Chrome Web Store: "Removal notification for uBlock Origin" #880
Comments
gorhill
changed the title
|
Mainly this amounts to: "There is somewhere one or more pieces of code I don't understand, but I won't tell you what it is. Your challenge is to find what I am talking about and modify it so that in my next review I will maybe understand it." |
|
but does this mean the old version is still okay to be on the store? |
I don't think so, the email is titled "Removal notification". 1.3.2 was not in the Chrome store, it was merely submitted for publication, so it did not need to be removed -- just rejected. Even assuming it would still be ok, that pretty much mean it is dead, since from now on I can't update it anymore (there were good bug fixes in 1.3.2). There is no way I will ever figure what is the specific issue given how large uBO's code base is. |
|
haven't they heard of github? |
|
maybe they can only understand it if it is on google code... Seriously though, this reminds me of streamus and google (youtube)'s battle a few months back. The streamus developer struggled to bring his extensions upto google's standards and they just kept making absurd reasons for denial until he finally gave in. They made up a lot of "technical" reasons in his case too. you can go through the subreddit for more details. And of course, the bottom line is that he was cutting into their ad revenue by not being able to play youtube ads in his extensions.. I would advise you to look into an alternative delivery mechanism for the extension. Google just can't be trusted anymore.. |
@gorhill Did you reply yet? |
My previous experience with the people behind "Chrome store" emails is that they never provide specifics. |
They're not very smart are they? "I don't understand code, so lets take down a wildly popular extension for no reason whatsoever." |
|
Hi everyone, I've forwarded this issue to Chrome Web Store's abuse team. Sorry for the hassle; we'll get it resolved as soon as we can. |
|
"Chrome Web Store is Google's online store" |
|
The reason is at least still a lot more specific that what you'd get from the Play Store... Google needs to get their act together. My guess is that the removal was automated and as such they don't have much information to give. Otherwise, it's just an unwillingness to give more information on their part. |
|
Solution: Firefox |
|
|
Maybe I'm missing something, but uBlock Origin is still in the CWS and I was just able to install it? |
|
@sowbug awesome. Hopefully they are able to do something before it gets pulled and 1.3.2 is able to go through unhindered. uBO is an essential extension for web performance for many users. |
|
@adamkdean if you read #880 (comment), you'll see that the new(est) version wasn't accepted to be published in the store. The existing version is still online, but it might be pending to be removed as well. |
|
Received a response from the Chrome store:
So this makes the issue resolved -- maybe @sowbug email helped? Thanks for your assistance. Sorry for this, that really got me worried. If this happens again I will at wait a bit more for feedback from the Chrome store before reporting here. Unclear though whether making such issue widely known sooner than later helps with its resolution, or at least a faster one. |
|
The fact that there are no specifics with such warning is still a Chrome store issue though. If this is caused by some kind of automated review, it would be nice to have at least the files + line numbers which triggered the issue, so that devs are not left completely in the dark as to what need to be worked on, or at least what need clarification, detailed explanation. |
I think that your posting it here was very reasonable and that you shouldn't hesitate to do the same if a similar situation arises again. It isn't your responsibility to try and decipher whether an email like this is a bug or a real issue. |
+1 |
Yeah, that's a long-standing issue with the Chrome Web Store (and all the other Google-managed Web/App Stores). I know of several devs that had their products pulled over the years with little to no info and were only able to have them reinstated after generating a sizeable shitstorm on Twitter and social media. |
I agree with this in theory, but in practice I think it's unlikely to happen for the same reasons as spam filters don't respond with the line and word numbers which contributed to an email being marked as spam. It's unfortunate but I think that with the sheer amount of abuse systems like this need to scrub, giving those trying to abuse the system a window into exactly what they need to tweak to evade detection probably just isn't worth not losing the trust of the occasional great developer. You probably couldn't even have extension popularity as a reliable heuristic to not doing this, because a fantastic way to silently push your malware to millions of users is just to buy some popular extension and push an update. At the end of the day, I suspect it's just a cost/benefit numbers game. I really hope they can find a way to do better in a way that makes sense for them too, though, because situations like these are really frustrating, and can suck the fun out of being a dev :( |
|
It's not just chrome store, it is same across admob and google play store |
If this is a concern, then the system is broken to begin with. Security through obscurity doesn't work, and only benefits the malicious actors in the end (who have the economic incentive to find their way through it). Perhaps they should fix the review system instead. |
And yet the amount of spam in your inbox is less than 1% of what it was 15 years ago. And SEO is a thing. And so are virus scanners and intrusion detection systems and honeypots.
