Allow extension to prevent user from disabling it (via opt-in)

[Warren Benedetto]

I'm the developer of StayFocusd (https://chrome.google.com/extensions/
detail/laankejkbhbdhmipfmgcngdelahlfoji), a productivity extension
that blocks time-wasting websites. In a nutshell, users can designate
a list of blocked sites. When they're on those sites, a timer counts
down. Once they have used their allocated time for the day, the
extension won't allow them to access the blocked sites anymore.

I've done everything I can within the extension itself to prevent
users from cheating or circumventing the blocks. The problem is, none
of that matters when it's so easy to just go into the extensions page
and disable the whole thing altogether.

The most-requested feature from my users is for me to somehow save
them from themselves by disallowing the disabling or uninstalling of
the extension. An alternate suggestion I often get is to add some way
to password-protect the uninstalling of the extension. This request
often comes from parents who are trying to limit their kids' time
online.

I'd really, really like to offer this feature to my users. I
understand the potential for abuse if a malicious extension could
prevent the user from uninstalling it, but what if there was a Chrome
API for prompting the user to "disable disabling"?

You'd have to make the opt-in message standard, so extensions couldn't
trick users into setting the option by using misleading language. For
example: chrome.extension.preventDisable(), which would prompt the
user: "Would you like to remove the ability to disable [extension
name]?" in a dialog box similar to the one displayed when installing
the extension.

Then maybe let the extension control the re-enabling API, via
chrome.extension.allowDisable(). There shouldn't be a built-in way to
"enable disabling" from the extensions page -- otherwise it's too easy
and defeats the whole purpose.

If allowDisable() can only come from the extension itself, then
developers can interject important functionality before the function
is called. In my use-case, I could require a password before
allowDisable() is called. I imagine there are other use-cases for
other extensions as well.

Any thoughts about the possibility of adding an API like this?

[Pam Greene]

The related notion of mandatory extensions is also important for enterprise installations. Just a note so we can keep both use-cases in mind.

- Pam

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To post to this group, send email to chromium-...@chromium.org.
To unsubscribe from this group, send email to chromium-extens...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.

[Aaron Boodman]

I understand your use case, but I'm pretty reluctant to make it harder
to uninstall or disable extensions. It's important in most cases that
it is easy to get rid of an extensions and that the extension has no
way to override that.

- a

[Warren Benedetto]

Yeah, I totally understand that 99% of the time, it should be easy to disable/uninstall. 

What if there was just a general feature that would allow a user to password protect the disabling link, for any extension? Maybe a checkbox that says, "Require password to disable this extension". If the user clicks that, it prompts them for a password, then requires that password in the future if they click the Disable link. That would make it totally up the user to opt-in, and it's all transparently right there on the extensions page. 

[Ken Liu]

Consider this: Requiring a password adds a barrier to disabling the
extension, but if users don't have the self-control to keep themselves
from disabling the extension, what's to keep them from just entering
the password? It seems like it really has to be all or nothing.

Ken

[Warren Benedetto]

I agree. For my extension, I actually have a "challenge" instead of a password. The user has to type a few sentences without making a single typo. If they mess up, it automatically clears and makes them start over. Sounds easy, but it's really, really hard. Most people get frustrated and give up.

However, the password would be good for parents who want to control their kids' browsing, and companies who want to control their employees' browsing. Also, I've had more than one user suggest that they would have a friend set the password so they don't know it. 

I actually like the suggestion of some sort of special Chrome build with built-in extensions. It would be cool to have a Chrome "packager" which would allow someone to select a list of extensions they want pre-installed, then you'd get a download link which would download the extensions at the same time. This would let people create, for example, a "Chrome web developer's pack" with all the most useful extensions already installed.

I don't know anything about the Chrome core, but it seems like such a feature might be as easy as just flagging pre-installed extensions and then not displaying them on the extensions page.

[Ken Liu]

I guess this is the logical end result of providing plugins or
extensions in an application - eventually someone will want to
package/distribute the application with pre-configured extensions. The
Eclipse IDE is like this, it comes in different distributions with
different plugins pre-installed.

Ken

On Thu, Apr 15, 2010 at 10:18 PM, Warren Benedetto