Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google The Almighty Buck Technology

Google Starts Charging a Signup Fee For Chrome Extension Developers 132

trooperer writes "On Thursday, Google introduced two significant changes in the Google Chrome Extensions Gallery: a developer signup fee and a domain verification system. The signup fee is a one-time payment of $5. The announcement says its purpose is to 'create better safeguards against fraudulent extensions in the gallery and limit the activity of malicious developer accounts.' Developers who already registered with the gallery can continue to update their extensions and publish new items without paying the fee." Google also made available a developer preview for the Chrome Web Store.
This discussion has been archived. No new comments can be posted.

Google Starts Charging a Signup Fee For Chrome Extension Developers

Comments Filter:
  • say... (Score:4, Funny)

    by fattmatt ( 1042156 ) on Saturday August 21, 2010 @04:26PM (#33327714)
    how do you like them apples?
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      I don't, so I can host my app on my own website free of charge.

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      *shrug* I can still publish my .crx on my own site. Nothing really changes.
      But it does point to a flaw of sorts in Chrome extensions. The security model is not nearly granular enough. Since almost any non-trivial extension will, according to Chrome, need access to all your browser data and whatnot, users desensitise to that and thus it becomes easy for crap to go unnoticed. Think about it: if all plants on the planet looked like soldiers, soldiers wouldn't need camouflage.
      So it's a half-assed social solutio

    • by _KiTA_ ( 241027 )

      how do you like them apples?

      Considering Apple charges $99 in comparison to Chrome's $5? Pretty darn good, actually.

      • Getting kicked in the shin is a lot better than getting kicked in the nuts, but both suck.

      • Re: (Score:3, Informative)

        by mysidia ( 191772 )

        Last I checked Apple does not charge for the ability to develop Safari extensions and have them appear in the extension gallery.

        I believe you must be thinking of something different Apple charges for; you don't need a WWDC subscription to write safari browser extensions and publish.

        • you don't need a WWDC subscription to write safari browser extensions and publish.

          Nor do you need this $5 fee -- it's entirely possible to host a Chrome extension yourself, have it auto-update yourself, and all the mechanisms to do this are already in place.

          • by mysidia ( 191772 )

            Right... but Apple doesn't charge you a $5 or more fee to have your extension submitted to their gallery.

            They can accept or deny it, but you don't pay anything to Apple, it's free (currently).

            Now what you may pay is webhosting; for your extension's website and download servers.

  • Never fails... (Score:2, Interesting)

    by ibsteve2u ( 1184603 )
    Seems like I always learn about a new fee two days after the deadline for "free" expires.
    • by Aladrin ( 926209 )

      That's kind of the point, isn't? They are rewarding the early adopters.

      • That's kind of the point, isn't? They are rewarding the early adopters.

        They're not rewarding the early adopters, they've just been grandfathered. Could you imagine the fallout if Google came asking everyone who already had an account for cash? Though I do find it odd that they picked $5 if it's just to create better safeguards. Why not $1 instead?

        • Re: (Score:3, Informative)

          by Hadlock ( 143607 )

          It would be nice if they waived fees for people who have had active gmail accounts for > 4 years, or something like that. Any geek worth their salt has had an account since mid-2005. I'm no developer, but I've tinkered around with extensions before in the past, just to see what they can do. Had there been a $5 fee in place, I'd have never jumped that hurdle to just poke around with the code.

          • I just checked my gmail...account open since November 2004...

            I remember waiting for months to get an invite.

      • by mysidia ( 191772 )

        They are not rewarding the early adopters. They are penalizing everyone who hasn't published an extension yet.

        If you wrote the code and haven't gotten the account to publish to the gallery yet, then you are screwed over by the $5 fine/penalty.

        Charging everyone a $5 penalty as a way to "deal with" the 3 or 4 script kiddies kind of sucks.

        All a malware author needs is a couple dozen people to install their malicious app and get critical info snooped, or snooker the user into paying more, they will easi

    • by node 3 ( 115640 )

      That's sort of like saying that you always find something you've lost in the last place you look. That's because once you find it you stop looking.

