ClearURLs / Addon

ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy.

Home Page:http://docs.clearurls.xyz

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Addon Unavailable on Google Chrome

trodiz opened this issue · comments

Has the addon been removed from the webstore? The URL listed here is responding with a 404 error. It's not coming up in search either.

https://chrome.google.com/webstore/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk

commented

Yes, ClearURLs were blocked by Google 7 hours ago.

The reasons for this are ridiculous and probably only pretended because ClearURLs damages Google's business model. ClearURLs has made it to its mission to prevent tracking via URLs and that's how Google makes money. I think that ClearURLs now has so many users that it is unwelcome for Google and they would like to see the addon disappear permanently.

I have appealed to Google against the blocking and corrected the complained things.

Among other things, it was claimed that the description of the addon is too detailed and thus violates the Chrome Web Store rules. The mention of all the people who helped to develop and translate ClearURLs is against Google's rules because it could "confuse" the user. Ridiculous.

Also, Google has criticized that the description of the addon did not mention that there is a badged, an export/import function for the settings, a logging function for debugging, and a donation button. This would be "misleading".

Last but not least, it was criticized that the "clipboardWrite" permission would not be necessary. But that's not true, and I've had a description for each permission in the Chrome Web Store Developer Dashboard for well over a year now. So the "clipboardWrite" permission is needed for writing clean links via the context menu into the clipboard.

I am attaching a copy of the email to this issue, but it is in German. I have also attached an automated translation.

Screenshot 2021-03-23 212849
translation.txt

commented

Unfortunate, but not unexpected move by Google. Thanks for appealing this @KevinRoebert

For new users, you can still grab the extension (.crx file) in the releases: https://github.com/ClearURLs/Addon/releases

Drag-and-drop that file into your chrome browser.

if we install .crx manually , will it check for updates ?

@evdcush
Thanks for the tip
Let me provide the steps for my browser Vivaldi (Chromium based):

  1. Open Extensions page via "Tools -> Extensions" menu item or enter vivaldi://extensions/ in URL var
  2. Turn on Developer Mode if not already (can be turned off after installation)
    2.1 Refresh the page after Developer Mode turned on (Or you can't install by dragging file)
  3. Download .crx file from somewhere (probably Releases Page)
  4. Drag downloaded .crx file into refreshed Extensions page

I tested once on Chrome 89 and steps seem to be similar
Except to visit Extensions page: chrome://extensions/ or "Three dots -> More Tools -> Extensions"

@MuhammadAnnaqeeb - follow the steps @PikachuEXE mentioned - developer mode needs to be on.

//Edit: Looks like OP deleted his original question. He tried to install the extension without developer mode active, which doesn't work

AFAIK, you can turn off debug mode once you've installed the extension.

@MuhammadAnnaqeeb - follow the steps @PikachuEXE mentioned - developer mode needs to be on.

AFAIK, you can turn off debug mode once you've installed the extension.

Thanks. It worked.

I have come across this issue via hackernews. I do not use Google Chrome or this extension and I have nothing but the utmost respect for people offering their free time and ability to code something for the common good and people.
And I do not want to be callous but wanting privacy and thereby installing this extension, on Chrome or Chromium mind you, is a contradiction in itself. It furthers the foothold of Google's in the Internet ecosystem and lessens that of e.g. Vivaldi, IE(yes, it is about diversity), Firefox, Brave, etc.
Google at this point will continue to move against these type of extensions because of its prevalence these days.
It is nice that you find solutions now, but, if you do not vote with your feet, your efforts will be futile in the long run as the platform not the problem-domain is the enemy here. Less extensions for a platform do mean that it is less attractive for non technical people as well. The changes to the APIs in Chrome and the problems they pose for e.g. adblock-developers and the fact that Google intentionally broke youtube to get people to move from others browsers over to Chrome pay tribute to that.
https://www.zdnet.com/article/former-mozilla-exec-google-has-sabotaged-firefox-for-years/

So , with that in mind, seeing this discussion play out is somewhat amusing.

To the addon-developer, I hope they see reason.

