Force-installing browser extensions without user consent is a dark pattern

  • 1
  • Problem
  • Updated 3 years ago
  • (Edited)
The more recent versions of covenant eyes install browser extensions (that then cannot be removed) without consent from the user.  This is a dark pattern and should be corrected.  No software should ever install something without consent from the user (or a way to back it out if no consent was collected).

Update:
I even tried to work around this by manually removing the extension's files and deleting the configuration from chrome's "Secure Preferences" file.  It appears that CE also monitors the extension's files and recreates them if they go missing.

This is totally unacceptable.  

I have been a satisfied CE customer for a long time (well...except for the lack of an iOS solution, but that's a different thread).  It has made a big difference to me personally.  However, I don't see the need for these extensions, and taking over a piece of my environment in such a way that I can't restore it is definitely bad behavior.

I will definitely be avoiding doing any more upgrades on any of my other machines until this problem is corrected.
Photo of aggieben

aggieben

  • 57 Posts
  • 8 Reply Likes
  • annoyed

Posted 3 years ago

  • 1
Photo of Patrick Smith

Patrick Smith, Official Rep

  • 129 Posts
  • 16 Reply Likes
Hi Ben. Thanks for sharing your thoughts. I appreciate your concern about browser extensions in general--if used irresponsibly, they're certainly capable of grabbing all kinds of information.

Our use of browser extensions rises out of our members' requests for greater report clarity--specifically which URLs were visited and which were merely part of the composition of a website. E.g. The Sports Illustrated website, SI.com. It used to ding members during certain times of the year when the promo for the swimsuit edition was present on the homepage. The swimsuit edition promo would be rated highly by our rating system, but there was no means by which an accountability partner could discern whether this was a visited site or merely part of si.com. In response to heavy customer demand for that clarity, we began leveraging browser extensions as a mechanism for "knowing" which URLs were visited and which were supporting.

On the Windows client, we're quite up front about it--the installer has a page devoted to informing users that we install extensions on Chrome, Firefox, and IE. That page forces the user to click "OK" prior to installing. The Mac client is not one of the projects I oversee--so I don't remember with certainty if the Mac client informs the user of the installation of browser extensions. If we don't presently on Mac, we will in an upcoming version. Again, we appreciate your sentiments, and we'll consider them as we prioritize future work.
Photo of aggieben

aggieben

  • 57 Posts
  • 8 Reply Likes
The rationale behind the extensions isn't what I am upset about.  Your case for them makes plenty of sense - but I have decided that I don't need them, and would much rather not have the additional bloat and complexity and clutter in an already crowded and bloated browser ecosystem.  I just don't think I need them, and you haven't really responded to the kernel of my argument:

The extensions should be OPTIONAL.  Why can't we just have a checkbox on the installer to give us the choice?

I've been perfectly happy with the monitoring service just the way it is (with the exception of a total lack of iOS support), and I don't want your browser extensions, and I shouldn't have to be locked out of upgrades because of that. Informing your users is good, and if you didn't do that, then what you're doing here would be unethical.  But even with the disclosure, it feels like you're dancing right on the line.
Photo of Patrick Smith

Patrick Smith, Official Rep

  • 129 Posts
  • 16 Reply Likes
Your desire for optional extensions is noted. Thanks, Ben. Also, you might not know about it, but we've had iOS support since 2010. Our current app has a 4 star rating. 
(Edited)
Photo of aggieben

aggieben

  • 57 Posts
  • 8 Reply Likes
Oh, I know about the iOS app.  The iOS app is of no use at all.  One need only open another browser, or use one of any number of apps that have in-app browsing (most of the essential apps have this) (or lock your phone down so much that you can't use it, in which case you might as well just get a flip phone).  That app was a complete waste of developer time.
Photo of Chance

Chance

  • 134 Posts
  • 13 Reply Likes
Dude, your attitude sucks.  I have no doubt the developers are working their tail ends off doing the best they can with what they have.  I understand this is a support forum, but I'm tired of seeing all your negativity on here.  It is not productive at all.  

"That app was a complete waste of developer time."  Are you freaking kidding me?!?  The app developers may be nice and cordial, but I don't have to be.  I feel sorry for them for having to put up with your crap.
Photo of Chance

Chance

  • 134 Posts
  • 13 Reply Likes
Edit: I removed my 2nd comment as it was not conducive at all to the conversation.  (You can probably read it if you get email notifications).  
(Edited)
Photo of aggieben

aggieben

  • 57 Posts
  • 8 Reply Likes
Chance, I don't come to this trying to have a bad attitude.  I am also certain that the developers are working every bit as hard as they should be.  I also would say that none of my criticisms were aimed at the developers themselves.  My experience with the CE software has been pretty good - meaning, out of sight, out of mind.  That's actually quite an accomplishment for software that inserts itself into the network stack and touches everything coming in and out.  I've had remarkably few problems with it.  I even resisted using it for a long time because I was worried it would interfere with VPNs and proxies, and VMs, and whatnot.  I couldn't be more pleased to have been wrong.

Regarding the iOS app as a waste of time: I've articulated my problems with this part of the product multiple times, so repeating it here would be out-of-place (not to mention hijacking the thread).  I think my criticisms there are well-founded and civil.  I probably could have skipped leaving the comment above for the same reasons (but I can't delete it now).

You may disagree entirely, and that's fine, but your unprovoked personal attack of me is what seems to me to be unproductive.
(Edited)
Photo of Chance

Chance

  • 134 Posts
  • 13 Reply Likes
You're right.  I apologize.  I'm sorry that I said "I feel sorry for the developers..."
(Edited)
Photo of Patrick Smith

Patrick Smith, Official Rep

  • 129 Posts
  • 16 Reply Likes
Your sentiments on the iOS app are also noted. Thanks for your contribution to the forum, Ben.
(Edited)
Photo of Southpaw102

Southpaw102

  • 8 Posts
  • 2 Reply Likes
Too be honest, I like that I can't disable my browser extension in Google Chrome, otherwise i'd disable it every time i was lusting. Unfortunately you can disable it in Firefox and Safari on my mac. (version 10.9.5 Mavericks).

As far as it force installing the extensions I don't personally mind it because I need all the help I can get with my addiction. However I can see how you personally might not need it. So I can see how having the option to install it would be a good thing. So if they make it an option I think that would be good. BUT once we agree to install it I think we shouldn't be able to disable the extension without a password that only the filter guardian can get.
Photo of Jake

Jake, Employee

  • 140 Posts
  • 11 Reply Likes
Just to clarify something here, if you disable the extension in Safari or Firefox, Covenant Eyes is still monitoring your activity. The extensions tidy up the report you and your partners get.

For instance, if you visit a website that has a background script that rates highly, in most instances, it will not be on your report because you didn't actually view anything highly rated. Without the extension running, that background script will show up on the report.

If anything, disabling the extension would make your report look worse than it actually is.

Jake
Photo of aggieben

aggieben

  • 57 Posts
  • 8 Reply Likes
Yes, thanks for that clarification.  I should have mentioned this from the start: it was never my intent to disable monitoring.