      You generally don't hear about new fees for previously free services until after they're announced because they usually only tell you about them after they implement them.

    • Obviously Google desperately needs the emense influx of cash that a one-time $5 fee per new extension developer account will bring in that they couldn't afford to tell anyone before hand. The end is near! Sell your Google stock now!
    • Seems like I always learn about a new fee two days after the deadline for "free" expires.

      Five dollars!? Why that's an outrage! If I were you, I wouldn't pay it.

      {who knows what movie that's from? Without a-googlin'...}

  • So what? (Score:4, Insightful)

    by Anonymous Coward on Saturday August 21, 2010 @04:32PM (#33327738)

    So you have to pay a fee to register an extension with them. So what?

    I mean, ok, yes, I can see why I might prefer to be listed in Firefox's extension gallery for free, but there's nothing stopping me from distributing the extension on my own, via a third party.

  • Seriously, what kind of developer would even notice a $5 charge? Even modestly successful apps make over $500 per day.

    • by Lifyre ( 960576 )

      Web browser extensions not applications. But your point about noticing the charge stands.

    • Kids and those that are in parts of the world where they can't send money to the US.
      • by cynyr ( 703126 )

        and they dev chome extensions? or are busy working in sweat shops? right... now i'd rather they didn't work there, but i'd like them to get a bit of food...

    • And that is the whole point - for a legitimate user it is a one time irrelevancy. For a malicious intent it is probably not worth it not to mention the paper trail.

      Nor is it intended to be "prevent" it from occurring but slow down the rate. It is just intended to add a high enough barrier that it *mostly* isn't worth it. It's like having a guard dog, house alarm system, and a myriad other things - its is easier and more effective to go somewhere else. More often than not it's just goofing off and having to

    • by Draek ( 916851 )

      Seriously, what kind of developer would even notice a $5 charge?

      The kind that makes his work available to all for free.

      Not that this is a huge problem for them, mind you, as they can easily host their software elsewhere and it'll still Just Work(tm), unlike Apple's (far more expensive) iThingie walled garden, but not everyone develops browser extensions with a commercial purpose and for those that don't, the difference between $0 and $5 is much larger than that between $5 and $10.

  • Extortion! (Score:5, Funny)

    by oldhack ( 1037484 ) on Saturday August 21, 2010 @04:44PM (#33327818)
    I won't budge until they drop the fee to 4.99.
  • The $5 ... (Score:4, Insightful)

    by WrongSizeGlass ( 838941 ) on Saturday August 21, 2010 @04:45PM (#33327826)
    The $5 is probably a way for them to be able ID anyone who wants to sneak malicious code into an extension. If they have your CC number they have a pretty good way of knowing who you might be. If they took cash the $5 wouldn't stop anyone who wanted to poison their extension. A verifiable electronic payment will prevent most of those who might try it.
    • Re: (Score:3, Insightful)

      by Sethus ( 609631 )
      Good idea in theory, but I'd be willing to guess, it would be very easy to provide a stolen credit card for this information.
      • Re: (Score:1, Funny)

        by Anonymous Coward

        Duh. Google can just google to see if a credit card was stolen or not.

      • by Threni ( 635302 )

        Not if they posted a code to the card's billing address which you needed to enter online to confirm you're the cardholder.

      • That will be found out sooner or later when charges start to appear to credit card bills. Even if the person behind the credit card is not known the account can be declared tainted. Google will be able to revert any actions from that account and keep the system more safe.

      • Re:The $5 ... (Score:4, Insightful)

        by rm999 ( 775449 ) on Saturday August 21, 2010 @05:31PM (#33328052)

        Stolen credit cards aren't cheap.

        You are both right. It's not a foolproof preventative measure, but it is a small effort that stops petty criminals and hinders large-scale criminals.

        • by mysidia ( 191772 )

          No... I would say it hinders petty criminals and has minimal effects on large-scale criminals.

