’t the OP extension also be required to “do it properly”? Where should one draw the line?
My gripe is that you should always be specific making requests, especially if you dangle something like a complete block of your account towards op but then you don’t say what needs to be done to prevent it.

It’s like I tell you get me a book on computer science or Ill fire you you, but I don’t tell you which one. Also I won’t response to any questions from you.

Whether OPs extension made him think about it is simply an entirely different matter.

The problems with your argument are these:

a) the extension had been operating for years, unmolested by the Googlebot, with the expanded permission set

b) tightening up the permissions did _not_ solve the problem, indicating clearly that whatever the Googlebot was selecting for, it wasn't an incorrect use of permissions.

> They sent an email with no guidance whatsoever.

Did they, though? The email seemed pretty clear that the problem was requesting more permissions than necessary.

I'm no Google fan, by any means, but if it's that hard for the developer to check which permissions their own app is requesting, I don't know if it's Google's fault.

Google sent an email saying they were asking for too many permissions. Pushbullet was asking to observe all website traffic. Google's email was objectively correct. I agree that the second rejection is more surprising, but yes, the first email seems like a case of Google doing a good job. I have very little sympathy for apps that ask for too many permissions.
14 days is an absolutely egregious duration to get a response for a software change. A developer could be out on vacation for that long. Encouraging fast fixes is also irresponsible from a security perspective, which is what they are trying to fix to begin with.
Edit: I was the one who misread it. My mistake
> As I looked at the permissions and what our extension actually needs to operate, I noticed a great opportunity to reduce our permissions requests. We do not need to request access to data on https://*/* and http://*/*. Instead, we can simply request data access for https://*.pushbullet.com/*, http://*.pushbullet.com/*, and http://localhost/*. This is a huge reduction in the private data our extension could theoretically access. A big win!

They were completely in the wrong there, and posing a huge security risk to all of their users.

I disagree with you here because:

   1. The article contains more relevant information that you did not show in your point.

   2. Those relevant information made your point void

   3. I think your point make no sense on the relevant information.
There, I refuted your claim, you have 14 days to change it and show what you learned.
Please don't use that quoting style for non-code.
I can't wait till Google starts running contract tracing.
Good news! They won't. They're only providing an API to give everyone who needs to run contact tracing access to the Bluetooth Beacon system.

EDIT: /me wonders what "contract tracing" is going to be

It's inherent in what Pushbullet is doing that Google would not like it. It aggregates user data from multiple sources, including SMS, notifications, and chat, sends it to the Pushbullet servers, and sends it back out again. Only Google is allowed to aggregate data like that.

Fuhrer command! Suffer us to obey!

I am the proud recipient of many Apple rejection notices from the App Store (I have been releasing iOS apps since 2012). I have not had an app pulled, but I have had many rejections to submitted apps (the latest were received yesterday).

In all of the notices, Apple is usually quite explicit in what the problem is, including attaching screengrabs, and they will respond, if I ask them for further clarification.

I've seen cases where Apple will actually decompile/debug your app and point you the exact feature / method / line that they find unacceptable. Despite all of my other complaints about iOS ecosystem, they _do_ keep their App Store walled garden fairly well tended.
Out of curiosity, where those big name apps, or small ones? I assume that level of service is reserved or more important apps?
Not a tiny app by any means, but we were definitely small enough that we were surprised at the level of depth in their analysis.
I had Apple point out that I hadn’t yet added a TOS for a trivia app I was making; they’re very thorough.
Almost every rejection has been a matter of "process," like ToS, privacy policy, plist entries, etc.

In a couple of cases, they actually found crashes that I missed in my testing.

I should also mention another common rejection reason, so it's "out there."

Trademark use.

I have had apps rejected because I used a trademark (usually Apple's) in my app name or description.

For example, I had submitted an app called "Bluetooth 8-Ball for tvOS".

I was told that "tvOS" was not allowable. I had to use "TV".

This kind of thing has happened a few times. I casually use Apple trademarked terminology a lot, but I can't be as sanguine about it when I submit apps.

Full Disclosure: They also had a problem with the app being a "demonstrator" app. They don't want us releasing apps that they don't think we're "serious" about. They had a point, and I ended up withdrawing the app.

This is why I'm often amused when people gripe about the $99/year membership fee for the Apple Developer Program.
I consider it a "token" amount, calculated to be just enough to keep people that aren't actually serious about releasing apps out.

They sure aren't looking at developer account fees to hold their bottom line up.

It's low enough that I can easily keep two organizational accounts going.

As someone who gripes about it: I think $99/year is a perfectly reasonable fee in order to submit to the App Store. I just don't think it should be the only way to run my own code on my own phone (without jumping through the rediculous hoop of reinstalling an app every single week).
You just answered yourself. It's not a the only way to run your own code on your own phone. AFAIK that restriction is to prevent jailbreakers from easily sideloading paid apps as "their" apps on their phones.
But it effectively is! There is no way for me to make anything useful for myself if I have to connect my phone to a computer and reinstall the app every seven days. If I forget, the app suddenly won't open. If I go on vacation without a computer, the app won't open. The seven day thing is useful for testing, and nothing more.

If the goal is to prevent piracy, well, as with other forms of DRM I as a paying customer don't appreciate being treated like a thief. Dedicated pirates can and do just buy stolen enterprise certs on the black market anyway.

> If the goal is to prevent piracy

I don't think that's their goal.

I suspect that it's all about "brand reinforcement."

Apple is (arguably) the world's most valuable brand. Those don't come in Cracker Jack boxes.

They don't want some knucklehead running around, showing some crapplet that makes the brand look bad, and they certainly don't want them installing said crapplet on their friends' phones, so there's a bunch of folks running around, making them look bad.

This makes that a lot less likely. If they restrict it to paid accounts, then they have an assumption that the people writing the apps are "serious" about developing decent software.

I suspect that a big part of them buying up TestFlight was because they didn't want a company out there, making it easy to install un-vetted crapplets into a wide range of devices (which the old TestFlight allowed).

I have some experience with this. I used to work for a world-renowned corporation that made photographic equipment. Their brand is right up there, with Apple.

They would go nuts about sample photos getting out of the company. It was really difficult to report bugs, or even share test results, because the sample photos couldn't make our cameras look bad.

There's a great deal of controversy about Apple's iron-fisted control issues, but I do understand. I'm not always happy about it, but you can't argue with the results.

Xcode is free, Interface Builder is free, all the documentation for everything is free. I'm trying to get into Windows development and don't use Apple devices, but I agree $99 a year for everything Apple gives developers is not expensive considering the value and the cost of these tools on similar platforms.
They're "free" but you must buy Apple hardware to run them.
Someone from Apple got on the phone with me to explain a rejection. I was disappointed with the outcome but very surprised at how they were willing to talk about it and explain why.
I was able to get a couple of apps approved, but I have perfected my forelock-pulling and wheedling skills. I always deal with them very respectfully and deferentially.

Basically, I support Apple’s “walled garden.” It’s a pain to deal with, but it makes their App Store a lot more valuable.

There is a lot of loud, vocal, opposition to it, but the vast majority of regular (as in non-geek) people like it just fine.

I agree. While I wasn't happy with the outcome, I do respect it and would not do anything to actively work around it. Just pulled the feature and moved on with the app.

The fact that they took the time to explain and justify the rejection made all of the difference. I have been on the receiving end with Google and it's much more difficult to deal with.

Which pretty much blows up the idea that Google's vagueness is about security.
The fact that this team realized so simply that they shouldn't be reading data on every site the user visits while the extension is installed is deserving of a vague response from google. Sad really.