Google Starts Charging a Signup Fee For Chrome Extension Developers 132
trooperer writes "On Thursday, Google introduced two significant changes in the Google Chrome Extensions Gallery: a developer signup fee and a domain verification system. The signup fee is a one-time payment of $5. The announcement says its purpose is to 'create better safeguards against fraudulent extensions in the gallery and limit the activity of malicious developer accounts.' Developers who already registered with the gallery can continue to update their extensions and publish new items without paying the fee."
Google also made available a developer preview for the Chrome Web Store.
say... (Score:4, Funny)
Re: (Score:2)
so do we do Ggle or Googl€ now?
Gigolo. Pay up to Feel Lucky, wink wink.
Re: (Score:1, Insightful)
I don't, so I can host my app on my own website free of charge.
Re: (Score:1, Insightful)
*shrug* I can still publish my .crx on my own site. Nothing really changes.
But it does point to a flaw of sorts in Chrome extensions. The security model is not nearly granular enough. Since almost any non-trivial extension will, according to Chrome, need access to all your browser data and whatnot, users desensitise to that and thus it becomes easy for crap to go unnoticed. Think about it: if all plants on the planet looked like soldiers, soldiers wouldn't need camouflage.
So it's a half-assed social solutio
Re: (Score:1)
how do you like them apples?
Considering Apple charges $99 in comparison to Chrome's $5? Pretty darn good, actually.
Re: (Score:2)
Getting kicked in the shin is a lot better than getting kicked in the nuts, but both suck.
Re: (Score:3, Informative)
Last I checked Apple does not charge for the ability to develop Safari extensions and have them appear in the extension gallery.
I believe you must be thinking of something different Apple charges for; you don't need a WWDC subscription to write safari browser extensions and publish.
Re: (Score:2)
you don't need a WWDC subscription to write safari browser extensions and publish.
Nor do you need this $5 fee -- it's entirely possible to host a Chrome extension yourself, have it auto-update yourself, and all the mechanisms to do this are already in place.
Re: (Score:1)
Right... but Apple doesn't charge you a $5 or more fee to have your extension submitted to their gallery.
They can accept or deny it, but you don't pay anything to Apple, it's free (currently).
Now what you may pay is webhosting; for your extension's website and download servers.
Re: (Score:3, Insightful)
Paypal does same for same purpose and charges $1, to put it back in 24 hours. Does Google do it? Or they can't afford? (!)
What does your post have to do with liking them apples? Anyways, in terms of money consider that had they implemented this program from day 1 they would have netted about $30,000 had every developer paid the $5, and those developers are getting grandfathered in for free. Obviously it's not about the money for them.
Re: (Score:2)
Because otherwise they will have no developers left.
If it's not about money , they should indeed reimburse it.
This basically means you have to pay in order to be allowed to work on something Google would otherwise have to pay developers for.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Never fails... (Score:2, Interesting)
Re: (Score:2)
That's kind of the point, isn't? They are rewarding the early adopters.
Re: (Score:2)
That's kind of the point, isn't? They are rewarding the early adopters.
They're not rewarding the early adopters, they've just been grandfathered. Could you imagine the fallout if Google came asking everyone who already had an account for cash? Though I do find it odd that they picked $5 if it's just to create better safeguards. Why not $1 instead?
Re: (Score:3, Informative)
It would be nice if they waived fees for people who have had active gmail accounts for > 4 years, or something like that. Any geek worth their salt has had an account since mid-2005. I'm no developer, but I've tinkered around with extensions before in the past, just to see what they can do. Had there been a $5 fee in place, I'd have never jumped that hurdle to just poke around with the code.
Re: (Score:2)
I just checked my gmail...account open since November 2004...
I remember waiting for months to get an invite.
Re: (Score:1)
They are not rewarding the early adopters. They are penalizing everyone who hasn't published an extension yet.
If you wrote the code and haven't gotten the account to publish to the gallery yet, then you are screwed over by the $5 fine/penalty.
Charging everyone a $5 penalty as a way to "deal with" the 3 or 4 script kiddies kind of sucks.
