Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I have done it a few times myself, I just looked at the website to be sure I'm installing the right one.

I don't claim no-one wouldn't, just that I wouldn't—and I'm a moderately techie type.

> I don't think stores provide any security guarantee anyway, anything you can do with an app outside the store, you could do it with an app inside the store.

Certainly the mere act of being in the 'store' itself does nothing, but I trust Mozilla's review process (certainly more than Apple's or Google's) to screen out some of the obvious security flags that I wouldn't, or couldn't be bothered to, notice.




Depends what we are talking about, if it's unintentional security issues, the store review is good for that. If the author is trying to put malware in the extension, you have so many ways to hide it that it's pretty much guaranteed they won't catch it. That's why I trust much more the sandboxing capabilities than the store review.


> That's why I trust much more the sandboxing capabilities than the store review.

Nobody has found a decent way to do fine grained permissions for extensions yet and it's made much harder (compared to say mobile apps) when many extensions need to read/modify data on any web domain.

The ominous "Access your data on all web sites" permission is required by uBlock for example because there's nothing more fine grained that will let it block the network requests it's checking for.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: