Brave-browser: Maybe tone down "NOT A RECOMMENDED BRAVE EXTENSION!"
Description
When I try to add the "Cisco Webex Extension" (and other extensions), I get a message screaming "NOT A RECOMMENDED BRAVE EXTENSION! Add "Cisco Webex Extension"? This makes me think that I'm doing something wrong/dangerous/damaging. Furthermore, I couldn't find anything about recommended extensions anywhere in the documentation, community or GitHub.
We should improve the warning message to not drive fear into the heart of the users. Maybe something like '"Cisco Webex Extension" has not been verified by Brave'?
And then if we could either add a link or open a tab to explain what "verified" or "recommended" actually means, I think that would help.
Steps to Reproduce
- Open https://chrome.google.com/webstore/detail/cisco-webex-extension/jlhmfgmfgeifomenelglieieghnjghma?hl=en in Brave
- Click "Add to Chrome"
Actual result:
Get install message with a shouting warning
Expected result:
Get install message
Reproduces how often:
Easily reproduced
Brave version (chrome://version info)
Brave | 0.55.10 Chromium: 70.0.3538.22聽(Official Build)聽beta聽(64-bit)
Revision | ac9418ba9c3bd7f6baaffa0b055dfe147e0f8364-refs/branch-heads/3538@{#468}
OS | Windows
MisinformedDNA
All 21 comments
cc: @davidtemkin @bbondy @tomlowenthal
srirambv
on 3 Oct 2018
WHAT'S WRONG WITH SHOUTING??
davidtemkin
on 4 Oct 2018
Text edit only.
rebron
on 5 Oct 2018
cc: @bbondy
Text for dialog box should read: "Brave hasn't reviewed this extension yet - it might be malicious. Add "[Extension Name]" anyway?"
rebron
on 16 Oct 2018
I can take this one whilst we're only changing the title and not modifying the content yet (for 0.55). We should open another issue for a cleaner dialog which adds in the text we want to the content area @rebron
petemill
on 17 Oct 2018
Verification Passed on
Brave | 0.55.17 Chromium: 70.0.3538.67 (Official Build) (64-bit)
-- | --
Revision | 9ab0cfab84ded083718d3a4ff830726efd38869f-refs/branch-heads/3538@{#1002}
OS | Linux
Verification Passed on
Brave | 0.55.17 Chromium: 70.0.3538.67聽(Official Build)聽(32-bit)
-- | --
Revision | 9ab0cfab84ded083718d3a4ff830726efd38869f-refs/branch-heads/3538@{#1002}
OS | Windows
Verified passed with
Brave | 0.55.17 Chromium: 70.0.3538.67聽(Official Build)聽(64-bit)
-- | --
Revision | 9ab0cfab84ded083718d3a4ff830726efd38869f-refs/branch-heads/3538@{#1002}
OS | Mac OS X
srirambv
on 18 Oct 2018
The wording is a bit hard, and comes across as hinting suspicion of maliciousness. @davidtemkin suggested the following, which I think more accurately communicates our intended message:
Brave hasn鈥檛 yet reviewed this extension for security and safety.
jonathansampson
on 9 Jan 2019
Thanks @jonathansampson -- let's get feedback from @rebron @bradleyrichter
davidtemkin
on 9 Jan 2019
also please get approval from @tomlowenthal
we did originally intend for the wording to make users think twice before installing. extensions are one of the biggest security risks to browsers IMO and many of them are indeed malicious. see https://www.wired.com/story/chrome-extension-malware/ for instance
personally i am suspicious of almost all extensions in the chrome web store
diracdeltas
on 9 Jan 2019
I agree. What about
Extensions can act as malware. Brave hasn't reviewed this extension. Only install extensions you trust.
MisinformedDNA
on 10 Jan 2019
AGAIN chrome HAS reviewed the extension before it went into the store, so no meed for the ridiculous message in brave.
2635599
on 10 Jan 2019
@2635599 So what are they looking for in their review if Chrome Extensions keep ending up with malware?
I'm not saying I agree that the message needs to be there at all (people mostly ignore messages), but if it's going to be there, it should be more unbiased.
MisinformedDNA
on 10 Jan 2019
@MisinformedDNA and in the real world peeps see a message in all caps they figure the manufacture did something wrong. since the extension HAS been vetted alreday by google there is no need for the warning / message in brave. if there must be any kind of warning something like this WITHOUT the extensions name being added to it right across the top of the extensions page.
"Installing 3rd Party Extensions In Brave May Damage The Browser."
2635599
on 10 Jan 2019
i think everyone here agrees there's no need for all-caps. maybe "Brave has not reviewed this extension for security and safety. Only install extensions you trust."
diracdeltas
on 10 Jan 2019
We should consider re-opening, and working on the messaging a bit more (per the comments above). I think @diracdeltas and @davidtemkin both had excellent suggestions for alternative wording that isn't as abrasive out of the gate.
jonathansampson
on 29 Jan 2019
Here's a mock:
karenkliu
on 30 Jan 2019
@karenkliu i like it! only change i would suggest is change "trust it" to "trust the developer"
diracdeltas
on 30 Jan 2019
karenkliu
on 30 Jan 2019
@jonathansampson since this issue was closed with a PR and did its purpose, please open a new issue for this. It makes it hard for tracking across milestones and we lose what landed in which milestone by re-using issues.
bbondy
on 30 Jan 2019
Thanks @jonathansampson !
bbondy
on 30 Jan 2019
New issue is here #3231
karenkliu
on 5 Feb 2019
Related issues
traffisco
路
3Comments
lansana
路
3Comments
bbondy
路
3Comments
bsclifton
路
3Comments
pitsi
路
3Comments
Most helpful comment
@karenkliu i like it! only change i would suggest is change "trust it" to "trust the developer"