All a malware author needs is a couple dozen people to install their malicious app and get critical info snooped, or snooker the user into paying more, they will easi
Re: (Score:2)
Were the HELL am I gonna get five fucking hundered dollars man? Are they out of there fucking minds? FUCK YOU GOOGLE ASSWIPEES!
Uh, it's only five dollars. Unless you plan on registering 100 accounts anyway.
Re: (Score:3)
That's sort of like saying that you always find something you've lost in the last place you look. That's because once you find it you stop looking.
You generally don't hear about new fees for previously free services until after they're announced because they usually only tell you about them after they implement them.
Re: (Score:2)
Re: (Score:2)
Five dollars!? Why that's an outrage! If I were you, I wouldn't pay it.
{who knows what movie that's from? Without a-googlin'...}
So what? (Score:4, Insightful)
So you have to pay a fee to register an extension with them. So what?
I mean, ok, yes, I can see why I might prefer to be listed in Firefox's extension gallery for free, but there's nothing stopping me from distributing the extension on my own, via a third party.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It shows what you can expect from their so-called free and open source browser.
What's "so-called" about a browser which is actually free, and actually open source?
In fact, everytime they do it, they prove GNU/FSF "nitpicking" about the FOSS and plain "open source".
The FSF wouldn't have a problem with this, as far as I can tell -- Chromium still is, and always was, Free as in Freedom. Paying Google $5 to list/host your extension hardly counts as making it proprietary -- if you like, you can still release source, and still allow anyone else to either pay the $5 or host it themselves.
I don't want to make anyone feel guilty or cheap but I personally know some open source developers who can't even afford a $30 external disk and development stops until they get some kind of donation.
Where in my post did I say anything about this being "cheap"? I don't care if it's $5, $50, or $5000 -- i
$5 - that Microsoft, Apple and Oracle beaten (Score:2, Troll)
Seriously, what kind of developer would even notice a $5 charge? Even modestly successful apps make over $500 per day.
Re: (Score:2)
Web browser extensions not applications. But your point about noticing the charge stands.
Re: (Score:2)
Re: (Score:2)
and they dev chome extensions? or are busy working in sweat shops? right... now i'd rather they didn't work there, but i'd like them to get a bit of food...
Re: (Score:1)
And that is the whole point - for a legitimate user it is a one time irrelevancy. For a malicious intent it is probably not worth it not to mention the paper trail.
Nor is it intended to be "prevent" it from occurring but slow down the rate. It is just intended to add a high enough barrier that it *mostly* isn't worth it. It's like having a guard dog, house alarm system, and a myriad other things - its is easier and more effective to go somewhere else. More often than not it's just goofing off and having to
Re: (Score:2)
Seriously, what kind of developer would even notice a $5 charge?
The kind that makes his work available to all for free.
Not that this is a huge problem for them, mind you, as they can easily host their software elsewhere and it'll still Just Work(tm), unlike Apple's (far more expensive) iThingie walled garden, but not everyone develops browser extensions with a commercial purpose and for those that don't, the difference between $0 and $5 is much larger than that between $5 and $10.
Re: (Score:2, Insightful)
> Man, really does apple.com or google.com has some very advanced background mind programming graphic so some people becomes rather like cult members?
No, but they have people releasing code for their platform who view the $5 charge in the same way they view their ISP/electricity/book costs - as part of doing business.
Mods, this is ridiculous! (Score:1)
The parent is, without a shadow of a doubt, not a troll. I disagree with his apparent viewpoint as much as anyone here, but this censorship, thinly disguised as moderation abuse, is truly pathetic. Please mod the parent +1 underrated.
Extortion! (Score:5, Funny)
The $5 ... (Score:4, Insightful)
Re: (Score:3, Insightful)
Re: (Score:1, Funny)
Duh. Google can just google to see if a credit card was stolen or not.
Re: (Score:1)
Not if they posted a code to the card's billing address which you needed to enter online to confirm you're the cardholder.
Re: (Score:2)
Typing in a number that is mailed to you is jumping through hoops? Have you ever been to the DMV?
Re: (Score:2)
That will be found out sooner or later when charges start to appear to credit card bills. Even if the person behind the credit card is not known the account can be declared tainted. Google will be able to revert any actions from that account and keep the system more safe.