We had same kind of issue (different error code) with our extension @stoplay/stoplay-ext, but eventually I managed to reach the human and they restored the extension in the store, while I still had to fix some things to publish new releases (which were
not obvious to me at first).
Cheers!

I've switched to Edge Chromium since it's released.
Hope Microsoft will not remove ClearURLs from Edge Addons Store.

I have come across this issue via hackernews. I do not use Google Chrome or this extension and I have nothing but the utmost respect for people offering their free time and ability to code something for the common good and people.
And I do not want to be callous but wanting privacy and thereby installing this extension, on Chrome or Chromium mind you, is a contradiction in itself. It furthers the foothold of Google's in the Internet ecosystem and lessens that of e.g. Vivaldi, IE(yes, it is about diversity), Firefox, Brave, etc.
Google at this point will continue to move against these type of extensions because of its prevalence these days.
It is nice that you find solutions now, but if you do not vote with your feet your efforts will be futile in the long run as the platform not the problem-domain is the enemy here. Less extensions for a platform does mean that it is less attractive for non technical people as well. The changes to the APIs in Chrome and the problems they pose for e.g. adblock-developers and the fact that Google intentionally broke youtube to get people to move from others browsers over to Chrome pay tribute to that.
https://www.zdnet.com/article/former-mozilla-exec-google-has-sabotaged-firefox-for-years/

So , with that in mind, seeing this discussion play out is somewhat amusing.

To the addon-developer, I hope they see reason.

Most of us don't use Chrome I assume, for example, I use Brave, it uses the Chrome extension store for extensions though since it doesn't have it's own store.

if we install .crx manually , will it check for updates ?

What’s with the reactions lol , did i say something funny ?

i’m using unggogled chromium with https://github.com/NeverDecaf/chromium-web-store

and was wondering if the devs offer an update manifest file , if not , can you please implement it ?

I discovered this thread from HN. I have encountered this situation too, and I sincerely hope your extension to be restored in the Chrome web store.

Maybe I got something wrong, but I did found that the codebase does not seem to be using any browser.clipboard API, so clipboardWrite permission seems to be unnecessary. According to MDN, browser.clipboard API mainly exists to enable extensions to write image contents to clipboards, and all the ClearURL needs is writing texts. Also, another MDN page on clipboard interactions states that extensions do not need clipboardWrite permissions to write to clipboards. I actually tried running the extension without the clipboardWrite permission, and the context menu item still seems to be working.

If this is actually redundant, removing the permission may help getting it restored in the chrome web store.

I believe this extension could exist in a form of a userscript and then google wouldn't be able to block it.

I have come across this issue via hackernews. I do not use Google Chrome or this extension and I have nothing but the utmost respect for people offering their free time and ability to code something for the common good and people.
And I do not want to be callous but wanting privacy and thereby installing this extension, on Chrome or Chromium mind you, is a contradiction in itself. It furthers the foothold of Google's in the Internet ecosystem and lessens that of e.g. Vivaldi, IE(yes, it is about diversity), Firefox, Brave, etc.
Google at this point will continue to move against these type of extensions because of its prevalence these days.
It is nice that you find solutions now, but if you do not vote with your feet your efforts will be futile in the long run as the platform not the problem-domain is the enemy here. Less extensions for a platform does mean that it is less attractive for non technical people as well. The changes to the APIs in Chrome and the problems they pose for e.g. adblock-developers and the fact that Google intentionally broke youtube to get people to move from others browsers over to Chrome pay tribute to that.
https://www.zdnet.com/article/former-mozilla-exec-google-has-sabotaged-firefox-for-years/

So , with that in mind, seeing this discussion play out is somewhat amusing.

To the addon-developer, I hope they see reason.

the issue is a number of browsers like Brave and Vivaldi don't have their own stores, instead using the Chrome Web Store, which means it's not just Chrome being affected by this but also Brave, Vivaldi and other Chromium derivatives using the Chrome Web Store

commented

I discovered this thread from HN. I have encountered this situation too, and I sincerely hope your extension to be restored in the Chrome web store.

