Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Starts Charging a Signup Fee For Chrome Extension Developers

Soulskill posted more than 3 years ago | from the got-my-mind-on-my-money dept.

Google 132

trooperer writes "On Thursday, Google introduced two significant changes in the Google Chrome Extensions Gallery: a developer signup fee and a domain verification system. The signup fee is a one-time payment of $5. The announcement says its purpose is to 'create better safeguards against fraudulent extensions in the gallery and limit the activity of malicious developer accounts.' Developers who already registered with the gallery can continue to update their extensions and publish new items without paying the fee." Google also made available a developer preview for the Chrome Web Store.

cancel ×

132 comments

say... (4, Funny)

fattmatt (1042156) | more than 3 years ago | (#33327714)

how do you like them apples?

Re:say... (0)

Anonymous Coward | more than 3 years ago | (#33327750)

so do we do Ggle or Googl€ now?

Re:say... (1)

Deus.1.01 (946808) | more than 3 years ago | (#33327822)

how about... Google brewery

Re:say... (1)

game kid (805301) | more than 3 years ago | (#33327982)

so do we do Ggle or Googl€ now?

Gigolo. Pay up to Feel Lucky, wink wink.

ah the ipod thing (-1, Troll)

Ilgaz (86384) | more than 3 years ago | (#33327814)

You talk about "ipod touch" upgrade prices where fanatics gathered and memorized entire SEC guidelines to answer. E.g. why not charge $1 instead of $10 if you have been required to do so.

Tip: Paypal does same for same purpose and charges $1, to put it back in 24 hours. Does Google do it? Or they can't afford? (!)

Re:ah the ipod thing (2, Insightful)

nacturation (646836) | more than 3 years ago | (#33327896)

Paypal does same for same purpose and charges $1, to put it back in 24 hours. Does Google do it? Or they can't afford? (!)

What does your post have to do with liking them apples? Anyways, in terms of money consider that had they implemented this program from day 1 they would have netted about $30,000 had every developer paid the $5, and those developers are getting grandfathered in for free. Obviously it's not about the money for them.

Re:ah the ipod thing (1)

Richard_at_work (517087) | more than 3 years ago | (#33328100)

When Paypal verified my bank account, they actually deposited two sums that totalled more than a British Pound, and never wanted it back. And yes, this was intentional!

Re:ah the ipod thing (1)

larry bagina (561269) | more than 3 years ago | (#33329084)

google adsense does the same thing. Ameritrade takes the deposits back afterwards.

Re:ah the ipod thing (0)

Anonymous Coward | more than 3 years ago | (#33329788)

You gave them direct debit to your bank account - not a good move

One Pound is a small price compared to the amount of money they can take from you - WITHOUT RECOURSE

Re:say... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33327990)

I don't, so I can host my app on my own website free of charge.

Re:say... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33328616)

*shrug* I can still publish my .crx on my own site. Nothing really changes.
But it does point to a flaw of sorts in Chrome extensions. The security model is not nearly granular enough. Since almost any non-trivial extension will, according to Chrome, need access to all your browser data and whatnot, users desensitise to that and thus it becomes easy for crap to go unnoticed. Think about it: if all plants on the planet looked like soldiers, soldiers wouldn't need camouflage.
So it's a half-assed social solution to a technical problem.

Re:say... (0)

Anonymous Coward | more than 3 years ago | (#33329002)

I like it them apples plenty. keeps out the riff raff.

Re:say... (0)

_KiTA_ (241027) | more than 3 years ago | (#33329100)

how do you like them apples?

Considering Apple charges $99 in comparison to Chrome's $5? Pretty darn good, actually.

Re:say... (1)

Sir_Lewk (967686) | more than 3 years ago | (#33329714)

Getting kicked in the shin is a lot better than getting kicked in the nuts, but both suck.

Re:say... (3, Informative)

mysidia (191772) | more than 3 years ago | (#33329752)

Last I checked Apple does not charge for the ability to develop Safari extensions and have them appear in the extension gallery.

I believe you must be thinking of something different Apple charges for; you don't need a WWDC subscription to write safari browser extensions and publish.

I like it a lot (0)

Anonymous Coward | more than 3 years ago | (#33329296)

Now more legit apps will outshine the many bogus ones. That's worth $5

Never fails... (1, Interesting)

ibsteve2u (1184603) | more than 3 years ago | (#33327722)

Seems like I always learn about a new fee two days after the deadline for "free" expires.

Re:Never fails... (1)

Aladrin (926209) | more than 3 years ago | (#33328066)

That's kind of the point, isn't? They are rewarding the early adopters.

FUCK YOU MAN !! (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#33328208)

Were the HELL am I gonna get five fucking hundered dollars man? Are they out of there fucking minds? FUCK YOU GOOGLE ASSWIPEES!

Re:FUCK YOU MAN !! (1)

Abstrackt (609015) | more than 3 years ago | (#33329494)

Were the HELL am I gonna get five fucking hundered dollars man? Are they out of there fucking minds? FUCK YOU GOOGLE ASSWIPEES!

Uh, it's only five dollars. Unless you plan on registering 100 accounts anyway.

Re:Never fails... (1)

Abstrackt (609015) | more than 3 years ago | (#33329486)

That's kind of the point, isn't? They are rewarding the early adopters.

They're not rewarding the early adopters, they've just been grandfathered. Could you imagine the fallout if Google came asking everyone who already had an account for cash? Though I do find it odd that they picked $5 if it's just to create better safeguards. Why not $1 instead?

Re:Never fails... (2, Informative)

Hadlock (143607) | more than 3 years ago | (#33329618)

It would be nice if they waived fees for people who have had active gmail accounts for > 4 years, or something like that. Any geek worth their salt has had an account since mid-2005. I'm no developer, but I've tinkered around with extensions before in the past, just to see what they can do. Had there been a $5 fee in place, I'd have never jumped that hurdle to just poke around with the code.

Re:Never fails... (0)

Anonymous Coward | more than 3 years ago | (#33329840)

Any geek worth their salt has had an account since mid-2005

Err, not really. OK, I admit, many years ago I did go and sign up for (via the invite process) a Gmail account. I never used it though. I already had two ancient Yahoo Mail accounts, plus various organisational accounts. Now I have as many email addresses as I want via three domains that I "own".

So, let's fix your quote for you...

Any geek worth their salt has their own domain and as many email addresses as they like via that

Why isn't Gmail a sign of "geek-hood"? Because anyone can do it. And, geeks don't like others being in control of their stuff. I don't like, or trust any corporation. Google is no better. (Yes, I still use the two ancient Yahoo Mail accounts. However one has basically been retired, and is kept merely for the odd thing that still comes in. The other is in the process of being retired, and has been for a couple of years now. Because it has been the account to contact me on since 1999 though, it's tough.)

Re:Never fails... (1)

mysidia (191772) | more than 3 years ago | (#33329762)

They are not rewarding the early adopters. They are penalizing everyone who hasn't published an extension yet.

If you wrote the code and haven't gotten the account to publish to the gallery yet, then you are screwed over by the $5 fine/penalty.

Charging everyone a $5 penalty as a way to "deal with" the 3 or 4 script kiddies kind of sucks.

All a malware author needs is a couple dozen people to install their malicious app and get critical info snooped, or snooker the user into paying more, they will easily get PROFIT after the $5 fine.

On the other hand, for us folks writing free apps, the $5 fee is kind of debilitating. I think we will stick with browsers whose authors are less hostile to developers, such as Firefox.

Re:Never fails... (2)

node 3 (115640) | more than 3 years ago | (#33328084)

That's sort of like saying that you always find something you've lost in the last place you look. That's because once you find it you stop looking.

You generally don't hear about new fees for previously free services until after they're announced because they usually only tell you about them after they implement them.

Re:Never fails... (0, Offtopic)

dissy (172727) | more than 3 years ago | (#33329534)

That's sort of like saying that you always find something you've lost in the last place you look. That's because once you find it you stop looking.

I always look another two or three places after I find what I am looking for, just to mess with peoples minds.

Re:Never fails... (1)

InsertWittyNameHere (1438813) | more than 3 years ago | (#33328094)

Obviously Google desperately needs the emense influx of cash that a one-time $5 fee per new extension developer account will bring in that they couldn't afford to tell anyone before hand. The end is near! Sell your Google stock now!

Re:Never fails... (1)

PopeRatzo (965947) | more than 3 years ago | (#33328784)

Seems like I always learn about a new fee two days after the deadline for "free" expires.

Five dollars!? Why that's an outrage! If I were you, I wouldn't pay it.

{who knows what movie that's from? Without a-googlin'...}

So what? (4, Insightful)

Anonymous Coward | more than 3 years ago | (#33327738)

So you have to pay a fee to register an extension with them. So what?