Re:The $5 ... (Score:4, Insightful)
Stolen credit cards aren't cheap.
You are both right. It's not a foolproof preventative measure, but it is a small effort that stops petty criminals and hinders large-scale criminals.
Re: (Score:1)
No... I would say it hinders petty criminals and has minimal effects on large-scale criminals.
They would need to do more than simply charge a $5 fee to have an effective barrier.
Re: (Score:1, Informative)
Stolen credit cards aren't cheap.
Actually, they're free.
Re: (Score:2)
Re: (Score:2)
It's easy for credit card processors to block prepaid cards. There's also several different types of them, so that's not necessarily relevant anyways.
Re: (Score:1)
They can't really do it, as that would effect m any legitimate developers.
Many people do not have any credit cards, and use debit, or prepaid cards instead, for online transactions.
Re: (Score:2)
Every visa gift card I've encountered requires a lot of identifying info that gets cross-referenced. Give a wrong name? Good luck trying to use the card for the next purchase. The days of anonymous visa cards are long gone.
Really... (Score:1, Troll)
So, black hats who dares to play around with Google giant's browser can't find a CC number to give to them.
Sure... Man they could be using CC number printed papers as toilet paper.
For example, this team/guy who coded this marvellous piece of evil software who controls 5 million computers via unbreakable, declared WONTFIX by security elite, zombie army will have hard time finding a $5 CC.
http://en.wikipedia.org/wiki/Conficker [wikipedia.org]
If you have time, read all about it. "Get users credit card number" validation schem
rhinestone bullet (Score:5, Insightful)
You're from the school of silver bullets. If it won't work to a high degree, it's completely worthless. You might note that Google is not without resources in identifying the difference between a valid CC number and one found floating down some pipe in the intertubes.
If half of the malicious lamers are too stupid to notice this, then Google has improved the signal to noise ratio in policing their chrome extension developers by 3dB.
It's a minor barrier to malfeasance. It discourages sock puppets. And it sends the message "we care" which is the main reason aggressively scrubbing graffiti off trains in NYC works so effectively.
The downside? Fewer chrome extensions written by the next teenage African Einstein. And shirt-rending despair over failure to attain the requisite degree of silver-bullet superhero mojo. Yet another superhero impostor. It's a tough life.
What are zombie armies for? (Score:1, Troll)
Really, why do they invest millions of dollars to make zombie armies? To spam? It is so over.
In fact, they can even SWIFT the money, via stolen bank account. SWIFT/Bank is way more secure. (here comes $10 idea for Google)
Re: (Score:2)
You're from the school of silver bullets. If it won't work to a high degree, it's completely worthless
In many cases, it can actually make things worse. It provides an evolutionary pressure forcing the scammers to adapt and become harder to detect, without actually eliminating any of them. See also: antibiotic resistant bacteria.
Re:rhinestone bullet (Score:5, Interesting)
It raises the bar though, and makes for offenses that can be charged if the person doing credit card fraud is caught.
A physical example. If a bike is leaning against a wall, that is just a mere theft. If it has a crappy lock, it is theft and property destruction. If the bike has a good lock and is locked to a parking meter in such a way that it can't be lifted off, then some thief cuts off the parking meter head, the thief is now facing larceny charges, as well as destruction of state/federal property. Similar with keeping things behind a display case. Smashing glass to grab something usually gets a lot more charges than grabbing something off a rack and bolting for the door.
I agree though -- nothing is 100%, but this makes fraudsters have to do more work, and potentially face more jail time if caught.
Re: (Score:1)
Sorry.. no.. I saw the Neistat Brothers' video "Bike Thief" [youtube.com]
People still bikes in broad daylight en masse, nobody cares.
Re: (Score:1)
It is considered to make things worse to use antibiotics except where medically essential. Use of antibiotics promotes growth of bacteria resistant to the antibiotics.
The resistant strains can then share genes with more harmful bacteria.
The result is the antibiotic is less effective, or might not even work when it's really needed due to a live-threatening infection, which is antibiotic-resistant due to the frivolous use of the antibiotic.
The "harm" is not that the antibiotic hurts you; the harm is
Re: (Score:1)
Re: (Score:1)
It is really more like this situation [failblog.org]. Or this one [failblog.org]. Or this one [failblog.org]. Or this one [failblog.org]. Or this one [failblog.org].
As for houses, locks are to keep out wild animals and to help slow down a potential intruder. The burglar alarm, and devices like the .40 S&W and 9mm are supposed to be the real deterrants and defense against human threats.
Specifically, the 2nd amendment of the constitution which guarantees the people the right to bear arms and defend themselves and their constitutionally protected rights, including th
Re: (Score:1)
Interestingly enough, your first link [failblog.org] hit the nail on the head. That gate is not a security measure at all like the link makes it out to be. The gate is there to tell people that the airport is closed. To think that it was even slightly intended as a security measure is very naive.
Google's signup fee was not meant as "real deterrant[sic] and defense against human threats". It was meant to keep "wild animals" (aka. script kiddies) from posting stupid malicious apps in the marketplace to jack with people.
Als
Re: (Score:2)
Re: (Score:1)
The average person does not have online access with their CC provider and a habit of constantly logging into their online account and refreshing the page every 30 seconds to look for any unusual $5 transactions they do not remember.
Much of the population won't have a chance of knowing about the $5 charge until 30 days later when they receive their paper statements.
Of those people..... many won't notice a $5 unexpected Google charge in there. If they do, they might not immediately realize this isn't so
Re:The $5 ... (Score:5, Insightful)
It is also a good filter against random trouble makers.
Rich Kaynka (Something Awful) actually talked about this that you get some people, kids in particular, with a lot of time on their hands who will spend it making life difficult for you. In his case it was someone repeatedly spamming stupid shit on the forums. One thing that does a nice job of eliminating that is a small charge. Reason is that you have to be at least somewhat serious to be willing to pay that.
As you said, it wont' stop someone who really wants to make an evil extension (though verifiability helps with that), but it'll probably stop people who just want to be a pain in the ass and submit lots of stupid and/or non functional extensions to try and cause trouble. It's easy to create hundreds of bogus accounts and post crap with them. It is hard to spend hundreds of dollars to do the same.
Re: (Score:1)
Re: (Score:2)
That's partly true but also quite like saying a $5 lock won't stop someone stealing your $1000 bike.In practice the thief will often just find an easier target -- another bike or something else altogether... The criminals aren't trying to make Chrome extensions, or even browser extensions, they're trying to make money. If the Chrome extension scam requires them to do CC fraudthey might just pick an easier target.
In short, it's not about the resources the criminals have, it's about the opportunity cost of th
Re: (Score:2, Interesting)
It's literally trivial to automatically filter out grossly nonfunctional extensions: run chrome in a sandbox, load the submitted binary blob or extension, and check some error codes or a log file. Frankly, if their software engineers can't do this, then they don't deserve to be called that. Now after that initial filtering step, you can get
Re:The $5 ... (Score:4, Funny)
Re: (Score:1)
Re: (Score:2)
The five dollars has to be to cover costs, which is fair. One wonders, however, why Chrome is such a risk that it can't use the same model as firefox. I suppose it is simply that Google has to protect itself since Chrome is it's products. They have to create a closed garden to insure security.
Re: (Score:1)
I still won't be switching to chrome. Why? Noscript, adblock (better in firefox I hear), and a few minor add-ons which I could live without without.
Re: (Score:2)
It has adblock and now notscript
https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom [google.com]
https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn [google.com]
I would no doubt that the firefox equivalents that have been around for 5 years probably work better, but these work well for me.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
You can put any info at all in the registration site for them (for when sites use AVS to check the card.)
You don't need stolen numbers when it's easier to grab a fraud-b-easy card while picking up milk...
Re: (Score:2)
Uh, then you use a pre-paid Visa or Visa gift card that is purchased anonymously with cash. System broken. If you indeed wanted to sneak in malicious code, you would certainly take a simple step or two to protect your identity.
Re: (Score:2)
No, its to address the same problem that Apple had. Shady developers were registering the same application hundreds of times under slightly different names, looking to increase the likelyhood that some dumb schmuck would like the name enough to spend a few bucks for the app. It got so bad with Apple that the vast majority of their apps in their store were the same rehashed garbage drowning out the handful of decent apps. Setting a fee to register an app or extension helps the "signal-to-noise" ratio quit
Re: (Score:3, Interesting)
Pre-paid Visa cards are a cash-and-carry item at Wal-Mart. There is currently no ID verification required before they're usable.
Re: (Score:2)
And the real crooks don't have access to other peoples credit cards or *gasp* pay per use visa/etc cards, right?
Re: (Score:2)
Yeah, just like Blizzard having peoples CC numbers prevents gold farmers in World of Warcraft ... oh wait...
Re: (Score:3, Insightful)
Considering the bandwidth costs and the fact that (most?) extensions don't make them any money
Of course, extensions generally improve the browser, by providing features the browser doesn't. Firefox is a good example, which would quite likely be forgotten by many of its users if it weren't for it's many good extensions. Quite simply: more extensions, more users, more revenue.
Contract Law (Score:2)
I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.
Re: (Score:2)
I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.
I am not a lawyer so this is a genuine question. Does money need to change hands in order to meet the "consideration" requirement of a contract?
If no money changes hands and the contract consists of "you write extensions" and "we provide visibility for them", is it then invalid and unenforcable?
Re: (Score:2)
I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.
I am not a lawyer so this is a genuine question. Does money need to change hands in order to meet the "consideration" requirement of a contract?
If no money changes hands and the contract consists of "you write extensions" and "we provide visibility for them", is it then invalid and unenforcable?
IINAL, but to answer your question no the elements of a valid contract under English common law (the legal system in the England and most of it's former colonies, including the USA) are:
A decent intro at expert law. [expertlaw.com]
Re: (Score:1)
The $5 is in the wrong direction for that to be the case. Google already receives consideration from the developer in the form of an app submitted to their gallery for use by Google's customers.
On the other hand, the developer doesn't receive compensation from Google for developing and submitting an app.
Pay filter works well for user-generated content (Score:2, Insightful)
Re: (Score:1)
As a site operator, isn't that just another way of getting 33 attorneys general [slashdot.org] after you?
They already went after paid expediting of abuse complaints.
If the AGs find a pay-to-post-a-comment site, with some offensive comments.. who knows, they might deem it as equivalent to "Pay not to have your post removed" or "Pay to get your ocmments through the abuse filters"
Vertical Tabs (Score:2)
Re: (Score:2)
Prototype vertical tabs are enabled on Windows -- not sure about OSX or Linux. I'm on the dev schedule release, and I can just r-click and select "use side tabs". But as I said, prototype: no indentation, no tree collapse, and they open above instead of below your current tab.
Create better safeguards? (Score:2)
By charging *5* bucks to join the club? You have to be kidding.
I really don't get this move. (Score:1)
1) Not all developers have credit cards. My country is a perfect example. Since online payment is (sadly) still a relatively new term for our local banks, you need to go through a lot of hoops to get an "internet-capable" debit card (some require security deposits even though it is a debit card, others require additional paperwork, etc). By default you just get a Visa Electron card which doesn't work online.
2) There are some young developers who just want to play around and mig
Re: (Score:2)
Let's be honest.
1) We don't need that many developers. We need good developers.
2) It's really not that hard to get a CC so any serious developer will be able to still join.
Yes we might lose that shinning new star from Zimbabwe who was going to create an amazing new ad blocker--but in all likelihood we'll get an identical one out of someone from Canada anyway.
If there's one thing I've learned in business... (Score:1)
... anything free will be abused. If, within a company, department A does work at department B's behest, with no notion of "cost" associated with it, then department B will abuse department A, and just naturally dump more and more work onto them, because there's no reason not to. Even a simple "credit" system (i.e. each task costs 5 or 10 credits, and you get 200 credits per month) can help with this.
This is why I always thought micropayments for SMTP traffic would be a wonderful solution for spam. "For
Re: (Score:1)
No.... Google realized they are in competition against Apple and Microsoft, and need to align their business practices a little more with them to successfully compete, I guess.
For example, they need to start treating APIs as more precious, make sure to create lots of internal API Frameworks, use them in their own extensions, and flog any third-party who dare touch internal Frameworks.
$5 today, but i'm surely they are just testing the waters.... in a year or so it might be $99 much like what Apple mobi