The only trustworthy extensions are uBlock Origin and EFF's Privacy Badger. Everything else is best viewed as potential malware, no different than random downloadable executables.
Honestly, uBlock Origin and Privacy Badger are so important at this point they should just become part of the browser itself. They're already in a league of their own.
These API changes are actually perfectly reasonable. The new API lets extensions tell the browser what to do to the page in a declarative manner. This eliminates the need to pass private user data to the extension code and reduces the potential for abuse. This is a massive improvement compared to just letting random extensions see everything on the page.
uBlock Origin just happens to be so important and trusted by the community that it shouldn't be subjected to these restrictions. It's a special case.
I monitor the issue tracker and explore the source code from time to time. The developer posts on HN and seems to be committed to the project and everything it stands for.
I'm not sure if builds are reproducible though. I don't think the author would allow the extensions to be hijacked by malicious actors but it'd still be nice to be able to verify a packaged extension was built from a given git commit.
Gorhill isn't doing it for money, he's doing it because he believes in an internet where "user agent" means something. He engages in numerous ways with the community. You're sort of asking "How can I trust Gorhill?", and I guess my answer is "How can you trust _anyone_?" I trust Gorhill with this task more than I trust Mozilla, Google, Brave, or any extension put out by a company. Whether that level of trust exceeds a particular individual's thershold is a personal choice, naturally.
To echo the sentiment above, I trust a person, but not code, and not companies. This approach is certainly not bulletproof, but it's the best I've found.
It would be awesome if there was a volunteer financed code review group to review popular open source projects. I think I’m not the only one who would happily donate money to such a group for code reviews for various OSS projects. Initial code reviews would require a lot of effort, unless somehow automated, but after that it would be fairly easy to monitor and verify updates and changes to the code.
A prerequisite of that type of badge that I really wish existed is a standardized, interoperable protocol for curation. Instead of trying to solve the problem of malicious software with a walled garden app store, anyone should be able to publish their own curated list of software (or any type of project?). The core component is a crypto-signed statement like:
Publish lists of these (maybe RSS-ish style?), with sort of browsable/searchable/app-store-ish UI.
A key feature is verification. A user should be able to easily inspect the known "curator statements" for an app for the curators the subscribe to, and be able to run a "git fsck"-style validation that proves "this app really is the version that: passed the EFF's 'No Tracking' audit, is on reviewer Carol's 'Recommended' list, was rated "Teen" by the ESRB, and is on my friend Dave's 'Cool stuff you should try' list.
With such a system, anyone can perform an audit, and people can make their own decisions about what they want to trust.
Would this verification feature be similar to how keybase works? You post a "fingerprint" message to a host of public web sites (ie. Twitter, Facebook, GitHub Gist, etc.) that anyone use to verify your identity. The idea is that even if someone tried to impersonate you, they would have to take over all of your accounts in order to do so.
I like this idea and think it would be a great addition to the development world.
Would be good training for apprentices too. Reading code is probably one of the best ways to learn. Granted, it could include a sophisticated and obfuscated backdoor, but I think it would still be caught.
I wouldn't be so sure that it's an inevitability that things would be caught.
The "underhanded C contest" [1] is a good example of this and something I like to point people to. From their about page:
>The Underhanded C Contest is an annual contest to write innocent-looking C code implementing malicious behavior. In this contest you must write C code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should perform some specific underhanded task that will not be detected by examining the source code.
If you go look around the hall of fame on that site, or just take a look at the contest winners, it's absolutely insane how subtle some of those exploits are. And shockingly (to me anyway) many of the exploits don't require C or use some quirk of C, they would work in many different languages, the first contest winner is a perfect example of that [2].
I can honestly say that for some of them, even if you told me there was an exploit in the code, I wouldn't be able to find them on my own.
And the scariest part is that almost all of the submissions to that contest have plausible deniability. They look like innocent bugs, typos, or small logic mistakes. Some even layer multiple small subtle changes which each on their own are completely fine but when all run together reveal big exploits.
There are often other extensions that we find too precious to delete them, however we need them only at specific occasions. For those, I came up with a “meta-extension” to easily disable or enable them:
I find it easier to understand what application wants looking at numbers. And to toggle on 1st party cookies. My setup in between hard mode and nightmare:
> The only trustworthy extensions are uBlock Origin and EFF's Privacy Badger. Everything else is best viewed as potential malware, no different than random downloadable executables.
I think it's "safe". They are not going to put a malware on their extension as you installing the extension is how they make money. But as the company has a business model around collecting your browsing data and being a gatekeeper between you and advertiser it really depends what you're trying to protect against.
Honestly, uBlock Origin and Privacy Badger are so important at this point they should just become part of the browser itself. They're already in a league of their own.