Disable developer mode extensions warning every session #1432
Comments
rossmoody
added
feature/extensions
design/needs-mock-up
|
protects novice users. marking wontfix. |
|
I think novice users don't typically side load extension so we're only punishing people who know the repercussions of doing this and not giving them the ability to suppress an annoying alert that surfaces every time they open Brave. |
|
@rossmoody #1406 might solve this one as well? |
|
@rebron apologies, didn't realize this was closed communally in a triage meeting. i'll reinstate your direction here and if community or someone else decides it's worth pursuing down the road it'll come about naturally. |
kjozwiak
removed
feature/extensions
design/needs-mock-up
|
I also want a way to disable this warning. |
|
Let's re-open this and keep it a low priority (we don't have any official plans to prioritize it at the moment) If a community member wanted to grab this, we could potentially add a new toggle switch on our settings page for it (and we can help answer questions / share examples that touch similar code) |
bsclifton
added
priority/P5
|
This warning exists to protect people from malicious side-loaded unsigned extensions. Creating a way to turn it off removes that protection. You only see this warning if your browser is in a dangerous configuration state — which is what it's for. Discussed at this week's security review and we agree that this is an important safety warning. |
tildelowengrimm
added
security
and removed
dev-experience
priority/P5
|
The warning is good, not being able to turn it off after I know the security concerns is a really annoying behavior. I have an SVG extension I'm never going to disable so Brave is immediately annoying every time I open it. This should really be addressed but we keep opening and closing the issue. |
|
cc @bradleyrichter to add to the list of interruptions |
|
Thought about this over a cheeseburger.
|
|
Brave is annoying you because you are in a bad, dangerous, unsupported configuration. No end user should be using unsigned dev mode extensions. That SVG extension should be distributed through the web store, not by sharing the binary around. Extensions are one of the most substantial security risks in the browser, and explicitly only supported via the store. And malware authors have demonstrated that they're wiling to abuse any whitelist/preference/command-line-flag/&c. to get around these sorts of warnings. I'm sorry, this one's a hard no from the security team. What we could however do is make it optional but only on Dev channel builds. That channel has different guarantees from beta/release, and shouldn't be used by most people. I still very much dislike this approach, but it's only a soft no from me. |
|
I'm dealing with the same issue. I have a self made developer extension, and Brave warns me every single time. Extremely annoying. After doing this a 100 times or so, clicking it away becomes something automatic, you do it unconsciously. Please note, as this is very important: this makes security WORSE, not better. People who deliberately sideload a dev extension typically know what they're doing. By bothering them with the same warning popup over and over, the warning loses its significance. For me, I probably wouldn't even notice if there is some other extension that I (perhaps accidentally?) loaded, one that might actually be risky, because I always click away the warning immediately without reading it. Now someone may say that's a mistake. I say it's extremely bad design to make people read the same thing hundreds of times and still think it helps security instead of damaging it. Theory vs practice, it just doesn't work that way. Can I please suggest to reconsider, but with the following critical distinction: only offer the option to not show the warning again for that specific version of that particular extension. Whenever a different extension is loaded, or this one is changed, the warning should appear again. Or perhaps if this makes a difference: maybe make the "do not warn me again about this specific version of this particular extension" feature optional. So by default it's not there, but you can enable a setting to get it. To protect the user from doing this accidentally. Thank you for your consideration. |
Not sure about the other guy's SVG extension, but I'm using my own self-made extension. I use it for automating various tasks in my everyday workflow. It's not a public extension. There's perfectly valid use cases for that and it's very safe. |
Paranoia. As others have replied, that warning does not mean you are in a dangerous browser configuration. There are legitimate reasons for using an extension outside of the chrome store - from using a homebrew to scroogle overlords forcing their worldview on developers and banning/deprecating extensions and apps (AutoforwardSMS & Dissenter, for example). |
|
I would also like this. Chrome recently removed the Dissenter extension in a censorship effort forcing me to manually install this extension. I do think the warning is a good idea, but not allowing any sort of customization is not good. I'm sure many people will be doing the same manual install for the same extension, by manually downloading the file and importing it in the brave extension page. I dont need a constant reminder telling me I manually installed dissenter. I also don't need the dev team holding my hand, telling me which extensions I should and shouldn't use. Thanks! |
|
The excellent bypasspaywalls by Adam extension (which has been removed from the Chrome store) is an addon that many people love. The only way to add this extension due to Google's censorship is to side load it. |
|
I thought Brave was started because of the things big tech is doing..... Annoying your customer base EVERY TIME we launch the browser is NOT going to make us safer or make us want to use your product. I don't want to see this warning EVERY TIME i launch the browser............. I got it THE FIRST TIME!!! Let us turn it off and/or make your own web store. |
|
Crazy how this still isn't resolved. As already pointed out, there are NUMEROUS situations where one would wan to install an extension from an outside source. Showing that warning every time is just crying wolf, and defeats the purpose |
|
what about an exception per extension - the rationale for the warning is sensible, so now need to figure out the other common use-cases. the biggest threat is malware authors using scripts to auto suppress warnings, if the option is per extension instead of |
|
It looks to me like they are showing this thread as cosed.... so does that mean they aren't going to change this stupid notice?? :'( Do we have to open a new thread? |
|
I agree with Mr-Mondragon, annoying the user with the same warning over and over is making security worse. |
|
I am EXTREMELY dissapointed with this. I switched to brave thinking it treats its users like adults capable of their own decisions. Now I get nagged because I installed Dissenter - which I cannot do on Firefox or Chrome due to them banning the extension because of draconian censorship decisions. And don't give me the crap about GAB being Far right platform with hateful opinions on it. Gab is catching flak cause they directly compete with Twitter. 4Chan has a metric f$%kton of hate on it and no one gives 2 s%^ts. At least give us a option to whitelist certain extensions. I agree that the user should be warned about developer extensions, but not being able to whitelist a known safe extension is absolutely ludicrous. |
|
Agreed I am still wondering if this will ever get looked at again as it is "closed" |
|
This comment has been minimized.
This comment has been minimized.
|
Thanks for the feedback |
Description
I have a developer extension installed and every time I open Brave from close I get a warning to disable it. We should surface the ability to click "Don't show me this again" in some capacity.
Steps to Reproduce
Actual result:
The text was updated successfully, but these errors were encountered: