Five years ago I had a whole bunch of extensions, but that ended whenever it was that I first learned that there were bad actors buying legitimate extensions from their developers and filling them with malware. After that I dramatically reduced the number I had installed, down to basically a password manager and ublock origin. The brief install-time vetting I used to do would would do nothing to prevent an auto update from installing something malicious in the future. Nowadays malicious browser extensions are the most common thing I find on family and friends' computers when I'm helping them with an issue.
Can confirm. As a dev of an extension with 10k users I get 3-4 emails a month in my spam which ask me to monetize my extension by secretly changing its users' search engines. My extension is open-source and quite small, but if the change was sneaked in I think most of the users would not notice. I stick to using userscripts for the most part since you can easily check their downloaded source and disable updates.
Example:
Beth Anderson <beth@monetize-extensions.com> Mon 10:58 AM
To: Mostly Spam <dev@x-ing.space>
Hello
I am Beth and I am offering monetization for browser extensions, with everything that is going on our team was extremely focused and productive in creating a way to earn revenue on extensions.
We offer to change default search to Bing or Yahoo on your extension which can earn up to $800 a month per 5000 users. This is a premium product by invitation only and can easily be added to your chrome extensions.
You are might curious to know if it is allowed? And I must say that this is completely allowed! Please reply to this email to discuss this further!
Open source doesn't solve it completely.. What you have in repo and what is published doesn't have to be the same thing. Unless people are doing the extra effort to compare them, which is extremely rare unless its quite popular. I've seen this happen a few times.
"You are might curious to know if it is allowed? And I must say that this is completely allowed!"
I feel like this would make a great corporate logo for a discount legal firm on It's Always Sunny In Philadelphia that Charlie would start when high on Elmer's glue.
