That’s a problem because of the dynamic I described above — by and large, all software makers are trying to get users to trust us on updates, and so the likely behavior here is for users to just click “Install 2 items,” which means that they’ve now installed a completely new piece of software, quite possibly completely unintentionally. Apple has made it incredibly easy — the default, even — for users to install ride along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices.

It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the web by eroding that relationship. It’s a bad practice and should stop.

[I’ll make 2 points that I want to make very clear: (1) this is not a criticism of Safari as a web browser in any way, and (2) I have no objections to the basic industry practice of using your installed software as a channel for other software. This is specifically a criticism of the way they’re using the updating system. I’d much prefer to be writing about Firefox, but this practice hurts everyone and is important to note.]