That would be nice. And if anyone discovers a way to accurately solve these problems in a non-obscure fashion, and in a way that doesn't trivially invite a denial of service attack by scaling asymmetrically in terms of effort required on behalf of abusers being small as compared to effort required on behalf of verifiers, I think they're likely to become billionaires almost overnight. But in the mean time, we have a messy partial solution to a messy problem. And it's not perfect, and clearly broken in some ways (case in point: this entire thread) -- but you have to admit that it's far from useless. |
Yet I still frequently see things ending up in Spam by mistake, and it's now practically impossible as a one-man project to get your e-mail through anywhere without paying a third-party service. Spam filtering absolutely doesn't work well. AV software is an extra layer of defense, but also doesn't solve the problem. It is not a replacement for more secure architecture; it is an addition. It does not analogize well with this situation.
We already have such solutions. Greylisting-like approaches, similarity checks, new-submitter pre-moderation gates, sandboxing, and so on. That Google is unwilling to invest in manpower for these solutions, just like they are unwilling to do so for user-facing customer support, is a different discussion entirely. EDIT: I'm not saying it's useless in absolute terms. I'm saying it's not worth the tradeoff, and there are better solutions. |
|
@svnpenn I gave it a quick scan but maybe my understanding was skewed by the ambiguous headline. If the update is rejected, it's not the same as "uBlock Origin removed from CWS". No need for snarky comments around here mate. @BtM909 yeah I got that much, I was just wondering where the "removed from CWS" came from, as if the update is never accepted then how can it ever have been on CWS in order to have been removed? Maybe it's just the ambiguity of everything that through me. Thanks for not being a snarky shit about it though. |
|
Hey @adamkdean, fuck right off mate! |
|
@gorhill I'm not here to complain, but I thought you might find it useful to know that this has happened a number of times to me with my extensions (which are pretty sizable). It apparently literally happens for no good reason. My extensions have been taken down when I haven't made changes in weeks. I managed to reach someone at the Webstore (in the end I had to email someone who used to work there, who then forwarded my email to someone there and I still didn't get a response for more than a week) who basically said it complies with everything and doesn't look like it matches any filters. The extensions have also been put back up when I haven't made any changes. It also doesn't look like there's an end in sight. As best I can tell, Google moved most of the Webstore development team to other divisions in 2012 (perhaps @sowbug can confirm this?). The copyright on the dashboard hasn't even been updated in over 2.5 years. Google might revamp the system at some point, but it looks like they're happy to let it break down for now. TL;DR: The Webstore apparently has buggy filters and we have to put up with them or not make Chrome extensions. The removal likely had nothing to do with your code or any change you made. |
|
This has happened to me a bunch of times. It's completely random. Just reorder some code to make the diff look big and then resubmit. It might take 3-4 tries. They won't pull it from the store though, so you're fine. |
|
@AMKohn good catch on the copyright footer! It's below the fold for active extension developers (including Web Store engineers themselves), so I doubt anyone on the team noticed it. It's fixed -- for 2015, at least -- and will roll out with the next push. |
|
@sowbug That's great, but it really wasn't a big deal (or the only thing like that, half the links in the footer are out of date and get redirected). I mentioned it because I feel it's an indication of a general lack of care, at least on the developer side of things. Are there even any development plans for the dashboard? Maybe something simple like an email notification when someone sends a message via the feedback system (another small thing)? It seems like Google built Chrome on the backs of developers (unless I've perceived things incorrectly, a major strategy of Google's to grow Chrome has been to offer great development tools and support the latest features, attracting developers who make apps for average users) and now that it's the most popular browser out there, forgotten about the developers that helped to get it there. Without apps and extensions Chrome wouldn't be what it is today. What I don't understand is why. Chrome apps, via the webstore, are used in more places than ever. Chromebooks run exclusively on them, and even Google Drive addons run through the system. Various other dashboards around Google have had major revamps (the Android system, API console, and apps control panel to name a few) while the webstore dashboard hasn't even had its copyright updated in years. The last change I remember on the developer side was the addition of the translation system, which felt like it was done quickly to make more money. Please understand that I'm in no way blaming you (as far as I can tell you don't work on the webstore anyway) or anyone working on the webstore, just management higher up. I'm sure everyone there is quite busy maintaining the store and doing the best they can, but changes like moving people to other divisions don't happen by accident (please correct me if I'm wrong about the changes in 2012). |
and others
Note: as of writing the extension is still in the store -- despite the title of the email I received.
Sigh.
I received the following email regarding my submission of 1.3.2 to the Chrome store:
This is the diff between uBO 1.2.0 and 1.3.2. Many of the commits affect FF branch only.
Nothing out of the ordinary with 1.3.2: bug fixes and the only "new" feature (FF already had this implemented) is to read an entry from managed storage so that admins can enforce their own uBO settings (commit).
So essentially, the policy which is pointed out...
... doesn't tell me anything specific regarding the issue. uBO's code base is rather large, so I don't see how I can ever resolve this issue without specifics. There is no obfuscated code in uBO, it's rather well commented throughout, and I have no problem describing whatever piece of code does what. But having to guess what is the issue here given the code base seems like mission impossible.
The text was updated successfully, but these errors were encountered: