-
-
Notifications
You must be signed in to change notification settings - Fork 90
Permissions 3.0 Explanation
Shortly after releasing New Tab Redirect 3.0, I was bombarded with all kinds of hate mail. Even worse, there were more than a handful of people online accusing me of felonious activities. While I'm a user and I understand protecting yourself online, I absolutely never think it's right to accuse someone innocent of doing something illegal. I was really hurt.
I also don't believe in hiding how I feel (or how I've felt). So, I'm keeping this page up here for historical purposes. Some users may still find it helpful.
You may notice New Tab Redirect 3.0 requires additional permissions. In addition to the previous tabs and storage permissions, it now requires "topSites", "management", "bookmarks", and "chrome://favicon/". In accordance with Chrome's recent extension constraints, I've had to provide a single visible UI for the user. This visible UI is a customized APPs page that includes functionality similar to the New Tab Page that was changed in Chrome 33. This is a feature that I've received many emails about. Using the New Tab Redirect Apps page, you also gain focus of the address bar and immediate search capabilities (another feature users wanted with the chrome://apps redirect). Now, the extension has a single visible UI and maintains it's one focus (allowing the user to dynamically define a page to load in the new tab). While the extra permissions aren't required for, say, redirecting to Facebook, they're still required for the default visible UI that you still have an option to override.
Here are screenshots of the newly added New Tab Page: https://www.dropbox.com/sh/3yxfmbm5dpuw747/INZW44gbA3#/
Many users have expressed nothing but annoyance and hatred for the new permissions. Some have gone as far as to call me a 'thief' and suggest that I work for the NSA. This is all just ridiculous. This extension is fully open source and this wiki explains exactly how to inspect the code on all operating systems. I'm 100% open to emails if people have questions.
The added permissions are:
- topSites: Read and modify your browsing history
- management: Manage your apps, extensions, and themes
- bookmarks: Read and modify your bookmarks
- "chrome://favicon": (causes no warnings)
And the original permissions are:
- tabs: Access your tabs and browsing activity
- storage (causes no warnings)
The reason why the backlash for these permissions is ridiculous is that (with a persistent background page) any extension to which you've given the 'tabs' permission can do EVERYTHING ELSE the new permissions claim except for apps management and the 'modify' on history and bookmarks. Chrome doesn't offer extension developers the ability to request read-only permissions, which is really silly.
If you don't believe that the new functionality isn't doing anything suspicious, you can look at the wrapper code that accesses everything on the chrome. interface.
In fact, if you're not using the New Tab Apps page, none of that code ever gets executed. The New Tab Apps page is written in AngularJS and only when you have no URL saved does it resume the bootstrap process of the custom new tab apps page. This means none of the bookmarks/topsites/apps code will execute if you've specified a URL.
If you're still wondering exactly what is going on in the background of the Apps page, you can hit CTRL+SHIFT+J or go to Tools -> Developer Tools while on the Apps page and manually inspect all code and network activity. I have absolutely nothing to hide from anyone here. If you want a one-on-one introduction to the code or to investigating the apps page using the built-in developer tools, just email me and we can do a Hangouts session or something.
Sorry to hear that, but I fully understand. I once had a favorite extension that enabled Google Cloud Print before it was integrated into the browser. That extension had access to every visited page, and the developer added some third-party JavaScript that delivered my browser activity to 'suggest ads or coupons'. That's not something I opted into. Unfortunately, there's no way to 'opt-in' to providing a clear, understandable functionality like giving you a new tab page when the extension overrides a new tab.
You can disable New Tab Redirect 3.0 and manually install version 2.2. Here's how:
- Download the old version https://github.com/jimschubert/NewTab-Redirect/archive/v2.2.zip
- Unzip that file to some directory (whatever you chose)
- Go to
chrome://extensionsand check developer mode - Click
load unpackaged extension...and select the extracted contents
Chrome will consider this a completely different extension, so your synced URL won't sync any longer. Also, if you manually install on another machine, the URL will no longer sync between machines.
I won't be maintaining version 2.2. I'm sorry to see users leave because of the extra permissions, but like I said I completely understand. I'm 100% trustworthy and will continue to reject offers to purchase the extension or enter into some 'relationship' with anyone regarding the extension (of which I've had nearly 100 total)... but you don't know me and don't need to enable permissions you're not comfortable with. That's smart browsing and totally the write mindset to have on the internet.
That's cool. Some people are really tight on the permissions they release to extensions, so I get it.
I just ask that you don't insult me and accuse me of things I have not done. I'm a person, not a company. I've released a piece of software for free and regularly turned down offers to purchase the extension or queries by companies to collect data. I'll never sell the extension or include someone else's code because I wrote it for myself, and I use it daily. Why would I want someone collecting my data? The extension is tied to my personal gmail address and is included on my personal resume. Why would I want to do anything shady in something I use to represent myself to current and future employers? That's ridiculous. My software development experience and online dignity are worth more than any money an external entity could possibly offer me. When someone offered me $50,000 to purchase the extension and I immediately turned it down without consideration, my wife thought I was crazy.
Yes, other developers sneak third-party code into extensions to collect data. That's the whole reason Google has decided to lock down extensions to doing one thing. My extension does one thing: it provides a configurable location to load in your New Tab page. In version 2.2 it didn't provide a default and this was very confusing to many users. In fact, leaving the functionality as it was in version 2.2 according to Chrome's recent extension constraints would have flagged New Tab Redirect as an extension whose functionality is not clear to the average user.
The functionality in New Tab Redirect 3.0 is clear functionality that will allow me to gain back the 10-15 hours per week of responding to emails that I received for version 2.2 because its functionality wasn't fully clear to many users. My wife and I had a son on 11/12/13, so I would really like to have that extra time to spend with my son.