Clarification on "Announcement: Clarifying Our Extension Policies"
241 views
Skip to first unread message
tweak support
Jun 29, 2021, 2:30:02 PM6/29/21
to Chromium Extensions
Hi team,
Deceptive Installation Tactics Update
3. The outcome of any user interaction should match the reasonable expectations that were set with the user.
We've just received the announcement on extension policies. We are not clear on one of the points; perhaps someone could elaborate a bit more on this.
3. The outcome of any user interaction should match the reasonable expectations that were set with the user.
Thank you!
Cuyler Stuwe
Jun 29, 2021, 2:35:21 PM6/29/21
to tweak support, Chromium Extensions
Maybe it seems confusing to you because your product seems to be developer tools with fairly abstract functionality… but I wouldn’t overthink it.
Basically: “Don’t ship broken software and don’t do anything malicious.”
It’s a judgment call.
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/5ac95c17-1b9b-47d7-ae26-fc56cdcacc8bn%40chromium.org.
Deco
Jun 29, 2021, 2:37:13 PM6/29/21
to tweak support, Chromium Extensions
These clarifications are just explaining practices that already exist, in reality, it's nothing new.
For point number 3, the expectation is that say a user were to install an extension on the assumption that the extension advertised support for a certain product or service, and that extension does in fact not provide that service. This would be considered a deceptive form of advertising as you are claiming false information which is in your product.
Overall, apply common sense to point number 3 and you'll be fine.
Thanks,
Deco
Robbi
Jun 29, 2021, 6:20:01 PM6/29/21
to Chromium Extensions, decklin...@gmail.com, Chromium Extensions, help....@gmail.com
The real news is that from now you will have to install an app on your smartphone or communicate your mobile number to receive a SMS.
If you do not have a smartphone (like me) or do not want to communicate your number you will have to buy a special pendrive (which costs no less than 20 euros \ dollars).
Thanks Googgle, you are awesome for messing up people's live!!!
hrg...@gmail.com
Jun 30, 2021, 1:46:17 AM6/30/21
to Chromium Extensions, Robbi, decklin...@gmail.com, Chromium Extensions, help....@gmail.com
On Tuesday, June 29, 2021 at 6:20:01 PM UTC-4 Robbi wrote:
do not want to communicate your number
Just buy a new SIM card, they are quite inexpensive. Where I live I can get one for less than 2 dolars.
I have bought dozens of SIM cards throughout the years for the sole purpose of receiving verification numbers from online services.
Arun Ganesan
Jun 30, 2021, 2:00:15 AM6/30/21
to Chromium Extensions, hrg...@gmail.com, Robbi, decklin...@gmail.com, Chromium Extensions, help....@gmail.com
I have a query about the same announcement regarding Deceptive Installation Tactics Update, point 1: "Offering multiple extensions as part of the same installation flow isn’t allowed."
If I have multiple extensions hosted in Chrome Web Store and promote all those extensions via a web page, is that considered a Deceptive Installation tactic? Basically, what does "same installation flow" mean in this context, given that users anyways have to visit Chrome Web Store individually for installing any extension?
Thanks!
Robbi
Jun 30, 2021, 4:01:02 AM6/30/21
to Chromium Extensions, nurag...@gmail.com, hrg...@gmail.com, Robbi, decklin...@gmail.com, Chromium Extensions, help....@gmail.com
@hrg...@gmail.com Thanks I'll do it too. Damned if I buy one of those hellish pendrive (also sold by google BTW)
Simeon Vincent
Jun 30, 2021, 9:39:07 PM6/30/21
to Robbi, Chromium Extensions, nurag...@gmail.com, hrg...@gmail.com, decklin...@gmail.com, help....@gmail.com
The real news is that from now you will have to install an app on your smartphone or communicate your mobile number to receive a SMS.
This isn't quite accurate. As noted in this 2-step verification support article, there are several different supported verification method:
- Google prompts
- Physical security key (AFAIK Yubico is the biggest manufacturer, other options exist)
- Verification code apps (a variety of options exist across all OSs)
- SMS message or phone call
- Backup codes
Simeon - @dotproto
Chrome Extensions DevRel
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/00739110-0d24-493e-bed1-cea821a0cd6fn%40chromium.org.
Message has been deleted
Robbi
Jul 1, 2021, 12:45:36 PM7/1/21
to Chromium Extensions, alsadik...@gmail.com, Robbi, Chromium Extensions, nurag...@gmail.com, hrg...@gmail.com, decklin...@gmail.com, help....@gmail.com, Simeon Vincent
Hi @Simeon,
among the many options you have listed, can you please highlight the one that allows me to NOT:
- Use a smartphone (I am a very happy owner of a Nokia feature phone)
- Give my mobile number to a multinational (I don't want to go into detail here about those Data Breach events that have already gone down in history.)
- Open my wallet and buy a physical security key (Google could give us a gift by sending a similar key to our home address. I believe the real raw material cost of such a piece of silicon shouldn't exceed the $5 we gave you when opening the developer account)
Mozilla AMO has provided an alternative method for people who think like me.
A QRcode is generated in the first phase associated with a 6-digit code.
This code is given to a small program that resides on the user's PC.
As output that program generates a new code to be inserted as second factor in the same logon page.
Basically they (Mozilla) also messed up people's lives, but never as much as Google.
We are talking about a developer account not a bank account.
To strengthen security, "big G" could think of an email sent automatically every time the system noticed a logon from an unknown device.
