Don't create them.
Don't use them.
Use Tampermonkey/userscript instead.
I think extensions should declare a bunch of CSS selectors that they need data access to, and if an element doesn't match those selectors, then all attributes and .innerText/.innerHTML should return undefined.
I don't care if normal people can't understand what CSS selectors are. Just hide it in "view technical details" box or something.
It is definitely a risk for users though.
You can also "opt out" of automatic updates, but the process is a bit involved.
1. Locate the extension on disk
2. Copy it to some other location
3. Add it as a developer extension via the "Load unpacked" button in the extensions screen.
I would also advocate for extensions being open source, but of course most of them are not.
Even that would only be a small step in the right direction, though, since plenty of apps already have broad enough privacy settings to inject scripts on any page with no change needed to the app manifest's permissions.
I really like this final comment. As a non expert in computing, I also often think about how young is this field, and I fantasize about how it will evolve, hopefully towards a more accessible and open ecosistem.
The author is way more optimistic than me here. I'd love if that were the case, but with the way the wind is blowing, I doubt that it'll be a collective decision between users and the big tech companies running today's computing platforms. If anything, it'll come through regulation.
It's highly unlikely that e.g. iOS or Android will suddenly and out of their own initiative open up their APIs in a way that would allow building anything like "reading mode"/distraction removers, ad blockers, data extraction allowing mashups between different apps etc.
Google's main customers aren't Android users, but app developers who run in-app ads and sell in-app purchases; the same is to a large extent also true for Apple (although DMA-like changes might shake up things a bit, and their reasoning for not introducing such apps will likely be security and platform integrity, not ads).
Otherwise it would be great. Any pointers?
What was funny to me is the fact the Facebook started to revert my posts when using this. I remember recording a video about it, don't know if i still have it though.
The elephant in the room is browser extensions are not a web standard and Google or Firefox can make a breaking change to you at any time “for security”. Also Chrome can boot you out of the store or ask for 100 point ID check in the future.
Extensions are great but a web standard for them would be even better.
Browser extensions are underrated: the promise of hackable software - https://news.ycombinator.com/item?id=20556382 - July 2019 (186 comments)
Has anyone who's built a browser extension solved this?
Too many unknown unknowns. You're searching for an element to modify or take an action on based on the text content/class/id/aria-label/type? Someone changed apple to train. Or completely changes the element hierarchy. How would you predict or recognize that to modify your logic and be certain it works before publishing to your hundreds/thousands/millions of users?
This comment: https://news.ycombinator.com/item?id=39251996 by Retr0id hits the nail in the head. It's not that we cannot modify the software, but there are so many layers of inconvenience... what about modifying and recompiling the browsers themselves? They're so big now. The solution would be extensions. But no. Security.
Browser Extension for Hacker News written in Rust WASM:
https://github.com/drakerossman/hackernews-userscript
It has filtering capabilities (filter in title, link, text, or username via regex) and softhide (hide all the items on a page without pulling others from the next page).
safari and firefox support them
You've always been able to add your own payment system. I sell a freeium extension with payments going through Paddle (I guessed Google might deprecate their payment system so didn't risk it!). Gumroad and Lemon Squeezy are other examples you could use, where they both have simple license key checking web APIs.
I actually make a living selling browser extensions in the iOS and Mac App Store. Apple users are willing to pay.
I used to sell my extension in the Chrome Web Store, until Google eliminated Chrome Web Store Payments (mentioned by another commenter). However, even with Google's payment system, my sales were extremely low; thus it wasn't worth my time to implement my own payment system in the Chrome Web Store.
Apparently Firefox also used to have a payment system for add-ons but eliminated it.
This is purely a choice by the browsers. Chrome and Firefox have chosen to demonetize extensions. Safari has chosen to monetize extensions.
You can still open a Liberapay if you want
No, it's almost always done, unless someone forgets.
Currently in the top 3 pages of HN there are 12 submissions with (20XY) at the end of the title. It's extremely common.
1) AI
AI is rapidly getting better at coding. Current AI is often bad at high-level architecture but is capable of making small local tweaks. Seems like a good fit for the kind of code you need to write a browser extension!
I'm exploring this direction; wrote more about it in "Malleable software in the age of LLMs" [1]
2) Security
Having talked to people who worked on various extension platforms including the browser extensions API, I see more clearly than I did five years ago that security is often the key bottleneck to deploying extension platforms meant for mass adoption. Anytime you want everyday computer users to be installing invasive extensions to important software from untrusted third parties, it's gonna be challenging to protect them.
That said, I still think that conversations around extensions tend to focus too much on security at the expense of all else. Customizability is important enough that it may be worth prioritizing it over security in some cases.
I also think there are many reasonable paths forward here. One is to exchange extensions with trusted parties -- e.g, coworkers or friends -- rather than installing from random people on the internet. Another might be to only build your own extensions; perhaps that'll become more viable with AI-assisted programming, although that introduces its own new security issues. And finally, I've met a few people who have smart ideas for architecting software in a way that helps resolve the core tensions; see [2] for an example.
3) Backend access as a key limitation
I've increasingly realized that the fact that browser extensions can only access client code in a fairly server-centric web means that many deep customizations are out of reach. Perhaps you can't read the data you want, or there's not a write API to do the thing you need.