          They would need to do more than simply charge a $5 fee to have an effective barrier.

        • Re: (Score:1, Informative)

          by Anonymous Coward

          Stolen credit cards aren't cheap.

          Actually, they're free.

      • What normally happens is that Google would refund the money, probably losing some money in the process, which since there main objective is figuring out who people are is just fine. At $5 a developer, they shouldn't have any trouble handling these eventualities without losing money.
    • Really... (Score:1, Troll)

      by Ilgaz ( 86384 )

      So, black hats who dares to play around with Google giant's browser can't find a CC number to give to them.

      Sure... Man they could be using CC number printed papers as toilet paper.

      For example, this team/guy who coded this marvellous piece of evil software who controls 5 million computers via unbreakable, declared WONTFIX by security elite, zombie army will have hard time finding a $5 CC.
      http://en.wikipedia.org/wiki/Conficker [wikipedia.org]

      If you have time, read all about it. "Get users credit card number" validation schem

      • rhinestone bullet (Score:5, Insightful)

        by epine ( 68316 ) on Saturday August 21, 2010 @05:31PM (#33328056)

        If you have time, read all about it. "Get users credit card number" validation scheme is over. Completely over.

        You're from the school of silver bullets. If it won't work to a high degree, it's completely worthless. You might note that Google is not without resources in identifying the difference between a valid CC number and one found floating down some pipe in the intertubes.

        If half of the malicious lamers are too stupid to notice this, then Google has improved the signal to noise ratio in policing their chrome extension developers by 3dB.

        It's a minor barrier to malfeasance. It discourages sock puppets. And it sends the message "we care" which is the main reason aggressively scrubbing graffiti off trains in NYC works so effectively.

        The downside? Fewer chrome extensions written by the next teenage African Einstein. And shirt-rending despair over failure to attain the requisite degree of silver-bullet superhero mojo. Yet another superhero impostor. It's a tough life.

        • Really, why do they invest millions of dollars to make zombie armies? To spam? It is so over.

          In fact, they can even SWIFT the money, via stolen bank account. SWIFT/Bank is way more secure. (here comes $10 idea for Google)

        • You're from the school of silver bullets. If it won't work to a high degree, it's completely worthless

          In many cases, it can actually make things worse. It provides an evolutionary pressure forcing the scammers to adapt and become harder to detect, without actually eliminating any of them. See also: antibiotic resistant bacteria.

          • Re:rhinestone bullet (Score:5, Interesting)

            by mlts ( 1038732 ) * on Saturday August 21, 2010 @08:07PM (#33328836)

            It raises the bar though, and makes for offenses that can be charged if the person doing credit card fraud is caught.

            A physical example. If a bike is leaning against a wall, that is just a mere theft. If it has a crappy lock, it is theft and property destruction. If the bike has a good lock and is locked to a parking meter in such a way that it can't be lifted off, then some thief cuts off the parking meter head, the thief is now facing larceny charges, as well as destruction of state/federal property. Similar with keeping things behind a display case. Smashing glass to grab something usually gets a lot more charges than grabbing something off a rack and bolting for the door.

            I agree though -- nothing is 100%, but this makes fraudsters have to do more work, and potentially face more jail time if caught.

    • Re:The $5 ... (Score:5, Insightful)

      by Sycraft-fu ( 314770 ) on Saturday August 21, 2010 @05:28PM (#33328030)

      It is also a good filter against random trouble makers.

      Rich Kaynka (Something Awful) actually talked about this that you get some people, kids in particular, with a lot of time on their hands who will spend it making life difficult for you. In his case it was someone repeatedly spamming stupid shit on the forums. One thing that does a nice job of eliminating that is a small charge. Reason is that you have to be at least somewhat serious to be willing to pay that.

      As you said, it wont' stop someone who really wants to make an evil extension (though verifiability helps with that), but it'll probably stop people who just want to be a pain in the ass and submit lots of stupid and/or non functional extensions to try and cause trouble. It's easy to create hundreds of bogus accounts and post crap with them. It is hard to spend hundreds of dollars to do the same.