What many greats like Facebook, Instagram and others are already doing.
If this is the future of authentication for all of Google's end-user services then I am starting today to make my backups and transfer my data to another place.
Il giorno giovedì 1 luglio 2021 alle 11:50:58 UTC+2 alsadik...@gmail.com ha scritto:
2021-07-01 4:38 غرينتش+03:00, Simeon Vincent <sim...@chromium.org>:
> The real news is that from now you will have to install an app on your
> smartphone or communicate your mobile number to receive a SMS.
>
>
> This isn't quite accurate. As noted in this 2-step verification support
> article <https://support.google.com/accounts/answer/185839>, there are
> several different supported verification method:
>
> - Google prompts <https://support.google.com/accounts/answer/7026266>
> - Physical security key (AFAIK Yubico <https://www.yubico.com/> is the
> biggest manufacturer, other options exist)
> - Verification code apps (a variety of options exist across all OSs)
> - SMS message or phone call
> - Backup codes
>
>
> Simeon - @dotproto
> Chrome Extensions DevRel
>
>
> On Wed, Jun 30, 2021 at 1:01 AM Robbi <rob...@gmail.com> wrote:
>
>> @hrg...@gmail.com Thanks I'll do it too. Damned if I buy one of those
>> hellish pendrive (also sold by google BTW)
>>
>> Il giorno mercoledì 30 giugno 2021 alle 08:00:15 UTC+2 nurag...@gmail.com
>> ha scritto:
>>
>>> I have a query about the same announcement regarding Deceptive
>>> Installation Tactics Update, point 1: *"Offering multiple extensions as
>>> part of the same installation flow isn’t allowed."*
>>>
>>> If I have multiple extensions hosted in Chrome Web Store and promote all
>>> those extensions via a web page, is that considered a Deceptive
>>> Installation tactic? Basically, what does "same installation flow" mean
>>> in
>>> this context, given that users anyways have to visit Chrome Web Store
>>> individually for installing any extension?
>>>
>>> Thanks!
>>>
>>> On Wednesday, June 30, 2021 at 11:16:17 AM UTC+5:30 hrg...@gmail.com
>>> wrote:
>>>
>>>> On Tuesday, June 29, 2021 at 6:20:01 PM UTC-4 Robbi wrote:
>>>>
>>>>> do not want to communicate your number
>>>>>
>>>>
>>>> Just buy a new SIM card, they are quite inexpensive. Where I live I
>>>> can
>>>> get one for less than 2 dolars.
>>>> I have bought dozens of SIM cards throughout the years for the sole
>>>> purpose of receiving verification numbers from online services.
>>>>
>>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Chromium Extensions" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to chromium-extens...@chromium.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/00739110-0d24-493e-bed1-cea821a0cd6fn%40chromium.org
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Chromium Extensions" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to chromium-extens...@chromium.org.
> To view this discussion on the web visit
Simeon Vincent
Jul 1, 2021, 7:45:04 PM7/1/21
to Chromium Extensions, Robbi, alsadik...@gmail.com, Chromium Extensions, nurag...@gmail.com, hrg...@gmail.com, decklin...@gmail.com, help....@gmail.com, Simeon Vincent
Sure, in that case your options are either "verification code apps" or "backup codes."
By "verification code app", I meant exactly the "small program that resides on the user's PC" that you described. FWIW here's a guide form a 3rd party authenticator app (Authy) describing how to set up Google's 2-step verification using their service. The same steps should apply to your desktop application.
I'll pass along the feedback that you'd also like to see email verification code support.
Simeon - @dotproto
Chrome Extensions DevRel
Robbi
Jul 2, 2021, 2:18:48 PM7/2/21
to Chromium Extensions, Simeon Vincent, Robbi, alsadik...@gmail.com, Chromium Extensions, nurag...@gmail.com, hrg...@gmail.com, decklin...@gmail.com, help....@gmail.com
Hi @Simeon,
on Authy guide page on https://authy.com/guides/googleandgmail/ (the link you provided in your last post)
I read:"
"[...] On the next screen, Google asks you to set up your phone.
You can then opt to receive a verification code via text or phone call.Choose your country, and enter your phone number.
Make your choice and then click “Next.” [...]"
For Backup codes at https://www.google.com/intl/en/landing/2step/features.html
I see this image:
I assume that to print these codes I must first start a procedure with a smartphone and \ or with my mobile number.
Am I making a mistake?
All the roads analyzed so far would always seem to lead to:
- smartphone + mobile number or
- or buy a security key.
Simeon Vincent
Jul 13, 2021, 3:21:15 PM7/13/21
to Robbi, Chromium Extensions, alsadik...@gmail.com, nurag...@gmail.com, hrg...@gmail.com, decklin...@gmail.com, help....@gmail.com
on Authy guide page on https://authy.com/guides/googleandgmail/ (the link you provided in your last post)I read:""[...] On the next screen, Google asks you to set up your phone.You can then opt to receive a verification code via text or phone call.Choose your country, and enter your phone number.Make your choice and then click “Next.” [...]"
The screenshots in that guide also have a prompt that states "Don't want to use a text message or voice call? Choose another option." Unfortunately, when I just checked this flow the other options I saw were "Security Key" and "Google Prompt"
It does appear that you will either need to purchase a SIM or a security key. Sorry for sharing incorrect information earlier in this thread and for the inconvenience this requirement causes.
Simeon - @dotproto
Chrome Extensions DevRel
Reply all
Reply to author
Forward
0 new messages