i can no longer use frankerfacez and betterTTV for twitch any way to restore this so i can resume using my twitch extensions
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Safari no longer allows external extensions
- Thread starter blindpcguy
- Start date
- Sort by reaction score
Apple is blocking Safari extensions from 3rd party servers, beginning in macOS Mojave. The reason is that extensions from 3rd party servers could in theory be malicious and harvest data (for example all your passwords) while you surf the web. In contrast, extensions available on the official Apple Safari extension website (https://safari-extensions.apple.com/) are verified by Apple.
Unfortunately, the two extensions you want to run don’t seem to exist there.
If you care, you should contact the developers and ask them for this.
Later on, Apple will stop accepting submissions to their extension site, and instead only accept submissions that are “Safari app extensions”. These are extensions to an existing app in the macOS App Store. For example, I bought 1Blocker on the macOS App Store, and that app came bundled with their Safari extension.
Hacks to bypass this are starting to surface, for example https://georgegarside.com/blog/macos/install-any-safari-extension-macos-mojave/. But don’t expect bypassing will get easier. It will just get harder as Apple tries to double down on un-verified code.
Critics will say Apple is doing this for money (App Store submissions require a developer ID which costs money). I say they do it for your and my security (the browser is the biggest attack vector nowadays, so it’s in all our interests that this code is verified).
Unfortunately, the two extensions you want to run don’t seem to exist there.
If you care, you should contact the developers and ask them for this.
Later on, Apple will stop accepting submissions to their extension site, and instead only accept submissions that are “Safari app extensions”. These are extensions to an existing app in the macOS App Store. For example, I bought 1Blocker on the macOS App Store, and that app came bundled with their Safari extension.
Hacks to bypass this are starting to surface, for example https://georgegarside.com/blog/macos/install-any-safari-extension-macos-mojave/. But don’t expect bypassing will get easier. It will just get harder as Apple tries to double down on un-verified code.
Critics will say Apple is doing this for money (App Store submissions require a developer ID which costs money). I say they do it for your and my security (the browser is the biggest attack vector nowadays, so it’s in all our interests that this code is verified).
It will have no impact on my security, as I have never installed browser-extension malware. It will however have an impact on the availability of useful extensions for my browser, as paying $99/year to host a free extension by far makes Safari the most expensive popular browser to develop for, and it's simply not worth it for a (comparatively) small number of users.
Don't get me wrong, I'm not saying Apple shouldn't be concerned about this from a security perspective. There are various ways to improve the security of browser extensions and block malware. But Apple's choice of requiring all developers be registered to submit to the App Store seems like the most profit-driven one to me.
- Apple should definitely lower their membership price. I ain't gonna argue about that. Hopefully this happens someday, and the discussion will shift to security rather than security vs profit.
- Given that it's widely known that Apple users spend way more money on apps compared to Windows and Android users, those $99 will quickly get repaid. Extensions don't need to be free.
- I don't really buy your argument for en masse. Every PC guy say "I don't install viruses", but that doesn't mean all their PCs are clean.
- Everyone praise the Chrome extension library, but in terms of security, it's a Total mess (1, 2, 3, 4, 5, 6, 7, and tons of more cases).
- Given that it's widely known that Apple users spend way more money on apps compared to Windows and Android users, those $99 will quickly get repaid. Extensions don't need to be free.
- I don't really buy your argument for en masse. Every PC guy say "I don't install viruses", but that doesn't mean all their PCs are clean.
- Everyone praise the Chrome extension library, but in terms of security, it's a Total mess (1, 2, 3, 4, 5, 6, 7, and tons of more cases).
Powerful extensions like uBlock Origin barely get Safari maintenance as it is. Raising the bar for developing Safari Extensions while reducing their capability will lead to Safari fewer meaningful extensions and little positive of note.
There is no reason why Apple can't do an xProtect (or Gatekeeper, even) style system with Safari Extensions. Instead, they killed the Safari Extension Gallery entirely and no longer allow installation of extensions from non-gallery sources.
