Software Integration Is Not Evil

Asa is wrong, and he’s being obnoxious about it to boot. What Google, and Apple, and Microsoft is doing is called software integration, and in general it’s very good that iTunes, Google Earth, and Windows Live are adding Firefox integration into their software. They are installing plugins and/or extensions using the recommended methods so that all NPAPI-capable browsers can see and load them. This is not “Google being bad”, this is Google following Mozilla’s recommendations for browser integration!

It’s true that Firefox should give users more control over integration software that is found on the system, and we’re working on prompting users whether they want to include that integration as part of Firefox. But claiming that Google, Apple, and Microsoft are somehow being evil is stupid and short-sighted. The problem, if there is one, lies entirely with Firefox, not with the software which is doing exactly what we ask of them.

Atom Feed for Comments 22 Responses to “Software Integration Is Not Evil”

  1. Astron Says:

    I don’t think that this is what Asa Dotzler meant. I think he would like to be prompted during the installation of a programme whether or not to install a plug-in (Openoffice.org for instance does this).

  2. Topher Says:

    I read Asa’s posts, and I too would be unhappy to be surprised to find those plugins. I would prefer to have Firefox tell me something was trying to install a plugin, and ask me if that’s ok. Anything that can modify my browser without me knowing it makes me mighty nervous.

  3. Fritz Says:

    I don’t think it’s _all_ Firefox’s fault. When they tell me and give me an option about installing their plugins that’s okay. But many don’t which makes it impossible for the end-user to tell if it was “properly” installed or not. Take Adobe CS5. It installed a toolbar into Firefox which I did not want and disabling the plugin didn’t remove the toolbar. I can’t tell who is at fault and it could have easily been fixed by Adobe listing Firefox toolbar in its list of software as it listed Flash or Dreamweaver. So while Firefox needs to protect us from this (and make sure every plugin can be disabled!), many of the software companies are not properly informing users about what they are installing.

  4. Scott Baker Says:

    I don’t have a problem if they ask me if they can install Foobar addon, but they HAVE to ask. What does Firefox have to do with a Google Earth updater? That seems pretty obnoxious to me. I’m sure someone out there wants Firefox to update their Google Earth, but it’s not me! If someone installs an addon they need to let me know first.

  5. Robert Kaiser Says:

    I still agree with Asa to some part – they should not integrate with random other software without asking the user to do so. The way they are doing it might be OK, as you say, and the fact is true that Firefox should also care who/what wants to integrate with us, but I think it’s not OK to integrate into other software this way without asking the user.

  6. Asa Dotzler Says:

    When I run an installer, that’s the app I’m dealing with. I’m giving it power to do just anything on my system. I have a trust relationship with that software vendor. I’m willing to let it do what it needs to to my system to get me the capabilities I seek from it. When that vendor does things with that installer that I did not expect or ask for, that’s an abuse of that trust.

    Benjamin, how would you feel about Google installing ChromeFrame into Firefox without asking you when you download and install Google Earth or Google Toolbar for IE? Even if we have a prompt, how do you feel about Google’s hypothetical action there? Is it OK to replace Firefox’s Gecko without asking because you downloaded and executed the Google IE Toolbar installer or Google Earth? Is it the right way for them to make their amazing ChromeFrame technology available to you?

    Sure, we can build a mechanism to give users the choice — after the fact of the unrequested installation, but so what. Microsoft gives me Add/Remove programs, but that doesn’t mean it’s OK for Apple to install Safari without asking when I run the iTunes installer.

    – A

  7. Asa Dotzler Says:

    “This is not “Google being bad”, this is Google following Mozilla’s recommendations for browser integration!”

    Can you point me to Mozilla’s documentation saying we recommend installing software without the user’s permission? Of course not. And that’s what I’m talking about.

