If you want the computer to be "bicycle for the mind", you want to reduce friction so that "advanced" use isn't really "advanced", but normal. See also Hypercard, or how people use Excel in offices, or secretaries that extended Emacs because they didn't know writing Lisp was "programming", or countless other stories of end-user improvements.
If you want the computer to be a digital television set, or a digital collection of appliances, then sure - let's lock everything down, so that you can only do what you're allowed to by the vendors, and only through means allowed by the vendors. This is the scenario in which you want to add friction to end-user "advanced" use.
> How is the browser suppose to know whether the user wrote the extension or downloaded it from the internet?
It cannot be done in general - if a user can do something manually, a sophisticated piece of malware running outside of the browser can simulate too. But I think there's ways to add warnings without increasing friction. Having to manually re-enable each and every user-created extension on browser restart is IMO way too much friction. Being shown a warning about those extensions on each browser restart, but keeping them running sounds more reasonable.
Computers stopped being for enthusiasts by the early 90s - about the last time HyperCard was updated coincidentally. I remember the change well, it was around that time where the back of the InCider magazine stopped including code listings for interesting assembly language extensions for Basic and started listing “power users” tips.
Yes, I agree that having to re-enable extensions every time is too much, but going through contortions once isn’t.
If you want the computer to be "bicycle for the mind", you want to reduce friction so that "advanced" use isn't really "advanced", but normal. See also Hypercard, or how people use Excel in offices, or secretaries that extended Emacs because they didn't know writing Lisp was "programming", or countless other stories of end-user improvements.
If you want the computer to be a digital television set, or a digital collection of appliances, then sure - let's lock everything down, so that you can only do what you're allowed to by the vendors, and only through means allowed by the vendors. This is the scenario in which you want to add friction to end-user "advanced" use.
> How is the browser suppose to know whether the user wrote the extension or downloaded it from the internet?
It cannot be done in general - if a user can do something manually, a sophisticated piece of malware running outside of the browser can simulate too. But I think there's ways to add warnings without increasing friction. Having to manually re-enable each and every user-created extension on browser restart is IMO way too much friction. Being shown a warning about those extensions on each browser restart, but keeping them running sounds more reasonable.