- Hoverzoom violates google chrome store verification#
- Hoverzoom violates google chrome store code#
- Hoverzoom violates google chrome store windows#
As soon as they start curating or moderating they should be liable as if they're a publisher / distributor.Ĭan confirm. I have that opinion about _all_ online providers. IMHO, anyone doing curation should be liable for IP theft and trademark violations. The problem with a "good" system is that Apple, Google, and Microsoft have to give up control in order to let publishers self police their IP / trademarks and none of them will do that. In addition to that, IP squatting via a domain has a well established set of rules for trademark disputes, so a publisher can take action immediately to protect their trademarks rather than begging Apple or Google to take down a fake app. If you expect to see what "website" (aka domain) is distributing the app it gets much easier.ĭistributed by vs distributed by is the worst IP squatting you'd see and I could visit both sites if I wasn't satisfied enough assuming the more valuable domain is the real app creator. Starting with the assumption that Apple's capable of ensuring that doesn't happen, you assume it's a legit app. The fake app used the IP of the real one to trick users. It's "trust us" and they've both demonstrated repeatedly that they aren't worthy of being trusted.Īs a specific example for Apple, there was a fake Fall Guys app on their store when it was at peak popularity. I have a much better chance of determining the trustworthiness of the signer by knowing their domain than I do by knowing their registered business name.Īnd when I say Google and Apple are worse, I mean they've created systems that are completely opaque.
Hoverzoom violates google chrome store code#
When I say that simple, domain validated code signing would be more useful for devs and users, I mean that I'd prefer to have the (ex:) UAC prompt tell me "This application is distributed by " rather than "This application is distributed by Example XYZ LLC". So, for me, the way code is currently signed tells me that someone had $2k USD to start a company and buy an EV certificate. IE: Easy to game once you know the process.
Hoverzoom violates google chrome store verification#
That's also influenced by my own experience in getting code signing certificates where the process used by CAs for identity verification are not anything official, but seem to be a rigid checklist of items that needs to be followed by someone with no cultural or local knowledge of my jurisdiction. I've seen enough malware and adware signed with EV certificates that I personally place their value at zero.
That doesn't benefit me at all and most normal users misunderstand it to mean the company is trustworthy when that's not the case. In most cases, I don't know who the company is and don't have a way of finding out.
Hoverzoom violates google chrome store windows#
When I run an application on Windows that passes SmartScreen, all I know is that some company somewhere paid for an EV code signing certificate. What I'm saying is the current trust industry is providing almost no value. I'm not saying "software should not be signed". And? I'm assuming you're not saying "software should not be signed", in which case I'm missing your point.
0 kommentar(er)