    I’m not arguing with the technology that these software vendors use to integrate with Firefox. Nowhere am I saying that using NPAPI or our extension API is wrong. I’m saying that doing so without asking is wrong. I’m saying that surprising the user by installing features they did not expect is wrong.

    By your logic, there would be nothing wrong with the Mozilla secretly adding Thunderbird to the system when someone performs a Firefox install. We would, after all, be using the recommended Windows APIs to do so.

    By your logic, it’s completely OK for the Flash Plug-in Installer to (hypothetically) add a PDF/adware toolbar to IE and Firefox without asking the user, as long as it was using the recommended toolbar API for Firefox and IE.

    I’m saying that wouldn’t be OK and I’d challenge it if Mozilla tried to do anything like that. Using your installer’s god-privileges to change the user’s environment in ways that he did not request or expect is a violation of trust.

    – A

  8. Benjamin Smedberg Says:

    Asa, you are deliberately misunderstanding. I’m not saying that if a user installs Firefox, they should get Thunderbird without notice. But if they install Thunderbird, it’s perfectly reasonable that they would also get a Firefox extension which adds menu items to Firefox such as “email this page”. It’s a reasonable expectation that if a user installs Thunderbird, they want Thunderbird integration in Firefox. It’s also reasonable to assume that if they install iTunes, they would like itunes: links on the web to work.

  9. Jason Says:

    To extend Asa’s example, would it be reasonable for Google to install ChromeFrame into Firefox without your consent when you install Chrome? In that case you could argue that if they install Chrome, they would want Chrome to “work” everywhere.

    I think the debate here is regarding what gets installed by default (or what the vendor assumes that user wants). Personally I’d rather have a choice of what they install on my system but I can see how choices can really confuse ordinary users. Perhaps the vendors need to add an “advanced” option to disable these plugins…

  10. Asa Dotzler Says:

    We still disagree. I think it’s wrong in either case. I do not think that most users reasonably expect to have Firefox features changed when they install Thunderbird unless Thunderbird was heavily marketed as offering that functionality. Doubly so if the feature added to Firefox has nothing to do with improving the user’s experience with Thunderbird. When a user begins the Thunderbird install process, they’re making a decision to let this piece of software modify their system to get them the thing they were after when they downloaded Thunderbird. Users do not need to be prompted to agree to every feature within Thunderbird, but when Thunderbird features impact their already installed and already functioning in the way they expect it to software, then users should be asked in some way.

    How about we look at a real example I gave instead of the hypothetical Thunderbird or Firefox scenarios. When I installed Google Earth, it added a plug-in to Firefox called Google Update. This plug-in doesn’t seem to do anything to integrate Google Earth functionality into my browser. It doesn’t give me fancier maps in the browser. It doesn’t make certain links in the browser target Google Earth. It doesn’t do a damn thing related to any hypothetical Google Earth and Firefox “cross-over” or “mixed” feature set as far as I can tell. Truth be told, I can’t tell what it does, (though I’m told by a Google engineer that it does something to bypass Firefox “save vs. run” user interface so that special Google links automatically trigger a run rather than save, or something like that.)

    Is that good behavior? Does that fit with the user’s expectation after seeking out, downloading, and running the Google Earth installer?

    I say no. I say that’s a clear violation of the user’s expectations. And that’s my basic rule here. Don’t surprise users with modifications to their existing software. Keep your surprises inside your own application.

    Flash is basically the opposite case from Google Earth. Most users who seek out, download, and run the Flash installer are doing so because they expect it to modify the featureset of their Web browser. That’s its primary purpose and most people understand that. It’s not surprising to users when they run the Flash installer that they get a Flash plug-in for Firefox. I think that’s just peachy and I don’t think that Firefox should warn users when they launch Firefox after a Flash install.

    To me this isn’t a technology or API question at all. It’s about treating your users with respect and not violating their expectations. I find it sad that so many people think that it’s just fine when Software vendors do things that violate the expectations of their users.