      • I was about to post something similar to this parent (saved my typing!), so I'll just add a 'diff': $5 won't stop someone trying to make 10,000 times that in a scam.
        • That's partly true but also quite like saying a $5 lock won't stop someone stealing your $1000 bike.In practice the thief will often just find an easier target -- another bike or something else altogether... The criminals aren't trying to make Chrome extensions, or even browser extensions, they're trying to make money. If the Chrome extension scam requires them to do CC fraudthey might just pick an easier target.

          In short, it's not about the resources the criminals have, it's about the opportunity cost of th

      • Re: (Score:2, Interesting)

        Google is a tech company with an army of phds, and the best they can come up with is a supposed economic solution to spam filtering? I find that idea highly suspicious.

        It's literally trivial to automatically filter out grossly nonfunctional extensions: run chrome in a sandbox, load the submitted binary blob or extension, and check some error codes or a log file. Frankly, if their software engineers can't do this, then they don't deserve to be called that. Now after that initial filtering step, you can get

      • by NemoinSpace ( 1118137 ) on Saturday August 21, 2010 @09:32PM (#33329154) Journal
        Don't give slashdot any ideas. I post stupid shit to the forums all the time.
      • What about kuro5hin? Rusty put up a $5 paywall for the same reason. The result: a significant drop in new users. There are only 3 people willing to pay $5; two of them are mentally deranged kooks who invariable get banned after shitting all over for a month or two. The other was responsible for the $5 fee in the first place.
    • by fermion ( 181285 )
      If all they want to do is verify identify that can just run a dollar. This is what most people do.

      The five dollars has to be to cover costs, which is fair. One wonders, however, why Chrome is such a risk that it can't use the same model as firefox. I suppose it is simply that Google has to protect itself since Chrome is it's products. They have to create a closed garden to insure security.

    • I agree, and despite naysayers who bring up identity theft I think it is a good move. Identity theft is a crime, one which probably gets more police attention than malicious code in free browser extensions. My knee-jerk reaction was to oppose fees to release free extensions for browsers but thanks to your post I've changed my tune.

      I still won't be switching to chrome. Why? Noscript, adblock (better in firefox I hear), and a few minor add-ons which I could live without without.

    • I agree that this is probably part of it, but it's also probably to discourage people from registering tons of fake/malicious accounts to make malicious extensions. It's like the idea of charging a fee to send email - the reasoning there being that if it cost spammers even $0.01 per email, they'd cut down the volume to avoid losing money.
    • People keep talking about using stolen CC's, etc.. how about going to your local grocery store (or mass retailer) and buying a $25 prepaid card to use?
      You can put any info at all in the registration site for them (for when sites use AVS to check the card.)
      You don't need stolen numbers when it's easier to grab a fraud-b-easy card while picking up milk...
    • The $5 is probably a way for them to be able ID anyone who wants to sneak malicious code into an extension. If they have your CC number they have a pretty good way of knowing who you might be.

      Uh, then you use a pre-paid Visa or Visa gift card that is purchased anonymously with cash. System broken. If you indeed wanted to sneak in malicious code, you would certainly take a simple step or two to protect your identity.
    • No, its to address the same problem that Apple had. Shady developers were registering the same application hundreds of times under slightly different names, looking to increase the likelyhood that some dumb schmuck would like the name enough to spend a few bucks for the app. It got so bad with Apple that the vast majority of their apps in their store were the same rehashed garbage drowning out the handful of decent apps. Setting a fee to register an app or extension helps the "signal-to-noise" ratio quit

    • Re: (Score:3, Interesting)

      by adolf ( 21054 )

      Pre-paid Visa cards are a cash-and-carry item at Wal-Mart. There is currently no ID verification required before they're usable.

    • by nurb432 ( 527695 )

      And the real crooks don't have access to other peoples credit cards or *gasp* pay per use visa/etc cards, right?

    • by Snaller ( 147050 )

      Yeah, just like Blizzard having peoples CC numbers prevents gold farmers in World of Warcraft ... oh wait...

  • I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.

    • I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.

      I am not a lawyer so this is a genuine question. Does money need to change hands in order to meet the "consideration" requirement of a contract?

      If no money changes hands and the contract consists of "you write extensions" and "we provide visibility for them", is it then invalid and unenforcable?

      • by micheas ( 231635 )

        I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.

        I am not a lawyer so this is a genuine question. Does money need to change hands in order to meet the "consideration" requirement of a contract?

        If no money changes hands and the contract consists of "you write extensions" and "we provide visibility for them", is it then invalid and unenforcable?

        IINAL, but to answer your question no the elements of a valid contract under English common law (the legal system in the England and most of it's former colonies, including the USA) are:

        • Meeting of the Minds
        • Offer and Acceptance
        • Exchange of value - Both sides have to get something out of it.
        • Performance or Delivery
        • Good Faith (more important in some locations than other, very important in California)
        • Not Illegal

        A decent intro at expert law. [expertlaw.com]

    • by mysidia ( 191772 )

      The $5 is in the wrong direction for that to be the case. Google already receives consideration from the developer in the form of an app submitted to their gallery for use by Google's customers.

      On the other hand, the developer doesn't receive compensation from Google for developing and submitting an app.

  • All it takes is $1 dollar (or in this case, 5), and 90% of your "annoying" userbase goes away, where annoying is spammers, cheaters, jokesters, etc. Anyone seriously wanting to cause trouble still will, but bored kids out for a thrill won't bother. In this case, it likely has the benefit of washing out any DOA projects that will just clog up searches. Anyone serious about creating project won't really blink at the cost, since it's so small, even if they don't plan to make money themselves. If you want quant
    • by mysidia ( 191772 )

      As a site operator, isn't that just another way of getting 33 attorneys general [slashdot.org] after you?

      They already went after paid expediting of abuse complaints.

      If the AGs find a pay-to-post-a-comment site, with some offensive comments.. who knows, they might deem it as equivalent to "Pay not to have your post removed" or "Pay to get your ocmments through the abuse filters"

  • Since I don't have vertical tabs in the Chrome browser it's completely worthless anyway. With all the monitors are now widescreen format and with my usual 5 to 20 to 40 tabs open there is no way I switch from Firefox to the Chrome browser.
    • Prototype vertical tabs are enabled on Windows -- not sure about OSX or Linux. I'm on the dev schedule release, and I can just r-click and select "use side tabs". But as I said, prototype: no indentation, no tree collapse, and they open above instead of below your current tab.

  • By charging *5* bucks to join the club? You have to be kidding.

  • I see it as a bad thing:

    1) Not all developers have credit cards. My country is a perfect example. Since online payment is (sadly) still a relatively new term for our local banks, you need to go through a lot of hoops to get an "internet-capable" debit card (some require security deposits even though it is a debit card, others require additional paperwork, etc). By default you just get a Visa Electron card which doesn't work online.

    2) There are some young developers who just want to play around and mig
    • Let's be honest.

      1) We don't need that many developers. We need good developers.
      2) It's really not that hard to get a CC so any serious developer will be able to still join.

      Yes we might lose that shinning new star from Zimbabwe who was going to create an amazing new ad blocker--but in all likelihood we'll get an identical one out of someone from Canada anyway.

  • ... anything free will be abused. If, within a company, department A does work at department B's behest, with no notion of "cost" associated with it, then department B will abuse department A, and just naturally dump more and more work onto them, because there's no reason not to. Even a simple "credit" system (i.e. each task costs 5 or 10 credits, and you get 200 credits per month) can help with this.

    This is why I always thought micropayments for SMTP traffic would be a wonderful solution for spam. "For

If money can't buy happiness, I guess you'll just have to rent it.

Working...