Maybe I got something wrong, but I did found that the codebase does not seem to be using any browser.clipboard API, so clipboardWrite permission seems to be unnecessary. According to MDN, browser.clipboard API mainly exists to enable extensions to write image contents to clipboards, and all the ClearURL needs is writing texts. Also, another MDN page on clipboard interactions states that extensions do not need clipboardWrite permissions to write to clipboards. I actually tried running the extension without the clipboardWrite permission, and the context menu item still seems to be working.

If this is actually redundant, removing the permission may help getting it restored in the chrome web store.

In fact, the clipboardWrite permission is no longer needed in the current version.

I changed the clipboard copy method in the commit 1b6cc37 about a year ago because it didn't work in Chrome and Firefox versions with the old API.

The new method no longer needs this permission, but the old one did. I didn't notice, but I have corrected it now.

commented

Nevertheless, Google still complains that the description is too detailed, and at the same time, the description of the functions such as a log function for debugging or the import/export of settings is not detailed enough for them. This is a contradiction - how can something be too detailed and then again not. Sounds like Schrödinger's README.

I hope that with the changes made and the drastic shortening of the description they reactivate the addon.

It is also in a way funny that Google complains about the description of the addon. I adapted this with the admission into the Firefox Recommended Extension program especially to the suggestions of the press department of Mozilla. At that time, the press department explicitly made suggestions on how to better present the addon to the general public. So it was specially improved by experts - although not Google employees, but competitors - so that it is well understandable for the general public.

Would be very useful to have this addon back on the store...

Would be very useful to have this addon back on the store...

You can just download it and install it manually.

can you submit the app under a new name like VeryCLearURLs with all the 'issues' fixed

can you submit the app under a new name like VeryCLearURLs with all the 'issues' fixed

Only if he wants his Google account banned for attempting to circumvent the add-on taken down.

commented

I have released a new version of ClearURLs without the clipboardWrite permission and a few bugs fewer.

Version 1.21.0 is currently under review at Mozilla and in the Edge Store. In the Chrome Store, I can't upload any updates at the moment. The button is grayed out. I think this will only work again when Google has responded to my objection. Let's see how long Google needs to process :/

commented

For new users, you can still grab the extension (.crx file) in the releases: https://github.com/ClearURLs/Addon/releases Drag-and-drop that file into your chrome browser

I did it but I can't turn on addon bc it's not available in Chrome Store
Re: https://support.google.com/chrome_webstore/answer/2811969

How am i able to enable 1.21 in brave (chromium browser)?
it says

This extension is not listed in the web store and may have been added without your knowledge. More information

image

commented

I have released a new version of ClearURLs without the clipboardWrite permission and a few bugs fewer.

Version 1.21.0 is currently under review at Mozilla and in the Edge Store. In the Chrome Store, I can't upload any updates at the moment. The button is grayed out. I think this will only work again when Google has responded to my objection. Let's see how long Google needs to process :/

As of a minute ago, the latest version is through Mozilla's manual review. No security vulnerabilities found.

Let's see if Google accepts the addon as well.

commented

How am i able to enable 1.21 in brave (chromium browser)?
it says

This extension is not listed in the web store and may have been added without your knowledge. More information

image

I almost guessed that this would happen. But I can't create a signed package of the addon at the moment, as long as Google has blocked this feature for me. We'll have to wait and see if and when Google gets back to us.

Maybe until then you can install the addon from the Edge Store? There I have already been able to submit the latest version for review.

How am i able to enable 1.21 in brave (chromium browser)?
it says

This extension is not listed in the web store and may have been added without your knowledge. More information

image

I almost guessed that this would happen. But I can't create a signed package of the addon at the moment, as long as Google has blocked this feature for me. We'll have to wait and see if and when Google gets back to us.

Maybe until then you can install the addon from the Edge Store? There I have already been able to submit the latest version for review.

it says that the browser is compatible, but i am not able to download the extension from edge store
image

What you can do is stop using Google products and rewarding their predatory behaviour. This attempt is good for Google but it's also good for everyone who needs a kick in the ass to switch away from Chrome. We need variety in the browser space, not domination like we had with IE. Use another browser, let Chrome be Chrome and if everyone acts like you, it will die by its own hand just like IE did.

@TheSoulrester Figures. Probably the browser fetches the extension blacklist separately and refuses to install the legitimate extension from any store. (This is also probably the moment a fake version of ClearURLs is born and uses the confusion to find its way into some people's browsers.)

@teatreeoilchocolate, @pluc Good points, it's so great to see people talk about high-level solutions to the trust crisis that our industry is experiencing! GitHub is probably the most appropriate place to have such discussions... although I can't help but wonder if it's the safest one. 🕵️

I also can't help pointing out one contradiction in @pluc's post; in one sentence they speak about variety, in the next one they effectively say that the problem won't be resolved until "everybody acts as one". (Please pardon if I misunderstand!)

  • Point being, we should definitely be raising awareness about this whole sphere of issues, but shouldn't we also be looking for solutions that don't involve kicking everyone out of their customary workflows?
  • And if users "voting with their feet" is our objective, shouldn't we build the better alternative first, so they have something to vote for?

I don't claim to have the most efficient strategy, but I do have one and would appreciate your comments:

  1. Every time there's a fuss around Google doing something stupid about browser extensions (remember the "manifest v3" outrage from a while ago?), petition Chrome derivatives like Brave and Vivaldi to launch competing extension stores, like Edge's. (Much easier than petitioning The Google to stop being evil, also much easier than petitioning everyone to stop using The Google!)
  2. Once there are multiple competing stores, build a middleware that effectively unbundles the "validation" component from the "store" experience, leaving the stores to do just the curation and promotion. (A distributed code-signing network can protect users from fake extensions in a way that does not enable arbitrary censorship decisions on the part of a single entity; for cues, look at existing software distribution organizations like Debian and their https://reproducible-builds.org/ project, or Nix and Guix who are all about reproducible builds, or https://github.com/crev-dev/cargo-crev for a dev-oriented solution)

Of course, measures like the above go directly against platform vendors' interests. It is only natural to expect Google to sabotage technological developments that cut into their bottom line - as is the case with this very extension - before the inevitability of progress makes them recalibrate their interests once again. @KevinRoebert did you notice how the reviewer said irreverent and the rules said irrelevant? As if extension authors should now show reverence to the platform in order to be let into the walled garden... What unbelievable assholes.

commented

@KevinRoebert did you notice how the reviewer said irreverent and the rules said irrelevant? As if extension authors should now show reverence to the platform in order to be let into the walled garden... What unbelievable assholes.

I actually didn't notice that because most of the mail was in German. And it probably won't be a typo either, the letters are too far apart for that.

Of course, that makes me slightly sadder when I put so much time into a free project. Well, I think it's just typical for Google.

@bingoxo

and was wondering if the devs offer an update manifest file , if not , can you please implement it ?

Yes but also no. It's not worth the effort to do that when it'll only work on Linux. Windows/Mac Chrome force you to point update URL at their Web Store. From https://developer.chrome.com/docs/extensions/mv2/external_extensions/

Both ways support installing an extension hosted at an update_URL. On Windows and Mac, the update_URL must point to the Chrome Web Store where the extension must be hosted.

The preferences file on Linux can point to your own server where you are hosting the extension. The preferences JSON file also supports installing an extension from a .crx extension file on the user's Linux computer.

To the others using Vivaldi, be aware that it is not open source

@bingoxo

and was wondering if the devs offer an update manifest file , if not , can you please implement it ?

Yes but also no. It's not worth the effort to do that when it'll only work on Linux. Windows/Mac Chrome force you to point update URL at their Web Store. From https://developer.chrome.com/docs/extensions/mv2/external_extensions/

Both ways support installing an extension hosted at an update_URL. On Windows and Mac, the update_URL must point to the Chrome Web Store where the extension must be hosted.

The preferences file on Linux can point to your own server where you are hosting the extension. The preferences JSON file also supports installing an extension from a .crx extension file on the user's Linux computer.

To the others using Vivaldi, be aware that it is not open source

they can make the update url point to github release page , like https://gitlab.com/magnolia1234/bypass-paywalls-chrome-clean for example , it definetly doesnt need to be a chrome store link

Like the above-mentioned "paywall bypass" extension, you can just add this extension to the Chrome Whitelist in the registry. Don't forget to increment the string name if you already have whitelisted other extensions.

`Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist]
"1"="onjjkemcjfjhcfaheibmbefanghgcdde"
`

I have released a new version of ClearURLs without the clipboardWrite permission and a few bugs fewer.

Could/does a lack of this permission result in any negative / "not as good as before" behaviors?

I think this suggests the time has come to set up a third party chrome extensions store for use in non-mainline chrome

I am in no way an expert in any of this, but I think this HackerNews comment raises a good question that needs to be addressed.

I'd love to use ClearURLs, though last I checked it had a major flaw: it allows ... | Hacker News

commented

I am in no way an expert in any of this, but I think this HackerNews comment raises a good question that needs to be addressed.

I'd love to use ClearURLs, though last I checked it had a major flaw: it allows ... | Hacker News

ClearURLs must meet strict requirements to be listed as an add-on by Mozilla, specifically as a recommended add-on.

Each new version of ClearURLs is manually reviewed by a real human before it is released.

In order for ClearURLs to be allowed to use the external rules file, there is a specific requirement from the Mozilla reviewers that must be met.
ClearURLs must not contain any function that uses the external rules file to change URL A to an arbitrary other URL B.

So ClearURLs is not allowed to simply do a redirect to another URL, because that could cause harm via the external rules file. ClearURLs may only use the rules file to remove elements from a URL or to specify which URLs should be blocked.

The review does not check if there might be rules that bypass the restriction, but it checks if there is a function to do so in ClearURLs at all. And there is no function in ClearURLs to redirect URL A to another URL B by a rule. Therefore it is also not possible to redirect to arbitrary pages with the external rule file and thus e.g. capture traffic.

The rules of ClearURLs and also the addon itself can only remove elements from a URL or block a request.

The redirection rules of ClearURLs are also built on the principle of removal. So ClearURLs can only forward URLs that already have the destination URL as a parameter in the URL. For example, https://example.com?target=https%3A%2F%2Fmy-fancy-site.com can be rewritten by ClearURLs to https://my-fancy-site.com to skip the potential tracking of example.com (the first part of the URL will just be removed). However, ClearURLs cannot change this URL to something arbitrarily different.

commented

I have released a new version of ClearURLs without the clipboardWrite permission and a few bugs fewer.

Could/does a lack of this permission result in any negative / "not as good as before" behaviors?

See: #102 (comment)

@dit7ya I have the same thing with e.g. f-droid. But in the End it boils down to trust, every code that runs on your machine which hasn't been developed by yourself, even the hardware, will be susceptible to this. So you have to trust that along the supply chain everyone has done their due diligence to prevent this from happening. (Also the reason these attacks are scary).
In essence you could even exclaim a warning, this computer executes code that has been written by other people and is potentially doing whatever it likes. I hope you get my point, but I do understand, I usually also err on the side of caution.

@sam0x17 Have been thinking the same. :) And quite surprised that Brave, Vivaldi etc do not have a marketplace for addons. Yet Infrastructure for high demand is expensive.

Unable to activate it on Brave

Screen Shot 2021-03-24 at 4 35 17 PM

Hello
a track for me that worked, right click on the clearurls-1.21.0-chrome.crx extract with an example of extracting zip file "extract to" then put the extracted folder into the extension folder of your chrome, then in "extension" "" manage extensions in developer mode "then load the unpackaged extension and select your extraction folder.
extension is added
Does it work for you?

Please put a direct link to the downloads on the main readme.md , with the other links. It was a pain to find it. Make the most of your 5 minutes of fame!

No problem to install into Opera. Click on .clx, go to extensions when prompted to enable it.

I have released a new version of ClearURLs without the clipboardWrite permission and a few bugs fewer.

