> You heavily overestimate the degree of scrutiny that users applied to extensions.
I apply scrutiny in the form of very carefully vetting the author's identity and reputation. At the end of the day that seems to be a fairly common and reasonably effective approach.
> XUL-era extensions had vastly more power than WebExtensions. They were equivalent in power to native executables
That was an important feature, not a bug (IMO). Sure WebExtensions are nicely sandboxed away from the OS, but the threat posed by a malicious version of uMatrix or Dark Reader is nonetheless difficult to understate.
Certainly many users made poor decisions. Certainly there were valid technical issues at play. But let's not pretend that all users are irresponsible or that there weren't serious drawbacks to what was done in terms of lost functionality. Some of the modifications I made use of still haven't been replicated in WebExtensions due to lack of ability (AFAIK). The only solution I'm aware of would be to patch the browser myself and recompile it, which is an _incredibly_ high barrier to entry (and that's before the ongoing maintenance burden).
There's a reason that phishing is the go-to infosec attack vector. It's because we still blame users for being tricked into doing things they shouldn't, rather than taking the time to build systems that prevent such vectors from working.
I'm happy that extensions no longer have such wide-reaching access to the system. Whatever we lost in power-user tinkerability isn't worth the high personal cost that the malicious extensions would have on the lives of unsuspecting users.
I don't think this sort of security trumps everything else approach is a valid line of argument. Surely there are tradeoffs to be made, and surely one size doesn't fit all.
As to phishing in particular, I don't agree that the issue is a lack of willingness to design resistant systems or a misguided assignment of blame. I think it's because solving that problem at scale in the real world is (or at least was) legitimately difficult. The vast majority of people in the world don't carry a YubiKey on them and probably won't any time soon. There are even users in the US that still don't have reliable access to a mobile phone! A product that doesn't work for the actual users simply isn't viable.
>There's a reason that phishing is the go-to infosec attack vector. It's because we still blame users for being tricked into doing things they shouldn't, rather than taking the time to build systems that prevent such vectors from working.
Such system was already built in the bronze age: Troy.
I apply scrutiny in the form of very carefully vetting the author's identity and reputation. At the end of the day that seems to be a fairly common and reasonably effective approach.
> XUL-era extensions had vastly more power than WebExtensions. They were equivalent in power to native executables
That was an important feature, not a bug (IMO). Sure WebExtensions are nicely sandboxed away from the OS, but the threat posed by a malicious version of uMatrix or Dark Reader is nonetheless difficult to understate.
Certainly many users made poor decisions. Certainly there were valid technical issues at play. But let's not pretend that all users are irresponsible or that there weren't serious drawbacks to what was done in terms of lost functionality. Some of the modifications I made use of still haven't been replicated in WebExtensions due to lack of ability (AFAIK). The only solution I'm aware of would be to patch the browser myself and recompile it, which is an _incredibly_ high barrier to entry (and that's before the ongoing maintenance burden).