Linked by Thom Holwerda on Sun 10th Jun 2012 22:36 UTC
Google So, Google has made it very hard to install Chrome extensions outside of the Chrome Web Store - out of security concerns. In addition, they sprung this on users and extension developers without much consultation or consideration for their concerns. As always - understandable to protect users, but the handling has an almost Apple-like bluntness to it. Next up: how to jailbreak your browser?
Thread beginning with comment 521527
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Side-loading can be re-enabled
by Alfman on Mon 11th Jun 2012 03:03 UTC in reply to "Side-loading can be re-enabled"
Alfman
Member since:
2011-01-28

jasutton,

Yea, it's better than apple's control. But google is weaving precariously on the line between open and closed. I am extremely disappointed they're using a "security" excuse to justify new restrictions, which users won't know how to bypass. A better approach would have been to give users better tools to view/limit what extensions can do and just set the defaults to restrictive.

Reply Parent Score: 2

darknexus Member since:
2008-07-15

I am extremely disappointed they're using a "security" excuse to justify new restrictions, which users won't know how to bypass.


Speaking from tech support experience, I'd say if a user doesn't know enough to google for that switch, they have no business side-loading. The more checkboxes you give users, the more they will check out of annoyance just to avoid the alert dialogs, and then your security becomes null and void. I'd agree that having this switch is a nice compromise, and it's not as though you have to hack your browser to enable this.

Reply Parent Score: 6

Alfman Member since:
2011-01-28

darknexus,

"Speaking from tech support experience, I'd say if a user doesn't know enough to google for that switch, they have no business side-loading. The more checkboxes you give users, the more they will check out of annoyance just to avoid the alert dialogs, and then your security becomes null and void."

The spread of malware happens because users lack the tools to make informed decisions. Often the choice is between "run" and "do not run" and the only information presented is to identity the software. Even knowledgeable users will be at a complete loss to know if something is harmful, so I fully agree that this type of security model is flawed. But I disagree very strongly with the "remedy" of a walled garden (even if more savvy users can disable it). It'd be both more open and more secure to add metadata about what the extension does and then enforce it in a sandbox. Given the right tools & information, users may be even more secure than simply trusting everything in google's repository.

Reply Parent Score: 2