I mean, ok, yes, I can see why I might prefer to be listed in Firefox's extension gallery for free, but there's nothing stopping me from distributing the extension on my own, via a third party.

Shows the attitude and some people may not have $5 (0, Troll)

Ilgaz (86384) | more than 3 years ago | (#33327838)

It shows what you can expect from their so-called free and open source browser. In fact, everytime they do it, they prove GNU/FSF "nitpicking" about the FOSS and plain "open source".

I don't want to make anyone feel guilty or cheap but I personally know some open source developers who can't even afford a $30 external disk and development stops until they get some kind of donation. Yes, popular too.

Re:Shows the attitude and some people may not have (-1, Troll)

tepples (727027) | more than 3 years ago | (#33327878)

I personally know some open source developers who can't even afford a $30 external disk and development stops until they get some kind of donation.

College students in the United States have to pinch every penny because if they do get a job, half of what they earn goes to state and federal income taxes and the other half goes to the "Expected Family Contribution" on the FAFSA [wikipedia.org] , which takes away from grant and loan eligibility.

Oh perhaps there are good news coming along (-1, Troll)

Ilgaz (86384) | more than 3 years ago | (#33327890)

It seems that moderator modded me as troll will donate thousands of dollars to open source/free extension developers or pay to Google on behalf of them.

You can actually see what Google trust to.These "volks".

Re:Shows the attitude and some people may not have (0)

Anonymous Coward | more than 3 years ago | (#33327914)

This has nothing to do with FOSS. You can still develop extensions without any limitations. If you want to list your extension on GOOGLE'S web site, you need to pay though. This does not seem unreasonable in the least.

Re:Shows the attitude and some people may not have (1)

betterunixthanunix (980855) | more than 3 years ago | (#33328266)

Re:Shows the attitude and some people may not have (1)

42forty-two42 (532340) | more than 3 years ago | (#33329190)

That's not really relevant - nobody's paying for any software. The developer is paying a fee for hosting - and a very small fee, at that.

$5 - that Microsoft, Apple and Oracle beaten (1, Troll)

Captain Kirk (148843) | more than 3 years ago | (#33327808)

Seriously, what kind of developer would even notice a $5 charge? Even modestly successful apps make over $500 per day.

Re:$5 - that Microsoft, Apple and Oracle beaten (1)

Lifyre (960576) | more than 3 years ago | (#33327844)

Web browser extensions not applications. But your point about noticing the charge stands.

Browser EXTENSION, not commercial app (-1, Troll)

Ilgaz (86384) | more than 3 years ago | (#33327848)

It is charged from extensions. Man, really does apple.com or google.com has some very advanced background mind programming graphic so some people becomes rather like cult members?

If there is, they better enhance the contrast, I keep flipping out every day without my "program".

Re:Browser EXTENSION, not commercial app (2, Insightful)

Threni (635302) | more than 3 years ago | (#33328022)

> Man, really does apple.com or google.com has some very advanced background mind programming graphic so some people becomes rather like cult members?

No, but they have people releasing code for their platform who view the $5 charge in the same way they view their ISP/electricity/book costs - as part of doing business.

Business? (0, Troll)

Ilgaz (86384) | more than 3 years ago | (#33328190)

Likely 99% of extensions, especially open source ones aren't business, they are favor to greater community.

Re:Business? (0)

auLucifer (1371577) | more than 3 years ago | (#33329768)

Parent modded troll? He's bang on about extensions being a favour to the community. I'm yet to come across an extension that I've had to pay for so I've always viewed them as people developing to meet a need of their own and then releasing it to the world because maybe someone else could use it. Now yes, $5 isn't much in a developed nation but I'd imagine those that are malicious it won't be much cost to them, if any. If malicious code is installed in an extension to grab cc numbers then I wouldn't think it'd be long before the extension developer can create another account that one of his users will pay for. I'm just not convinced why they're doing this.

Re:$5 - that Microsoft, Apple and Oracle beaten (0)

Anonymous Coward | more than 3 years ago | (#33328060)

You do understand that by paying google this nominal fee to enter the "market", isn't a money grab, but a paper trail to thieving scammers? (just as long as it's not from OTC/PPCs or payscampal.

Re:$5 - that Microsoft, Apple and Oracle beaten (1)

hedwards (940851) | more than 3 years ago | (#33328070)

Kids and those that are in parts of the world where they can't send money to the US.

Re:$5 - that Microsoft, Apple and Oracle beaten (1)

cynyr (703126) | more than 3 years ago | (#33328954)

and they dev chome extensions? or are busy working in sweat shops? right... now i'd rather they didn't work there, but i'd like them to get a bit of food...

Re:$5 - that Microsoft, Apple and Oracle beaten (0)

Anonymous Coward | more than 3 years ago | (#33329472)

$182,500 a year is only "moderately successful". Wow. How much are "wildly successful" extensions making?

Re:$5 - that Microsoft, Apple and Oracle beaten (1)

bm_luethke (253362) | more than 3 years ago | (#33329480)

And that is the whole point - for a legitimate user it is a one time irrelevancy. For a malicious intent it is probably not worth it not to mention the paper trail.

Nor is it intended to be "prevent" it from occurring but slow down the rate. It is just intended to add a high enough barrier that it *mostly* isn't worth it. It's like having a guard dog, house alarm system, and a myriad other things - its is easier and more effective to go somewhere else. More often than not it's just goofing off and having to pay (and give valid Credit Card information tracked to you) is going to have them go elsewhere. Stolen credit cards cost money, time, and often do not work.

It's a fairly decent move. The system is still open - you can make all you want and server them from your own web-page. If you want access to their "store" (market, repository, whatever you ant to call it) then you pay a one time truly minor fee. Its probably just enough to cover their costs of having a paper trail and the amount is *not* going to be a factor for *anyone* making a real extension (if it is then I doubt that you are going to spend the time making said extension). Some may balk at the whole idea, but at five dollars it is obviously just to get the paper trail and have the "protection" from submissions suddenly not being anonymous.

Extortion! (5, Funny)

oldhack (1037484) | more than 3 years ago | (#33327818)

I won't budge until they drop the fee to 4.99.

The $5 ... (4, Insightful)

WrongSizeGlass (838941) | more than 3 years ago | (#33327826)

The $5 is probably a way for them to be able ID anyone who wants to sneak malicious code into an extension. If they have your CC number they have a pretty good way of knowing who you might be. If they took cash the $5 wouldn't stop anyone who wanted to poison their extension. A verifiable electronic payment will prevent most of those who might try it.

Re:The $5 ... (3, Insightful)

Sethus (609631) | more than 3 years ago | (#33327892)

Good idea in theory, but I'd be willing to guess, it would be very easy to provide a stolen credit card for this information.

Re:The $5 ... (1, Funny)

Anonymous Coward | more than 3 years ago | (#33327968)

Duh. Google can just google to see if a credit card was stolen or not.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33328752)

That's hilarious and at the same time insightful.

Re:The $5 ... (1)

Threni (635302) | more than 3 years ago | (#33327980)

Not if they posted a code to the card's billing address which you needed to enter online to confirm you're the cardholder.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33329268)

If they set the bar that high, they will be losing legitimate developers who can't be bothered to jump through hoops.

Why is this even necessary? Firefox is a much bigger target than Chrome, but it simply hasn't been attacked in any way that would justify this kind of move. (Arguably, even IE hasn't been, since we're talking about extensions delivered through a central official extension distribution site, not inherently untrustable drive-by stuff installed by some random page you visit.)

Re:The $5 ... (1)

Kumiorava (95318) | more than 3 years ago | (#33327984)

That will be found out sooner or later when charges start to appear to credit card bills. Even if the person behind the credit card is not known the account can be declared tainted. Google will be able to revert any actions from that account and keep the system more safe.

Re:The $5 ... (3, Insightful)

rm999 (775449) | more than 3 years ago | (#33328052)

Stolen credit cards aren't cheap.

You are both right. It's not a foolproof preventative measure, but it is a small effort that stops petty criminals and hinders large-scale criminals.

Re:The $5 ... (1)

mysidia (191772) | more than 3 years ago | (#33329786)

No... I would say it hinders petty criminals and has minimal effects on large-scale criminals.

They would need to do more than simply charge a $5 fee to have an effective barrier.

Re:The $5 ... (1, Informative)

Anonymous Coward | more than 3 years ago | (#33329866)

Stolen credit cards aren't cheap.

Actually, they're free.

Re:The $5 ... (1)

hedwards (940851) | more than 3 years ago | (#33328082)

What normally happens is that Google would refund the money, probably losing some money in the process, which since there main objective is figuring out who people are is just fine. At $5 a developer, they shouldn't have any trouble handling these eventualities without losing money.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33328640)

It makes sense that a botnet would have no trouble stealing credit card numbers and that a black hat would probably have relatively easy access to some stolen credit card numbers.

That said, don't people report credit card fraud? It might take a month or so until the person actually has to pay their credit card bill, but is it really that common for people to just not look at what they are paying for that hackers can expect to get away with that?

Then again, if the $5 were paid and the fraud were not reported for over a month, then the black hat could probably do some significant damage in the meantime.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33327912)

what about visa gift cards...those work the same as credit cards and can also be loaded with cash

Re:The $5 ... (1)

Firehed (942385) | more than 3 years ago | (#33328192)

It's easy for credit card processors to block prepaid cards. There's also several different types of them, so that's not necessarily relevant anyways.

Re:The $5 ... (1)

mysidia (191772) | more than 3 years ago | (#33329798)

They can't really do it, as that would effect m any legitimate developers.

Many people do not have any credit cards, and use debit, or prepaid cards instead, for online transactions.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33328404)

Good luck getting one without your name and SSN attached. Really, it seems quite impossible. (I have seen a few people claim it didn't used to be, but the government got a lot stricter since 9/11.)

Re:The $5 ... (1)

mlts (1038732) | more than 3 years ago | (#33328810)

Every visa gift card I've encountered requires a lot of identifying info that gets cross-referenced. Give a wrong name? Good luck trying to use the card for the next purchase. The days of anonymous visa cards are long gone.

Really... (0, Troll)

Ilgaz (86384) | more than 3 years ago | (#33327916)

So, black hats who dares to play around with Google giant's browser can't find a CC number to give to them.

Sure... Man they could be using CC number printed papers as toilet paper.

For example, this team/guy who coded this marvellous piece of evil software who controls 5 million computers via unbreakable, declared WONTFIX by security elite, zombie army will have hard time finding a $5 CC.
http://en.wikipedia.org/wiki/Conficker [wikipedia.org]

If you have time, read all about it. "Get users credit card number" validation scheme is over. Completely over.

rhinestone bullet (4, Insightful)

epine (68316) | more than 3 years ago | (#33328056)

If you have time, read all about it. "Get users credit card number" validation scheme is over. Completely over.

You're from the school of silver bullets. If it won't work to a high degree, it's completely worthless. You might note that Google is not without resources in identifying the difference between a valid CC number and one found floating down some pipe in the intertubes.

If half of the malicious lamers are too stupid to notice this, then Google has improved the signal to noise ratio in policing their chrome extension developers by 3dB.

It's a minor barrier to malfeasance. It discourages sock puppets. And it sends the message "we care" which is the main reason aggressively scrubbing graffiti off trains in NYC works so effectively.

The downside? Fewer chrome extensions written by the next teenage African Einstein. And shirt-rending despair over failure to attain the requisite degree of silver-bullet superhero mojo. Yet another superhero impostor. It's a tough life.

What are zombie armies for? (0, Troll)

Ilgaz (86384) | more than 3 years ago | (#33328204)

Really, why do they invest millions of dollars to make zombie armies? To spam? It is so over.

In fact, they can even SWIFT the money, via stolen bank account. SWIFT/Bank is way more secure. (here comes $10 idea for Google)

Re:rhinestone bullet (1)

TheRaven64 (641858) | more than 3 years ago | (#33328356)

You're from the school of silver bullets. If it won't work to a high degree, it's completely worthless

In many cases, it can actually make things worse. It provides an evolutionary pressure forcing the scammers to adapt and become harder to detect, without actually eliminating any of them. See also: antibiotic resistant bacteria.

Re:rhinestone bullet (4, Interesting)

mlts (1038732) | more than 3 years ago | (#33328836)

It raises the bar though, and makes for offenses that can be charged if the person doing credit card fraud is caught.

A physical example. If a bike is leaning against a wall, that is just a mere theft. If it has a crappy lock, it is theft and property destruction. If the bike has a good lock and is locked to a parking meter in such a way that it can't be lifted off, then some thief cuts off the parking meter head, the thief is now facing larceny charges, as well as destruction of state/federal property. Similar with keeping things behind a display case. Smashing glass to grab something usually gets a lot more charges than grabbing something off a rack and bolting for the door.

I agree though -- nothing is 100%, but this makes fraudsters have to do more work, and potentially face more jail time if caught.

