Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Chrome AdBlock dev pushes reassuring note to counter Chrome's scary extension warnings
The fact that Google Chrome supports extensions is great, but there's one thing I'd like tweaked: those somewhat-frightening messages Chrome displays about an extension's API access.
For example, there's Typing Speed Monitor, which I recently posted. When you install it, you'll receive the following alerts:
For example, there's Typing Speed Monitor, which I recently posted. When you install it, you'll receive the following alerts:
...which certainly might look scary to the average user. TSM's developer happened to stop by and post a comment to allay those fears, stating that the alerts appear "because the extension needs to use the chrome.tab.* API (which gives it access to the URLs you visit) and it needs to use 'content_scripts,' which are injected into HTML pages and can manipulate their DOM elements."
There's nothing to fear, however, because your data isn't going anywhere: "[Typing Speed Monitor] can't give that data to anyone else because it doesn't have permission to access other hosts."
Still, the alerts are off-putting and even give more seasoned surfers cold feet when installing an extension -- which is where the alert above comes in. Michael Gundlach, who maintains AdBlock for Chrome, used Chrome's extension update support to push a reassuring note to its users about an upcoming change.
I've seen the "requires more permissions" alert before from an extension, but I haven't seen a dev take the time to explain to users what's going on. It's a smart, thoughtful move by Gundlach. Until Chrome offers more insightful (and accurate) alerts, developers might want to follow this example to avoid accidentally scaring their users.
There's nothing to fear, however, because your data isn't going anywhere: "[Typing Speed Monitor] can't give that data to anyone else because it doesn't have permission to access other hosts."
Still, the alerts are off-putting and even give more seasoned surfers cold feet when installing an extension -- which is where the alert above comes in. Michael Gundlach, who maintains AdBlock for Chrome, used Chrome's extension update support to push a reassuring note to its users about an upcoming change.
I've seen the "requires more permissions" alert before from an extension, but I haven't seen a dev take the time to explain to users what's going on. It's a smart, thoughtful move by Gundlach. Until Chrome offers more insightful (and accurate) alerts, developers might want to follow this example to avoid accidentally scaring their users.
Comments
6
Subscribe to commentsminibarSep 26th 2010 12:10PM
of course the point is to alert people of the potentiality of as yet unknown vulnerabilities. it's mostly legalese and most people get that. while the alert is at first vaguely disconcerting, it is sequentially weakened as people either understand or ignore it. neglected is the benefit of a more secure architecture resulting from the gained awareness of a one shot security nag. i've grown to like these alerts because they remind me not install extensions of little worth but i find them practical. they're imprecise, but we don't need to know every detail to make a decision. the bigger deal for me is the non-mature chrome api that imposes such strict security measures.
GenericSep 27th 2010 4:42AM
While the warnings are necessary and I haven't written any Chrome extensions, it is only in this post that I read:
There's nothing to fear, however, because your data isn't going anywhere: "[Typing Speed Monitor] can't give that data to anyone else because it doesn't have permission to access other hosts."
The most important sentence that I found here was:
"[Typing Speed Monitor] can't give that data to anyone else because it doesn't have permission to access other hosts."
The problem with trusting extensions is that it is not made clear for non-programmers, the majority of users, what that extensions is allowed to do and correspondingly what it is not allowed to do. When I install a new extension I only get a message telling me what that extension does but I don't know where it stops. I have to rely on my intuition and worthiness of the extension developers. What might be restricted to someone might be permitted by another so I ask Google to explain it more to the average user what an extension is not capable of doing. Something like: "This extension will not be able to send information to the internet". My mother would appreciate that. She is not a JavaScript programmer.
jdOct 3rd 2010 8:54PM
"Until Chrome offers more insightful (and accurate) alerts, developers might want to follow this example to avoid accidentally scaring their users."
So, what should the warning say? Your post is long on criticism, but short on answers.
This is my first time here, but you seem like a typical know-it-all (but doesn't actually contribute anything) blogger.
Lee MathewsOct 3rd 2010 8:55PM
One sentence counts as "long on criticism"?
Also, thanks for the irony.
Michael GundlachOct 8th 2010 3:48PM
Hi, this is Michael, the author of AdBlock.
While the message in the popup was indeed to reassure users, the *primary* reason for the popup was that adding "tabs" permission would completely disable AdBlock, giving Chrome Stable users one shot at re-enabling (if they noticed the infobar that dropped down in whatever tab they happened to be in when AdBlock updated.)
Chrome Beta correctly leaves this bar around until you re-enable, but I envisioned hundreds of thousands of Chrome Stable users unable to understand why AdBlock suddenly disappeared.
I got quite a bit of heat from users for showing a popup to warn about this upcoming change, so thanks for the positive review! :)
DanOct 11th 2010 12:28PM
Thanks. Despite the criticism you got, I found this the only obvious site discussing the subject. I had to Google it when I started getting those unpleasant ads again, since I had in fact not been prepared to give the permissions at face value.