They replaced Safari Extensions entirely with a way less capable 'App Extensions' system (game over). That you have to pay $100 to submit App Extensions is more or less a footnote; no one is going to be porting their big, multi-platform extensions to an entirely different system* just to satisfy the requirements of one vendor. Unless that vendor was Google. Safari for Mac does not have the user base to justify that level of effort.
There is no positive here. This makes Safari less useful. Efforts to improve security are good, but the end users need to be sufficiently trusted to make their own decisions that match their risk factors. Lumping everyone into the 'incompetent end user' bucket only serves to frustrate the few Safari for Mac users that still exist.
*If they even can; App Extensions are worlds less capable than traditional extensions.
There is no reason why Apple can't do an xProtect (or Gatekeeper, even) style system with Safari Extensions. Instead, they killed the Safari Extension Gallery entirely and no longer allow installation of extensions from non-gallery sources.
They replaced Safari Extensions entirely with a way less capable 'App Extensions' system (game over). That you have to pay $100 to submit App Extensions is more or less a footnote; no one is going to be porting their big, multi-platform extensions to an entirely different system* just to satisfy the requirements of one vendor. Unless that vendor was Google. Safari for Mac does not have the user base to justify that level of effort.
There is no positive here. This makes Safari less useful. Efforts to improve security are good, but the end users need to be sufficiently trusted to make their own decisions that match their risk factors. Lumping everyone into the 'incompetent end user' bucket only serves to frustrate the few Safari for Mac users that still exist.
*If they even can; App Extensions are worlds less capable than traditional extensions.
Last edited:
On point.
As you said, I don't see any reason why Apple don't just make the current Mojave situation the standard (i.e. you cannot regularly install unsigned extensions from outside the gallery) but give us a toggle somewhere in the preferences to turn that security behavior off, with a big fat warning not to do that unless we're sure about what we're doing. That's what they did for Mac apps with the Gatekeeper system and it's a good solution; why they don't just implement a similar system here is beyond me.
That way, they would have the increased security standards for the average user while not taking away the usefulness and features that more savvy users can get via third-party extensions. Instead, they just limit Safari's usefulness for everyone.
We can only hope that there'll be third-party solutions or hacks to allow classical extensions in Mojave (ideally ones that don't involve re-running the extension from the developer menu like there already are).
Now you're suggesting that developers should simply charge for extensions that have already free counterparts for Chrome and Firefox. That certainly doesn't do much to make Safari a more attractive platform, and I doubt it will lead to many users purchasing the extension.
It's true, the restrictions on the Chrome store are relaxed, maybe even a little too much so. They rely on users to report malicious extensions rather than reviewing each one manually.
There are pluses and minuses to this approach as well as Apple's. Some types of extensions would not be possible under Apple's restrictions.
But the main problem I have with Apple's approach is the paywall. You simply can't compare $99 every year to a one-time fee of $5. Developing Safari extensions is really only worth it if you are already a Mac or iOS app developer.
Agreed. Even requiring System Integrity Protection to be off would be fine by me, and would make it pretty much impossible for a malware install script to successfully change this setting programmatically without prompting a novice user.
Does Safari have that low of a user base on the Mac? Safari is the browser I use exclusively and have for years. I do have FireFox as a backup for those rare website which don't work well in Safari. I would never use Chrome simply cause it's Google. What other browser options are there?
hmm. anyone know of an 'accepted' extension to replace 'reloadalltabs' (which, with one click, reloads all tabs)...
Adguard was disabled when I installed Mojave, with a prompt it might slow my surfing experience, but the more troubling part for me is the security risk, whereby all webpage data including passwords can be logged. This extension is on the list from your link above but it doesn’t show up on the App Store. Right now it appears only 1blocker and ad control are there. What ad blocker are people using with Mojave? Is 1blocker any good?
