Hacker News new | past | comments | ask | show | jobs | submit login

I don’t know about you, but I don’t trust all the extensions that I want to use.

Especially in Private/Incognito Mode I only want extensions for blocking ads/trackers + 1Password and that’s it.

Also being able to see what the extension does is really valuable to me, because allowing an extension to read the data on all websites you visit is really suspicious for a majority of extensions.

Mozilla has had a good review process in place and truth be told Chrome's Web Store has suffered from spyware and malicious extensions more than Firefox. But that's only because it is more popular and Google is known for really screwed / non-existent human support (e.g. extensions being reported as being malware with no immediate action).




> I don’t know about you, but I don’t trust all the extensions that I want to use.

That's fair, but this dynamic drags down usefulness of the whole platform. Browsers could offer extended permissions allowing extensions arbitrary control over the browsing experience, but they can't trust extension authors not to get greedy about privileges, and can't trust regular users to be smart about it. It's what happened with Android: applications requested every possible permission, users learned to just accept it.

> Also being able to see what the extension does is really valuable to me, because allowing an extension to read the data on all websites you visit is really suspicious for a majority of extensions.

That's true, and I wish there was an easy way to transparently run a I/O trace on an extension, and to have super-fine-grained user-level control over its permissions. I use a bunch of extensions that modify the contents of sites; I wish I could manually restrict them to a whitelist - and sometimes blacklist. Like, e.g. I don't need Cloud2Butt to work on my banking site.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: