One-click extension installation without Chrome web store

Hey, I’m a bit of a programmer, and I’ve been developing systems that try to make it easier to maintain privacy and allow for free communication. Right now, Brave depends on the Chrome web store to offer extensions to users, which feels a bit over-centralized.

Installing extensions without the web store is possible via using developer mode and setting the files up manually, but things would be a lot easier if there were a way to offer an extension install just by clicking a button, as we see in the Chrome store, on any website.

It’s very important that all extensions come from a reliable source that checks every extension is doing what it was design for.

Installing extensions from other websites would be a risk as any extension could contain malicious software.

So, no, I don’t think Brave should allow it.

That doesn’t track - you can download and run a .exe file whenever you’d like, and anyone can navigate to a website that already has countless fake download buttons. It’s not something that can be protected against, especially if doing so requires trusting Google to control which extensions can and can’t be installed.

The median Brave user is technologically competent enough that allowing him to download things - especially after a text warning about only downloading extensions you trust - should be more than sufficient. The core function of brave is being a pro-privacy, pro-decentralization fork of Chrome, and we shouldn’t sacrifice that in favor of trying to prevent users who want to download something from downloading it.

1 Like

I completely disagree with your view. Yes, I understand you want to share your extensions without going through the Google filter. But that’s not the way in my opinion. If you are a serious programmer then it is on your best interest to give your customers a proof that your extensions have been audited.

First of all, if you follow this forum, you know that the median brave user is not technologically competent. Most install Brave only because the rewards.

Second, this is not about “exe” files. But about extensions that run in the browser. it is important that Brave preserves their browser safe.

Lastly, the core function of Brave is privacy and privacy does not mean lack of safety and security.
I don’t think decentralization is a core function of Brave taking into account that every profile has a wallet ID that is tracked, KYC is require to withdraw rewards and an account is require for creators. It is far from any type of decentralization. But even if it was, it still cannot come with the price of safety/security.

At the end of the day, “do not download something that can harm your computer” is a baseline for operating on the internet that anyone who goes to a website that’s outside the big three - anyone who doesn’t will end up clicking a fake download link and downloading something that will damage their computer substantially more than an extension. A clear warning on unverified extensions, coupled with the permission system already in place, essentially negates any notion that this would expand the threat profile meaningfully.

There’s a reason most Brave users choose Brave over Chrome, and that reason precludes letting Google have a hard say on core functionality. A browser specialized around privacy, cryptocurrency, and decentralization (yes - the reward system’s default behavior rewards small site owners that can’t rely on Google ads) doesn’t need to nanny its users for negligible security benefit.

Here’s the process for installing AdNauseum, a banned Chrome extension. It makes a good portion of core functionality unnecessarily restrictive. Brave’s removal of the nagware telling users to disable unverified extensions is a step in the right direction, and shows that the spirit of the project is pointed the right way.

To summarize, the change I request is simple:

Current process:

Click download link
Download .zip folder
Navigate to .zip folder
Extract files to destination
Open extensions tab
Toggle developer mode
Click ‘load unpacked extension’
Navigate to extracted folder
Extension is installed

Desired process:

Click specialized download link
View confirmation message
Click ‘yes’
Extension is installed

There is no change in security - anyone who can convince you to do the latter can convince you to do the former. It simply streamlines an existing process so as not to place an undue burden on users.

1 Like

I disagree with you because you think like a politician. In theory, the idea of developing an app store is great for securing apps downloaded by users. However, this is disastrous for the freedom of the average user. I don’t know if you can see it, but I think everyone knows that app stores have way too much power. When they don’t agree with something, they don’t accept indexing and developers end up alone with their projects.

So how did you download the Brave Browser…? If you think about it carefully, it is the search engines that need to know if a website is a threat.

As a consumer, I would like to have the opportunity to choose to install my application and to purchase with my payment method. I am not an idiot and yet I am not a developer.

That’s not true, user identification is only required for Brave Rewards, but Brave Wallet doesn’t require identification. Decentralization is therefore always favoured in this project.

1 Like