It would be a good idea to keep the full functionality version on the github download page, and for other browsers. Only cripple the chrome store version.

@bingoxo

and was wondering if the devs offer an update manifest file , if not , can you please implement it ?

Yes but also no. It's not worth the effort to do that when it'll only work on Linux. Windows/Mac Chrome force you to point update URL at their Web Store. From https://developer.chrome.com/docs/extensions/mv2/external_extensions/

Both ways support installing an extension hosted at an update_URL. On Windows and Mac, the update_URL must point to the Chrome Web Store where the extension must be hosted.

The preferences file on Linux can point to your own server where you are hosting the extension. The preferences JSON file also supports installing an extension from a .crx extension file on the user's Linux computer.

To the others using Vivaldi, be aware that it is not open source

Vivaldi is source available, not open source, but for all meaning aside from the "definition" of open source, it is.
That's enough for me. I can view, and technically modify it. That's all I really care about, I have the peace of mind there is nothing sketchy

Vivaldi is source available, not open source, but for all meaning aside from the "definition" of open source, it is.
That's enough for me. I can view, and technically modify it. That's all I really care about, I have the peace of mind there is nothing sketchy

Not according to the EULA. Item 7 specifically denies modification and derivative works.

https://vivaldi.com/privacy/vivaldi-end-user-license-agreement/

Unable to activate it on Brave

Screen Shot 2021-03-24 at 4 35 17 PM

I had this question too,but i have solved this.
First,change the .crx to .rar then unzip it,find the file named "manifest.json"
second,open the file,change the "name:ClearUrls" to "name:any name you want"
last,load the whole folder in the chrome(dont forget to open the Developer mode

now you can use the Plug

pls upload the lastest version to edge addons thx~ @KevinRoebert

image

@makbol

Chrome won't let you activate the newest version 1.21. However, you can still use 1.20 by drag&dropping the .crx file.
As Kevin mentioned there are no major changes in 1.21, so this might be an easy solution without whitelist/editing
until everything works again as it should.

That being said, I'd rather recommend you to export your bookmarks and move :)

commented

pls upload the lastest version to edge addons thx~ @KevinRoebert

image

I've already uploaded the newest version to Edge. It can take some time until the review is done.

commented

Google has just responded to my objection. Quote:

We really appreciated your changes in the extension. Upon subsequent review, we found that your extension “ClearURLs” with ID “lckanjgmijmafbedllaakclkaicjfmnk” is in compliance with our Inaccurate Description and Keyword Stuffing policies. [...]

I have been able to upload version 1.21.0, which no longer uses the clipboardWrite permission. ClearURLs are now in the review process and should be (hopefully) available in the Chrome Web Store again.

By being able to submit new versions for review again, I was also able to upload a signed version of the addon here in the GitHub release, which can already be installed manually without error messages.

Vivaldi is source available, not open source, but for all meaning aside from the "definition" of open source, it is.
That's enough for me. I can view, and technically modify it. That's all I really care about, I have the peace of mind there is nothing sketchy

Not according to the EULA. Item 7 specifically denies modification and derivative works.

https://vivaldi.com/privacy/vivaldi-end-user-license-agreement/

that's what I mean by "technically", however, vivaldi has always been informally open to modding, see

It's still proprietary freeware.

It's still proprietary freeware.

We are talking on proprietary freeware right now :), I don't understand the issue

"Never attribute to malice that which can be adequately explained by stupidity." [Hanlon's razor]

I've experienced similar problems on my own apps and extensions, which are no threat to Google.

The problem is that Google's review and approval process is ill-defined, opaque, and clearly subjective, without proper feedback or accountability. It's sufficiently discouraging that I've pretty much suspended further work on Chrome apps and extensions.

Malice is organized stupidity.

The problem is that Google's review and approval process is ill-defined, opaque, and clearly subjective, without proper feedback or accountability.

That's all anyone developing for their half-arsed platforms needs to know.

The extension is again available in CWS 👍

commented

Solved 🍾

If this functionality were made available to loopback / network apps like Privoxy google would have no sway

https://privoxy.org/

Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user network