Hacker News new | past | comments | ask | show | jobs | submit login

Based on what they can do, extensions should be naturally trusted to the same extent as the browser itself... I think this is a feature, not a bug. Besides, AFAIK with extensions being distributed in the form of source code, it's not hard to inspect one to see what it truly does, and it only takes one person to find out and tell everyone else.



The issue with this is updates. In most of these cases with malicious addons, the addon was safe initially, then the author slips in some tracking code / spyware etc. at a later date.

While I might inspect a source for a single sketchy looking addon at installation, inspecting every addon every time it's updated (sometimes weekly or more often) is absurd, and that's why you get cases of adware slipping by for months before anyone notices.


You're very correct about updates, but on the other hand I wonder what type of addon needs to be updated at such a high frequency?

Although making a way to easily see the changes made with each new version, something diff-like, would alleviate the problem.


One part of the problem is that most of the extensions are updated silently in the background. Some extensions fire up a new tab with a page displaying new features and such, but this is not a requirement in any way.


Even worse, they only update if they don't need any additional permissions. Thus incentivizing developers to ask for more permissions up front.


That's exactly what I wonder about Adobe Acrobat so often.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: