Google falsely labels TrackMeNot as malware, bans it from Chrome store and suspends developer account.
On May 12th, we received an e-mail from Google informing us that our TrackMeNot browser extension, which protects users from tracking by search engines, was at risk of being removed from the Chrome Web Store. The alleged reason: it violated several of the Chrome Web Store’s Program Policies, such as providing an inaccurate description of its functionality or requesting permissions that it did not use. The e-mail also warned us that we had two weeks to make the necessary changes to avoid removal of TrackMeNot (TMN) from the store. Yet, in spite of the 14-day grace period, Google blocked TMN from the Chrome Store the very next day.
Blocking TMN from the Chrome Store had two immediate consequences. First, Google notified all current users of the software that the extension “contained malware”. Many long-time users (TrackMeNot has been listed in the Chrome Store since 2011, as well as the Mozilla store and other app platforms since 2006) contacted us to ask how and why they had received this notification, while others started a thread on Reddit to discuss why the extension had been disabled, and how it could be restored.
Secondly, Google removed TrackMeNot from the Chrome Store, so that new users would not be able to install or even to view it.
Google did not stop there, however. A week later, on May 19th, they also blocked our developer account, effectively preventing us from updating or fixing the alleged violations they had cited. With our account blocked, we were not only unable to update TrackMeNot’s code, but we were unable to reach out to our users who had been misled to believe that TMN contained malware.
Confused and frustrated by Google's decisions, we reached out to Google the very same day, asking for an explanation and requesting reactivation of our developer account, if only to enable us to fix the so-called "issues” that had been identified. Google’s response came the next day (May 20th):
"Your developer account was suspended from the Chrome Web Store for publishing items that were engaged in malicious activities harmful to users. Given the nature of this violation your account will not be reinstated. We can’t disclose details about the malicious activity due to security reasons”.
We replied again, asking to know, if not the “details”, at least the general nature of the malicious activity with which we were being accused.
It was only on June 14th, more than a month after the original suspension of TrackMeNot, and after ignoring multiple requests for explanations, and for reinstatement of our developer account, that Google finally replied, acknowledging their mistake:
“We would like to provide you an update on your taken down item and suspended developer account for item ‘TrackMeNot’. We have reviewed your item and have noticed that there were some errant enforcements made to your item. However your published item contained the following errors which led to the take down of the item in the Chrome Web Store.
Violation: Requesting broad permissions that are not required to implement the extension’s functionality
Corrective Action: Remove the following permission(s) or request narrower permission(s) instead:
Tabs. The most recent version of your extension appears to rectify the above violation, however the general functionality of the extension is still being evaluated to ensure its compliance with our security policies.”
The last response came a week later, on June 21st:
“After further review of your item, we have confirmed that your item did not comply with our Program Policies and will not be allowed back in the store. However, your developer account will be reinstated.”
Given the fact that our AdNauseam extension was banned previously, this response, while frustrating, was not unexpected. When Google decides that they no longer want software to be available to users, they will find a reason to ban it.
Our experiences with TrackMeNot and AdNauseam, both not-for-profit, free, open-source privacy extensions, with many thousands of users, raises potentially troubling questions regarding Google’s self-appointed role as sole arbiter and gatekeeper for the Chrome Store, and the diminishing options it presents for developers and users alike.
This post is our attempt to be, at very least, transparent about Google’s decision to ban TrackMeNot (and, previously, AdNauseam) and to arbitrarily suspend our developer account, so that users and developers have additional information with which to make decisions about engaging with Google services.