[SftwrSvior81]

> But is it more or less anti-social than running a huge software platform that advertises the ways to exploit itself?

Security through obscurity is no security at all. Google is not doing its user a favor by hiding the criteria it uses to determine whether an extension is malicious or not. Also, just because Google won't publish the criteria, it does not mean that it can't be discovered by someone with enough determination. I think that a malicious actor is more likely to spend the necessary time and effort to do so than a developer who is more interested in creating an extension that will serve its users well. If anything, these types of policies drive away developers who act in good faith and leave the marketplace with more developers who are looking to exploit the users.

[adrianN]

It seems likely to me that it's impossible to have an extension system that allows useful extensions that users want while also being completely secure against malicious actors. Security by obscurity is an important tool in the abuse fighting toolbox, because it allows you to have cheap heuristics while increasing the costs for malicious actors.

[marcus_holmes]

Not really, because malicious actors don't care about their reputations, accounts, etc.

A reputable developer has a reputation to maintain (by definition), which makes Google's threat to permaban them a threat indeed.

A disreputable developer doesn't care about their reputation (again, by definition). They can create a new throwaway account every day and apply using the same (or slightly, easily, altered) code with different permissions every hour until they get permabanned, and start again tomorrow.

So the "obscurity" can be discovered easily through experimentation by the bad guys, but is still obscure for the good guys. This is not a good outcome.

[adrianN]

The point is making it more expensive for malicious actors. You can't make it impossible to get malicious extensions in, but you can make it harder. It's the same as captchas. You can also defeat captchas, but adding them reduces abuse a lot. As with captchas you're making it harder for good actors too. The difficult part is finding a good balance.

Reputation can be bought too btw.

[nulbyte]

> The point is making it more expensive for malicious actors.

Malicious actors don't care about expenses nearly as much as benign ones do. So the point ought to be, if you want me to fix something, tell me what's broken.

[winkeltripel]

Except that in this case, it's misplaced, and causing benign actors far more pain than malicious actors. If they want to hurt malicious developers, they need to flag extensions as untrustworthy for:

1. age < 180 days

2. dau < 1000

3. some rule around user reports of malice on uninstall?

and this gets a bright warning banner on the top of the page, and it can't be discovered through the chrome store until crossing these thresholds.

[darkwater]

But this is not email, where literally everybody can send things. Raise up the barrier at submission level - where you must be authenticated - to get rid of automated trial/error attempts, I bet they can. But when an extension/developer is there, when it has a long history in the store and used by 1M users, hey, give some human feedback. It won't break your automated anti-spam/scam rules.