    – A

  11. Dan Says:

    Please explain how surreptitiously installing a plugin that allows one-click installs of unrelated software comes under the umbrella of “integration”, how doing so is part of Mozilla’s guidelines, and how that problem lies entirely with Firefox?

    Think how much software on Windows gives you the option during install to add desktop shortcuts, or context menu items. They are aspects of integration and yet the choice is still given to the user. Why is it so hard to do the same for plugins?

  12. Asa Dotzler Says:

    I think I probably am not being clear. I do not think all integration is a bad thing. I think that integration needs to be approached by software vendors with for more care than what they do inside their own apps and I don’t think that’s been the case for some very major software vendors over the last half decade or so.

    That care should lead to thoughtful outcomes in software usability like “do it automatically because it’s expected by most users” or “don’t do it at all because it would shock or surprise most users” with various kinds of opt-ins and opt-outs falling in the spectrum between those two poles.

    When I install the Flash player plug-in, I expect it to integrate with Firefox. That’s precisely what it’s advertised to do. I think that probably falls into the “do it automatically because it’s the expected outcome for most users”.

    When I install Google Earth, I don’t expect Firefox to start treating web links to Google application installers differently. I think that falls into the “don’t do it at all” category because it doesn’t actually relate to the functionality of Google Earth and it shocked me to learn that it was bypassing my browser’s default (and presumably, considered) UI for a scary interaction like software downloading and executing.

    When I install iTunes, I expect it to help me manage my library of music and to connect to my iPod and to the iTunes store. That’s just what it’s advertised to do and what most people who download it expect it to do. I don’t expect it to make magical links on the Web start behaving differently but I can see how that integration might be useful. I’d put that in the “Ask first” category because it’s not an expected or well advertised feature of iTunes.

    When in doubt, I think software vendors should be conservative here. Their natural tendency will very likely be to assume they know best and so a safe default which can help counter creeping arrogance is to err on the side of lesser violation of the user expectations.

  13. Asa Dotzler Says:

    Dan, I believe that Google sees this not as “Chrome integration with Firefox” or “Google Earth integration with Firefox” but more like “Using whatever means available to more tightly integrate Google’s software distribution system into all aspects of the user’s computer”. Presumably if you trusted Google enough to install one piece of software, you’re OK with them altering your system to treat all future Google software download and install attempts as equally trusted. I disagree with that and while it might end up being a nice feature and some users might follow that logic, I think that most people installing a Google app do not expect or want to grant Google special permissions for all future apps.

  14. Danny Moules Says:

    I agree with Asa. The plugins are often not wanted and even if they are – their automatic install presents both a security risk (such plugins have put Fx users in danger before) and a danger to system stability when they do not work. Asa’s arguments seem perfectly legitimate and purporting that he does not understand your argument is unfair when he’s addressing them accurately.

    My personal comments on this issue: http://rushyo.com/42bit/?p=28

  15. Linux Blog » Blog Archive » Ne, Mozilla nekritizuje Google, Apple či Microsoft za integraci pluginů Says:

    […] liÅ¡ty, kterou pÅ™i instalaci neodsouhlasil, nebude patrnÄ› příliÅ¡ nadÅ¡en. Jak například zmiňuje Benjamin Smedberg, jiný zamÄ›stnanec Mozilly, na samotné integraci jednotlivých produktů není nic Å¡patného. […]

  16. Mozilla-Manager kritisiert Apple, Google und Microsoft - Internet | News | ZDNet.de Says:

    […] Benjamin Smedbergs bezeichnet Dotzlers Ansatz schlicht als "falsch": "Was Google, Apple und Microsoft tun, nennt sich […]

  17. Henri Sivonen Says:

    I installed Windows 7 Professional from Microsoft’s box. That is, it wasn’t any kind of OEM bundle with additional software. Then I installed Firefox, Opera, Safari with QuickTime (since Safari isn’t fully functional without QuickTime) and Chrome. Then I installed XP Mode, which wanted to perform a Windows Genuine Advantage validation. IIRC, I used IE for the Windows Genuine Advantage validation step, because I assumed it wouldn’t work otherwise.

    After this, every one of the competing browser vendors except Opera had added their NPAPI plug-ins to Firefox. (QuickTime, Google updates and Windows Genuine Advantage plug-ins.) Kudos to Opera. Note that I didn’t really ask these vendors to add more code surface that Mozilla doesn’t provide security updates for to Firefox.

    I think the Google updater has no legitimate reason to be in Firefox. It’s at least a bit iffy for the act of installing Safari to add the QuickTime plug-in to other browsers. (Wouldn’t it be at least a bit dodgy if installing Firefox installed Ogg and WebM decoders to Safari as a side effect?) There doesn’t seem to be any good reason to expose the Windows Genuine Advantage to non-Microsoft origins.

    I think this is both a problem with the software installation culture on Windows and a problem with Firefox. The cultural problem is that users tolerate installers that have more payloads than it appears on a casual inspection. The Firefox problem is that Firefox by default just loads DLLs that someone else’s installer dumped in a magic directory. Fortunately, Firefox stopped loading extension DLLs that were dumped to the components directory.

    I think Firefox should not only not enable newly-found NPAPI plug-ins without user confirmation but that Firefox should default to “click to activate” for plug-in content and let the user activate a particular plug-in permanently for the current site or for all sites.

    A user might want to enable run Flash Player on some sites, but it doesn’t follow that the frequently unpatched attack surface, the fingerprinting surface and persistent Flash objects should be exposed to all sites by default. Also, if the user has gotten the Java plug-in somehow on his/her computer (e.g. bundled with OpenOffice.org), it doesn’t follow that it’s a good idea to expose that attack surface to all sites by default.

    See also http://twitter.com/#!/avibryant/status/9466206486532098

  18. Asa Dotzler Says:

    Benjamin, how would you feel about Google installing ChromeFrame into Firefox without asking you when you download and install Google Earth? It is just an NPAPI plug-in after all. So what if it body-snatches Firefox because it’s just following our recommendation for browser integration?

  19. mmc Says:

    Asa, you’ve already made the example of Google installing ChromeFrame before. Can you avoid repeating yourself so much? You’ve written 6 (lengthy) comments out of 16 (including mine).

  20. Justin Lebar Says:

    > Benjamin, how would you feel about Google installing ChromeFrame into Firefox without asking you when you download and install Google Earth?

    I feel like this misses the point. Google isn’t installing Chrome Frame into Firefox.

  21. Asa Dotzler Says:

    mmc, I repeated the question because Ben didn’t answer it and I think it’s a good one.

    Justin, it’s a hypothetical. ChromeFrame uses the officially supported integration path that Ben brings up. It doesn’t currently abuse users with a silent install, but there’s no reason it couldn’t and so I think it’s a legitimate question to ask.

    I contend that just because we offer an integration path doesn’t mean that any action a vendor takes that uses that integration path is acceptable. I happen to think that Google Update (which makes Google installers linked to from the Web bypass the save or execute dialog in favor of just execute) is abusing that integration path. Others seem to disagree so I’m asking “where would you draw the line”. Is it OK to integrate anything because Firefox provides the mechanism? Is it only OK to integrate some things? Which things?

    – A

  22. David Tenser Says:

    What Asa is suggesting is simply the right thing to do: ask before you alter stuff outside of your own turf. If every software vendor asked before they changed other software in ways users didn’t expect, users would be more in control and understand their system better. As a result, people would have have far fewer problems with computers doing unexpected things.

    From a customer support point of view, these types of “automatic” (hidden/secret) integrations are a nightmare. I for one wish that the big software vendors could lead the way rather than demonstrating poor practices that confuse and annoy their customers. Mozilla keeps making me proud in that regard.

Leave a Reply