Document requirements for Enhanced Safe Browsing qualificaitons

[dotproto]

Is your feature request related to a problem? Please describe. The Chrome team announced in June that Enhanced Safe Browsing protections are now being extended to Chrome Extensions. At the moment there is no material guidance for developers on how to qualify for this program.

Describe the solution you'd like A page should be added to either developer.chrome.com/extensions or developer.chrome.com/webstore that describes how Enhanced Safe Browsing interacts with Chrome extensions and explains how developers can qualify for inclusion in this program.

[HashSolo]

Hi @dotproto

Our extension Pixm Phishing Protection has the sole purpose of protecting users from phishing breaches. Thanks to the hard work of our developers, we have literally stopped over one hundred phishing attacks for our users since last year's launch.

Unfortunately, Chrome has decided to not include our extension in its new Enhanced Safe Browsing 'trusted' criteria. Further, there has been no feedback from chrome developer support ([email protected]) or established criteria to become 'trusted'. Each day that our extension is blacklisted and not trusted by Enhanced Safe Browse prevents us from fulfilling our mission to stop phishing breaches for new users and customers.

Our developers have been compliant with the Chrome Web Store Program Policies since our extension release last year. According to the security blog, "new developers who are compliant will be considered trusted after a few months of respecting these conditions". Our extension has not had any policy violations since 3/17/21, which was merely because our privacy policy link needed to be updated on the Chromestore page after a website change. Regardless, it has been over 4 months since that was resolved, we have otherwise had no violations since launch, and we should be trusted based on every expectation set by chrome's above policies.

We would be grateful for and willing to work with concrete criteria or feedback on this issue so we can proceed with our purpose.

Best, Chris

[Rynu]

My Block Site extension is used by parents and schools to protect children. The irony is that it is meant to improve children's safety while it is unsafe itself!

You guys decided it is not safe for "Enhanced Safe Browsing" without even noticing me as the developer or providing any info about how to comply with this new program. I am receiving emails that parents are now concerned about their computer safely by installing my extension.

For your info: This open-source extension does not contain any remote code, follows the guideline, has no serverside activities whatsoever. It is not a new extension.

Facts:

1. If an extension is not safe for any reason, just remove it from the store until it gets fixed.
2. You must first give developers a chance to fix their extensions before publishing a feature that affects the developers
3. Normal users must not be involved with these kinds of technical decisions. It is the reviewer's job!
4. Just by marking an extension as not safe (whether it is true or not), you are ruining the extension's popularity and user trust.
5. I've just browsed the store to see if this 75% is true or not and interesting found many copied extensions that pass this safety feature of yours.

Btw, this unsafe extension is among the editorial selection of AMO! So basically one browser suggests people install an extension because it passes the strict human review and one browser shows a banner and encourages the user to get rid of it.

[schomery]

@dotproto any progress? My Popup Blocker (strict) users want to know why this extension is not included.

[TheJoWo]

I agree. Less opaque requirements as well as a documented appeal policy would go a long way.

I was alerted by a user that they were warned not to install our extension (Beep for Gmail) because there was a warning from Chrome’s “Enhanced Safe Browsing Protection” that says "Proceed with Caution - This extension is not trusted by Enhanced Safe Browsing."

As other commenters have described, we're a completely legitimate extension with no policy violations but this has a very chilling effect on signups and is devastating for our growth. I'm more than happy to provide any additional documentation the Chrome team would need. Thanks.

[zbrogz]

Bump. I reached out to [email protected] about this and was redirected here.

[hongzimao]

I also reached out to [email protected] and got redirected here.

Our extension Hologram is listed as not trusted by Enhanced Safe Browsing. We diligently developed the extension following the Developer Program Policies, but there's no concrete feedback for why our extension is not trusted. We really wish there was a channel for us to know the current progress (is someone reviewing, is there any feedback, etc.) for us to gain the "trusted" status?

There are a lot of users pending on this trusted status to really use our product. It's quite painful being stuck by something out of our control here.

[rajdeepkhandelwal]

I also reached out to [email protected] and got redirected here.

Let us know the exact reason why our extension is not trusted by enhanced safe browsing or else provide some document which help us understand exact reason(That doesn't help Chrome Web Store Developer Program Policies https://developer.chrome.com/docs/webstore/program_policies/). Getting same standard replies on all forums.

[dstmarthe]

Thanks for raising this. We’ve moved to a new platform and so we’ll fix this over there. I’ve moved the issue to our new tracker and you can see it at https://issuetracker.google.com/issues/324462029