How is code supposed to determine user intent? The AVG developers would no doubt say the user intended to install their software and didn't want to have to learn all of the details, just like every other malware / adware vendor claims; the Chrome developers would say that users want to be secure but if you ask, millions of people will be insecure because they made a mistake or were encouraged to believe something was safer than it actually is.

There simply isn't a simple solution to this problem.

Chrome already blocks extensions not from the webstore on Windows, unless you use a developer branch. See http://chrome.blogspot.com/2014/05/protecting-chrome-users-f...

> I've got a huge problem with software that goes out of its way to prevent the user from doing something they explicitly want to do.

I guess you have a huge problem with Windows 7 or later or OS X 10.9 or later, which really go out of their way to prevent you from loading unsigned kernel-space device drivers.

Yes. Yes I do. I wasn't aware that wanting complete control of my devices was somehow a controversial stance around here.

it's not evident there's a lot of user intent here; almost certainly the user doesn't intend to break web security.