Re:rhinestone bullet (1)

mysidia (191772) | more than 3 years ago | (#33329910)

Sorry.. no.. I saw the Neistat Brothers' video "Bike Thief" [youtube.com]

People still bikes in broad daylight en masse, nobody cares.

Re:rhinestone bullet (0)

Anonymous Coward | more than 3 years ago | (#33328912)

Antibiotics are useless, or make things worse, because bacteria can adapt? dumbest argument ever.

Re:rhinestone bullet (1)

mysidia (191772) | more than 3 years ago | (#33329974)

It is considered to make things worse to use antibiotics except where medically essential. Use of antibiotics promotes growth of bacteria resistant to the antibiotics.

The resistant strains can then share genes with more harmful bacteria.

The result is the antibiotic is less effective, or might not even work when it's really needed due to a live-threatening infection, which is antibiotic-resistant due to the frivolous use of the antibiotic.

The "harm" is not that the antibiotic hurts you; the harm is that the use of the antibiotic makes the antibiotic less effective in the future when you (or other people) will live or die based on the question of whether or not the antibiotic will work.

\

Google is still killing Usenet (0)

Anonymous Coward | more than 3 years ago | (#33328962)

Google is not without resources, sure, that's why Google originating spam is so prevalent on Usenet. A lot of groups are close to unreadable unless you kill file everything coming from Googles steaming pile of shit.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33327952)

No, no it isn't. Temporary credit cards and stolen credit cards are commonly used by the same people who sneak malicious code into an extension.

Re:The $5 ... (1)

dallaswebdesign (1863412) | more than 3 years ago | (#33328018)

Of course this isn't fool proof. It's like locking the door to your house when you leave. Anyone who really wants to break into your house is just gonna smash a window - but you still lock you door behind you to keep some random kid from just walking in and trashing your house.

Re:The $5 ... (1)

mysidia (191772) | more than 3 years ago | (#33330064)

It is really more like this situation [failblog.org] . Or this one [failblog.org] . Or this one [failblog.org] . Or this one [failblog.org] . Or this one [failblog.org] .

As for houses, locks are to keep out wild animals and to help slow down a potential intruder. The burglar alarm, and devices like the .40 S&W and 9mm are supposed to be the real deterrants and defense against human threats.

Specifically, the 2nd amendment of the constitution which guarantees the people the right to bear arms and defend themselves and their constitutionally protected rights, including the right to life, and the right to the security of their effects.

Re:The $5 ... (1)

hedwards (940851) | more than 3 years ago | (#33328092)

That's true, however as soon as the owner of the card reports it to Google as fraudulent, they know to pull the extension. Which is the point of this after all, the money isn't important so much as knowing who you're dealing with.

Re:The $5 ... (1)

mysidia (191772) | more than 3 years ago | (#33330082)

The average person does not have online access with their CC provider and a habit of constantly logging into their online account and refreshing the page every 30 seconds to look for any unusual $5 transactions they do not remember.

Much of the population won't have a chance of knowing about the $5 charge until 30 days later when they receive their paper statements.

Of those people..... many won't notice a $5 unexpected Google charge in there. If they do, they might not immediately realize this isn't something they (or their spouse bought) earlier in the month.

Doubly so if they've ever actually bought anything from Google.

Oh right.... 30 days is Plenty of time for a malicious extension to have attracted some people, got it installed, and done damage.

In the off chance that the CC owner notices, just try again, repeat ad naseum.

Re:The $5 ... (5, Insightful)

Sycraft-fu (314770) | more than 3 years ago | (#33328030)

It is also a good filter against random trouble makers.

Rich Kaynka (Something Awful) actually talked about this that you get some people, kids in particular, with a lot of time on their hands who will spend it making life difficult for you. In his case it was someone repeatedly spamming stupid shit on the forums. One thing that does a nice job of eliminating that is a small charge. Reason is that you have to be at least somewhat serious to be willing to pay that.

As you said, it wont' stop someone who really wants to make an evil extension (though verifiability helps with that), but it'll probably stop people who just want to be a pain in the ass and submit lots of stupid and/or non functional extensions to try and cause trouble. It's easy to create hundreds of bogus accounts and post crap with them. It is hard to spend hundreds of dollars to do the same.

Re:The $5 ... (1)

MessyBlob (1191033) | more than 3 years ago | (#33328134)

I was about to post something similar to this parent (saved my typing!), so I'll just add a 'diff': $5 won't stop someone trying to make 10,000 times that in a scam.

Re:The $5 ... (1, Interesting)

martin-boundary (547041) | more than 3 years ago | (#33328890)

Google is a tech company with an army of phds, and the best they can come up with is a supposed economic solution to spam filtering? I find that idea highly suspicious.

It's literally trivial to automatically filter out grossly nonfunctional extensions: run chrome in a sandbox, load the submitted binary blob or extension, and check some error codes or a log file. Frankly, if their software engineers can't do this, then they don't deserve to be called that. Now after that initial filtering step, you can get humans involved to look at only those submissions that passed the test.

Posting a message on a forum requires zero knowledge/skills from the poster, whereas even a trivial software extension that loads properly is beyond the vast majority of people with time to kill. That's a major barrier to entry that's already much more effective than a posting fee.

Re:The $5 ... (3, Funny)

NemoinSpace (1118137) | more than 3 years ago | (#33329154)

Don't give slashdot any ideas. I post stupid shit to the forums all the time.

Re:The $5 ... (1)

larry bagina (561269) | more than 3 years ago | (#33329198)

What about kuro5hin? Rusty put up a $5 paywall for the same reason. The result: a significant drop in new users. There are only 3 people willing to pay $5; two of them are mentally deranged kooks who invariable get banned after shitting all over for a month or two. The other was responsible for the $5 fee in the first place.

Re:The $5 ... (1)

fermion (181285) | more than 3 years ago | (#33328124)

If all they want to do is verify identify that can just run a dollar. This is what most people do.

The five dollars has to be to cover costs, which is fair. One wonders, however, why Chrome is such a risk that it can't use the same model as firefox. I suppose it is simply that Google has to protect itself since Chrome is it's products. They have to create a closed garden to insure security.

Re:The $5 ... (1)

gamricstone (1879210) | more than 3 years ago | (#33328210)

I agree, and despite naysayers who bring up identity theft I think it is a good move. Identity theft is a crime, one which probably gets more police attention than malicious code in free browser extensions. My knee-jerk reaction was to oppose fees to release free extensions for browsers but thanks to your post I've changed my tune.

I still won't be switching to chrome. Why? Noscript, adblock (better in firefox I hear), and a few minor add-ons which I could live without without.

Re:The $5 ... (1)

JackieBrown (987087) | more than 3 years ago | (#33329670)

It has adblock and now notscript

https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom [google.com]

https://chrome.google.com/extensions/detail/odjhifogjcknibkahlpidmdajjpkkcfn [google.com]

I would no doubt that the firefox equivalents that have been around for 5 years probably work better, but these work well for me.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33328566)

ok. but it would be better if they gave the money to some charity.

Re:The $5 ... (0)

Anonymous Coward | more than 3 years ago | (#33329006)

The $5 is probably a way for them to be able ID anyone who wants to sneak malicious code into an extension. If they have your CC number they have a pretty good way of knowing who you might be. If they took cash the $5 wouldn't stop anyone who wanted to poison their extension. A verifiable electronic payment will prevent most of those who might try it.

Yes, it is a way for them to ID you. Now, imagine someone in the CC/identify theft 'business' wants to join in the program. Would he have a problem billing someone else he stole the data from the $5? Would this someone notice a $5 charge?

Apple charges $99/year for their developer program, and I doubt their first motive was to get rich with it. It's because that ID is more reliable when the sum would be noticed by a defrauded CC owner.

Re:The $5 ... (1)

DeadPixels (1391907) | more than 3 years ago | (#33329030)

I agree that this is probably part of it, but it's also probably to discourage people from registering tons of fake/malicious accounts to make malicious extensions. It's like the idea of charging a fee to send email - the reasoning there being that if it cost spammers even $0.01 per email, they'd cut down the volume to avoid losing money.

Re:The $5 ... (1)

shacky003 (1595307) | more than 3 years ago | (#33329046)

People keep talking about using stolen CC's, etc.. how about going to your local grocery store (or mass retailer) and buying a $25 prepaid card to use?
You can put any info at all in the registration site for them (for when sites use AVS to check the card.)
You don't need stolen numbers when it's easier to grab a fraud-b-easy card while picking up milk...

Re:The $5 ... (1)

uvajed_ekil (914487) | more than 3 years ago | (#33329144)

The $5 is probably a way for them to be able ID anyone who wants to sneak malicious code into an extension. If they have your CC number they have a pretty good way of knowing who you might be.

Uh, then you use a pre-paid Visa or Visa gift card that is purchased anonymously with cash. System broken. If you indeed wanted to sneak in malicious code, you would certainly take a simple step or two to protect your identity.

Re:The $5 ... (1)

fluffy99 (870997) | more than 3 years ago | (#33329566)

No, its to address the same problem that Apple had. Shady developers were registering the same application hundreds of times under slightly different names, looking to increase the likelyhood that some dumb schmuck would like the name enough to spend a few bucks for the app. It got so bad with Apple that the vast majority of their apps in their store were the same rehashed garbage drowning out the handful of decent apps. Setting a fee to register an app or extension helps the "signal-to-noise" ratio quite a bit by making it financially unviable to do this type of mass spamming.

$5 is pretty low in my opinion and probably doesn't even cover the cost Google is incurring to manage the registration and checkout process.

As for the protecting the quality of the code, isn't the mantra that there are all these people out there reviewing the code for malicious intent?

Why not? (0)

Anonymous Coward | more than 3 years ago | (#33327850)

Considering the bandwidth costs and the fact that (most?) extensions don't make them any money, it is a steal as a one-off payment at $5.
The cost pays off in the end with less maintenance needs for making sure extensions are safe in the first place since it would be pretty trivial to find people through cards.
Only the really smart ones will have stolen IDs, and in all honesty, the ones smart enough to get away with it deserve some kudos, even if they are dicks.

What Google should do is make it easier to check the sources of extensions, make it more open. It's not like it will stop someone determined enough to copy others code anyway, so why not?
At least this way people can easily scan the code and see if there is anything dodgy going on in the back.
Maybe even let people comment on sections of code saying "you might not like this part since it does X / sends you to X on update / blocks X until you do Y" and so on.
Of course, considering how there is barely a decent Userscript viewer / editor yet, i doubt that'll happen.

Also, in general, you should be able to restrict what sort of content an extension has access to as well. (return null, blank fields, whatever, just so long as it won't break current extensions, make the return data a clean slate if someone blocks requests for something like history or whatever)
This badly needs to be added already. And extensions seriously need to be forced to use only the data it needs.
And with enough action from other developers on the store, hopefully, extensions can be reviewed by Google for stupid requirements, malicious code, etc.
Still as likely to happen as Jupiter suddenly exploding.

Re:Why not? (3, Insightful)

calzakk (1455889) | more than 3 years ago | (#33327906)

Considering the bandwidth costs and the fact that (most?) extensions don't make them any money

Of course, extensions generally improve the browser, by providing features the browser doesn't. Firefox is a good example, which would quite likely be forgotten by many of its users if it weren't for it's many good extensions. Quite simply: more extensions, more users, more revenue.

Misleading title (0)

Anonymous Coward | more than 3 years ago | (#33328016)

There's a fee to be in the Google gallary of extensions. There's no fee to develop plugins and advertise / host them yourself.

open-source security clearances (0)

Anonymous Coward | more than 3 years ago | (#33328058)

If someone introduced security clearance system for open-source developers we could spare them the 5 bucks. Who says everyone who writes software has a credit card anyway?

Contract Law (1)

stox (131684) | more than 3 years ago | (#33328296)

I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.

Re:Contract Law (1)

causality (777677) | more than 3 years ago | (#33329174)

I suspect the reason for this is that Google wants to have an enforceable contract with developers. This was the quick and easy way to do it.

I am not a lawyer so this is a genuine question. Does money need to change hands in order to meet the "consideration" requirement of a contract?

If no money changes hands and the contract consists of "you write extensions" and "we provide visibility for them", is it then invalid and unenforcable?

Did Google suddenly stop caring about PR? (0, Troll)

bjartur (1705192) | more than 3 years ago | (#33329300)

It's like Google just stopped marketing itself as the good, open giant. Have the hired all the best hackers already?

Pay filter works well for user-generated content (2, Insightful)

Squeeself (729802) | more than 3 years ago | (#33329308)

All it takes is $1 dollar (or in this case, 5), and 90% of your "annoying" userbase goes away, where annoying is spammers, cheaters, jokesters, etc. Anyone seriously wanting to cause trouble still will, but bored kids out for a thrill won't bother. In this case, it likely has the benefit of washing out any DOA projects that will just clog up searches. Anyone serious about creating project won't really blink at the cost, since it's so small, even if they don't plan to make money themselves. If you want quantity over quality, leave a user-generated content service free. If you want quality over quantity, charge a nominal fee. Works very well I've found.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...