> No, you can still grant permissions to web extensions, but the difference is that it's now explicit, and it is at least possible to design extensions with minimally-required privileges.
The problem is the reverse. Some permissions are now considered "too dangerous" for the extension, so there is no facility to grant them even if the user wants the extension to do that and it has a good reason to.
> Nothing would happen if I double-click that file, since it doesn't run on my OS.
In which case the website could have fingerprinted your browser and served you the one that does.
> Are you saying that because we can't protect all users from all harm, we should just give up?
I'm saying that we should give people the tools and information they need to decide if and to what extent they can trust something, instead of presuming to decide for them.
If XUL were to continue as it does on Pale Moon, here is no need for Web Extensions given they are a reduced subset in terms of functionality compared to the previous XUL/XPCOM versions.
And ironically for all the talk of making it more secure, the amount of cross browser malware has only shot up since Mozilla decided to dump XUL in favor of copying Chrome's extension system.
The problem is the reverse. Some permissions are now considered "too dangerous" for the extension, so there is no facility to grant them even if the user wants the extension to do that and it has a good reason to.
> Nothing would happen if I double-click that file, since it doesn't run on my OS.
In which case the website could have fingerprinted your browser and served you the one that does.
> Are you saying that because we can't protect all users from all harm, we should just give up?
I'm saying that we should give people the tools and information they need to decide if and to what extent they can trust something, instead of presuming to decide for them.