Thursday, June 24, 2010

noisy warnings - they should know better

ninjas
Somewhere in my wanderings, Google suggested that I add their own "Blog This" extension into my Chrome browser. I figured it might cause me to write more, the merit of which is admittedly debatable, and was certainly easy enough to install and un-install if I liked.

As is it's habit, Chrome properly warned me that the extension I was installing would have access to all my browser history and the pages I was viewing. In general, the warning is a good thing, however...


The tech community seems not to have learned the lesson of Microsoft's much maligned User Account Control misfeature:
Excessive warnings decrease the effectiveness of all similar warnings
Indeed, if you ask Google about Windows UAC,  half of the first ten results are instructions on how to turn it off.  I know Google knows about my web activity, I've explicitly given them permission to know all of it in about 10 different ways. Installing "Blog This" should have given me no warnings at all because I was installing software from a firm that I've trusted with my life details: my e-mail, my credit card, my telephone, my associations. Indeed Google's machines may well know more about me than I do myself.

The problem is, anyone can write a Chrome extension and they do, and I don't know them and I certainly don't want to give a random someone keys to my digital kingdom. But by putting themselves on equal footing with other extension writers, Google imperils the very trust that they have worked so hard to cultivate.

Google must implement extension signing in Chrome, the technology to do so is trivial; that they haven't is a potentially costly mistake.

No comments:

Post a Comment