I worry we are heading towards a day when all electronic devices are jailed, and you have to jump through hoops to own and use "development" devices.<p>It's like we're taking away pens and pencils, since they can be used to mess up books, instead of teaching more people how to write.
Not sure if everyone is reading the entire article. Here are two relevant points.<p>> we’re enforcing the following changes starting in Chrome 33 Beta and stable channels for <i>Windows</i><p>> Users can only install extensions hosted in the Chrome Web store, <i>except for installs via enterprise policy or developer mode</i><p>This only affects Windows. Users who want to install extensions can still do so but the process has been made a little bit more explicit (i.e. do it via developer mode).<p>It sounds like this step was done to protect naive users who are not aware they are downloading malicious extensions.<p>Please point out if I am wrong in my assumptions.
> Why couldn’t this problem be solved by having a setting/option to load extensions that are not hosted in the Chrome Web Store? Unlike modern mobile operating systems, Windows does not sandbox applications. Hence we wouldn’t be able to differentiate between a user opting in to this setting versus a malicious native app overriding the user’s setting.<p>Sounds a bit BS to me. In what reasonable threat model the attacker can run arbitrary code on the user's system, but will need a Chrome extension to do nasty things? The attacker could just replace the Chrome binary altogether, for instance.<p>I understand that there can be conceivable security benefits as a result of this change, but I think the real motivation is control, not security.
There are extensions that are legitimate but can't be installed from Google's Play store because it breaks policy. For example YouTube options (<a href="https://spoi.com/software/yto/" rel="nofollow">https://spoi.com/software/yto/</a>), or the LastPass binary extension (might be wrong on that one).<p>Thanks to the toolbar-installing software on windows it gives a legitimate reason to Google to close the system down a bit more.
I'm not saying it's great news, but I really can see where they're coming from for this.<p>Note that they're only doing this for Windows. As someone who occasionally is roped in to providing tech support for a sibling who keeps installing malware - someone who <i>is</i> going to fall for those repackaged versions of VLC, or one of those 'your computer has viruses, click here to install Super Security 3000' or whatever* - I can tell you that malware for Chrome along the lines of browser toolbars and ad injectors are real and out there in the wild and being installed automatically by these kinds of things.<p>The computer has Norton Internet Security, of course. Which does sweet FA as far as I can tell.<p>* Note to self: Install AdBlock on that computer.
If you want to keep any extensions that you didn't install from Web Store, use the dev channel[1] of Chrome and they will work just fine. I use an extension and they warned me one month back to either install their Web Store version will fewer functionality or move to dev channel.<p>[1] <a href="http://www.chromium.org/getting-involved/dev-channel" rel="nofollow">http://www.chromium.org/getting-involved/dev-channel</a>
Yep, this is the last straw for me. The final drop of water that overflowed the cup.<p>I'm switching back to Firefox and will make a conscious decision to start deleting all my Google data. The tin foil conspiracy theorists were right all along it seems, I'll do my best to support companies that fight for my privacy and are open source.<p>Firefox, I'm sorry I ever left you - happy to be back.
I'm a little disappointed with Google. I understand the rationale behind this decision, however instead of improving their browser's permissions system, instead of doing a better job reviewing all those crappy extensions that turn to mallware over night (e.g. Window Resizer - and btw, Mozilla is doing a much better job), instead of all of that, they decide to drop the ability to install extensions from third-party source. I predict a similar change will also come for Android. Because grandmas need protection of course.<p>For several months now I have been torn between Chrome and Firefox, not able to decide which I like better, switching back and forth depending on mood. Well, I guess this settles it. I was already using Firefox on my Android exclusively, because it's the only mobile browser that has extensions, whereas Google decided that extensions are a nuisance on Android and even if they don't admit it, they probably hate the idea of AdBlock making it to Android.<p>Chrome has had a positive effect on the marketplace, but now the negative effects are starting to show up. Adobe for instance decided to drop the support they had for Flash on Linux and only support Chrome, so at present and going forward, if you want the latest Flash on Linux, you've got to use Chrome. My answer was just to disable it of course.<p>But do we really want a monoculture? Haven't we had enough with IExplorer 5/6? Are we really that dumb?<p>Either way, at the very least Chrome fans should start using Chromium, because the Chrome binary is not open-source and if you use it, you won't realize the true difference/cost between it and the competition. For example the PDF reader bundled in Chrome is something proprietary, whereas Mozilla bundled a PDF reader that's open-source, built in Javascript and that also works in Chromium - you see, whenever Mozilla does something, it usually benefits everybody.
I wonder if Chromium will enforce this behaviour (which is pretty anti-user) or will have an opt out.<p>I use both Chrome and Firefox interchangeably anyway so not using Chrome won't be a hardship.
I don't really understand the righteous indignation. The only way you can presently install a Chrome extension outside of the web store is by going to chrome://extensions in your browser, then dragging and dropping a crx file (packaged extension) onto this page. Chrome will stop allowing this. Why is that a big deal?<p>If this makes you mad, vote with your feet. Firefox is a great browser.
Does anyone know how this is supposed to protect users against AdWare and other bad extensions? I mean these are installed along other applications with a setup program anyway. Can't the installer just activate developer mode?<p>I guess there is a warning that shows up, but people will just ignore it (and once you've clicked through the UAC prompt the installer can do anything anyway, like hide the warning). And there is also the enterprise mode, can't the malicious installer just use that?
please correct me if i m wrong, but is the only way to work around this is to unpack the extension and use the developer mode?<p>Or did i just miss something easy - like turning a flag on somewhere? There are a few critical extensions, like youtube center (and a couple i've written myself) that aren't on the store.