I don't know whether this belongs in the Chromium report system, or the Chrome report system... I also don't know whether it would be a feature request or a bug. 

But I do know that this is a critical issue that will create lots of problems for extension developers.

See the attached image of a graph of uninstalls for my extension. While the number of users isn't very big compared to other extensions, there is a clear, dramatic spike of uninstalls from yesterday when I put out the update. There were also several reviews that were updated from 5 stars to 1 stars within the last 24 hours, all claiming "works fantastically, but now it needs new permissions, why does it need my browsing history to mute tabs". Given this, it is certain that this is due 100% to the poor wording given on the permissions popup.

Some background on my particular situation. My extension mutes tabs based on their url using a black/white list. Since I have to access each tab's url, Chrome treats this as "reading browsing history", which while technically true, is *extremely* misleading. I did everything I could to put my privacy statement everywhere, to explain that it does not record the url, it only gets it to make the mute decision then discards it. But people do not stop to think. They will go on gut reaction and immediately downvote the extension.

Please, this wording must be changed to something more clear and neutral. Please change it to something like the following:

This extension can:
"Access info about your tabs, including the websites you are browsing"

Yeah, tabs is a tricky permission.  It allows the extension to see all the users URLs, which *is* a scary thing (urls can contain personally identifiable information, can be capabilities urls, etc), so it's important that we convey this to users accurately.  I'm also not sure if rephrasing this to something like "Access info about your tabs, including the URL" is inherently less evil-sounding than "read your browsing history".

srahim@ has been thinking about strings lately, and might have some thoughts here.

Separately, my suspicion is that the biggest reason for uninstallations is that requesting additional required permissions is always a big hurdle.  It's a necessary security feature that we prompt users, but it's disruptive, and the gut reaction is often "no".  We're trying to think about how to make this better.  In the meantime, optional permissions are perfect for this type of thing - they won't result in your extension getting disabled on users machines, and users who don't want to share the URL with your extension don't have to (and only miss out on the features that require it).

Thank you for responding. I don't think the prompt for updated permissions when the extension is updated should go away. However in my case, the extension always had the "tabs" permission. I did add a "notifications" permission though, so I guess since that changed, it automatically displayed the whole list of permissions even though only one of them was new.

I will look into optional permissions, I honestly didn't know that was available.

What do you think about my second suggested wording above my graph. It is still clear to "laymen" who don't know what a url is, but is a little bit more neutral. Perhaps in my case, if people had read that wording instead, they might have been able to make the connection that "oh, it needs to know what websites I'm on right now for the urls".

Ah, okay.  So you added a relatively innocuous permission (notifications), chrome pops up and says "this thing needs new permissions, it can now do <tabs> and <notifications>" and everyone got scared about the "tabs" - which was there all along.  Got it.

Good news!  We were able to make an improvement here recently so that only new permissions are shown in the bubble - see revision 70e6ee11261bfa85cf090fc27336be04572e59b7 and issue 443216.  This means that from now on, users will only see the newly-added permissions - in this case, notifications.  Bad news - this is in M60 (stable is M59 right now), so it wasn't in time to help you.  But at least it should be improved in the future.

Re phrasing, I'll defer to srahim@. :)

Thank you for responding so quickly, or at all really. I'm surprised. Also I'm glad to see that change will eventually make its way to stable, I think that is a good idea.

___________

I just want to make one last plea for changing the wording. When doing research for this extension, I read the reviews of many other tab muting extensions to see what I could do better, and I repeatedly saw comments about this same exact issue of "reading your browser history". Luckily for those developers though, they were able to reach the authors of those negative reviews some how, and assured them everything was on-the-level, which they updated their review to say ("I had some concerns about privacy, but the developer assured me...").

I truly understand the need to convey the seriousness of the "tabs" permission. But should not accuracy also be a goal. It seems there is a chronic and systemic misunderstanding of what that permission means. People are continually misinterpreting it to mean the worst thing possible. I don't think it should convey the worst thing possible just to be safe/conservative. I think you can find a way to convey the *possibility* of danger, along with all the other benign uses.

It is tough because the "tabs" permission encompasses so much functionality... getting urls, getting tab created/removed/switched events, changing tab states like mutes, etc. Maybe "tabs" can be split into more sub-permissions, idk.

> I just want to make one last plea for changing the wording.
To be clear, I'm not shooting anything down - I just know that I'm not the expert. :)  Let's give srahim@ a chance to look at it and see what she comes up with.  If we can get something that's clear and less alarmist - woohoo!

> It is tough because the "tabs" permission encompasses so much functionality... getting urls, getting tab created/removed/switched events, changing tab states like mutes, etc. Maybe "tabs" can be split into more sub-permissions, idk.

This is very true.  Part of this is legacy reasons.  It's definitely one of the broadest APIs.  We did realize this a few years back, and actually a lot of the tabs API *does not* require the "tabs" permission.  For instance, you can create tabs, reorder them, mute them, remove them, etc - all without the tabs permission.  The biggest thing is - you won't have the URL.  That allows developers to do accomplish a fair amount while preserving the user's privacy.  However, from your use case, it sounds like you *need* the url, and that will always be tied to the tabs permission.

I know you're not trying to shut me down, just wanted to add some new thoughts. Thank you for being active in this issue. You guys are pretty damn dedicated to this browser.

___________

A new thought occurs. This is getting pretty messy but I'll mention it anyway. What about putting something like a "Read developer privacy statement" or "Read more from developer" link on the permissions popup right under the permissions, and have that be a local (embedded in extension) or external url in the manifest. Would give the dev an opportunity to explain the permissions before hand.

Though I guess this is just a more convenient way to do something that's already possible for the dev to do with optional permissions... have a developer warning/explanation statement before prompting for approval.

Really belaboring this issue here, I'm sorry, but just thought of another point. 

"Read your browsing history" makes it sound like the extension can access the history page (and possibly cache/cookies/etc along with it) maintained by Chrome itself, which sounds more sinister than having access to the current url's and possibly tracking them over time. "history" is a separate API from "tabs" and should be described differently. With the "tabs" permission, the developer would have to put forth a lot more effort to manually track browsing history, whereas the "history" permission hands it to them on a silver platter, and as such has a different significance. 

This is why I do indeed think "can access info about your tabs, including the website addresses you're currently browsing" *is* inherently less evil-sounding than "can read your browser history".

Recommend merging this issue with:
https://bugs.chromium.org/p/chromium/issues/detail?id=429185

How about wording it "Can know which websites you're currently on"?