While I'm optimistic about what extensions can do within the boundary of the client, this is an inherent limitation of the platform.
At Ink & Switch (the research lab I now work for), we're working towards local-first [3] software: collaborative software where the data and the code lives on your device. Among other benefits like privacy, we think this is the right foundation for more powerful extensions, since your data and the app code aren't locked away on a server.
[1] https://www.geoffreylitt.com/2023/03/25/llm-end-user-program...
[2] https://www.wildbuilt.world/p/inverting-three-key-relationsh...
Anything that is open enough to let someone who knows what they're doing customize the system to their liking, will also be abused by bad actors persuading people who don't know what they are doing to customize the system in ways that harm them.
The fact I can write my own custom keyboards on Android is great! But the fact someone can convince your grandparents to install a keyboard that includes an embedded key logger is not!
Browser extensions have always been a malware-rich ecosystem. Joking about removing all the toolbars from your parents' Internet Explorer whenever you went home for thanksgiving dates back to about 1999.
Adding either of those entitlements to a keyboard app should require extremely scary dialogs. Needs to be possible - perhaps you want your password manager with sync to be part of the keyboard app - but it's clearly a huge risk.
I do think that with every turn of that cycle we end up with better compromises. They’ll still be compromises, though.
Yes, you may read my phone contents, and as far as you know, it's the contents, the whole contents and nothing but the contents - it just happens to be a folder to me. An empty folder. It's a new phone you see.
Yes here's my contact list. Sorry it's mostly empty, there's just the costly premium number in there. I hope your mothership doesn't try to call it.
Yes, here's my microphone. Oh thank you, yes, I do a good impression of Rick Astley.
Pictures on my phone? Oh yes, right this way. It's all pictures of turnips. Do you like them?
The million dollar question is: how do you deliver those capabilities (a) without having grandmas phone full of spyware and (b) without giving your favorite Silicon Valley thought leader a 40% cut and total control of the ecosystem?
I don’t have the answer. Just trying to formulate the problem.
Contact list subset and pseudo-sensors (camera, microphone, accelerometer, barometer) are much needed.
Preset location is also needed, but some apps enforce DRM or other policy by location.
App-level network policy (whitelist, blacklist) is needed. For enterprise MDM, iOS allows per-app VPNs, which could enforce app-specific network filtering. With Apple Configurator policy files, Safari can have on-demand VPNs for specific websites.
I'm particularly interested in how general purpose CRDT toolkits like Automerge and Yjs could become the backing filetype for local-first software with interoperable sync/collaboration backends. The user can then have direct access to the underlaying data via standard tooling. Files can be linked, embedded within each other, forked and merged.
We could have a new hypermedia platform built on this, where all documents are possible to be shared, forked, edited in realtime...
Basically, love what you are all doing at Ink and Switch, excited to see what you publish next.
Deployment is just terrible. There's no way I'm sending my extensions somewhere over the internet to get signed after every change so I can use code I wrote on my own computer. WTF distopia is that? Nevermind the last time I checked the tooling for signing is some stupid ass 100MiB+ NPM/node app I have to now trust too. It's bigger than a freaking Linux kernel build itself.
100% this. It should at least be acknowledged that "security" often means less options for the user.
Maybe they attempt to fix them because they're limited by the platform and mostly low quality software?
Most browser extensions by weight are Google Chrome extensions. Google Chrome is unambiguously demonstrating that no API is safe in its quest to juice revenues. Anybody who builds extensions using Chrome's APIs should be very aware that they're quite possibly putting effort into something a juggernaut will stomp away without a second thought.
I don't care to live in strategically lost situations like this, so I think the conversation should be about Firefox extensions. Which also don't have a great track record (the transition to Google Chrome compatibility a few short years ago still annoys me greatly), but are a qualitatively better counter-party to deal with.
A tip in Chrome that I never see mentioned if you want to be extra safe when trying extensions:
- Go to Profiles > Add profile > Continue without account
- Install any extensions you feel like in this profile and they're completely isolated from the tabs logins, history, cookies and so on in your regular profile. Similarly, you can run Chrome Beta or Chrome Canary for installing extensions into, alongside regular Chrome.
E.g. you can install 10s of potentially risky web development extensions into this profile (they usually need a lot of access to do what they need to do), and keep them sandboxed away from the profile where you do your personal banking or login to work websites.
It's not practical for every extension, but I do this for my web development stuff and only use a couple of extensions for personal stuff.
I sell a browser extension where the permission I really want to ask for is "can only observe the network traffic it sends/receives in its own tabs" but I'm lumped with having to ask for the "read and write all your data" permission, but I make sure to share the above tip in the description (shameless plug: https://chromewebstore.google.com/detail/checkbot-seo-web-sp...).
Uh. Linux users would like a word here.
But more generally, there's a significant component of this that seems isomorphous to the question I was trying to discuss in a post I wrote several years ago called "Is Open Source a diversion from what users really want?"
There seems to be much more excitement about ways to "hack" software that do not involve build systems than the complete, open-ended and (theoretically) unbounded access provided by FLOSS. It's not hard to see some obvious reasons why that would be true, but still a little disappointing.
I tried to discuss that here, specifically in the contrast between Reaper's provision of scripting-but-closed-source versus Ardour's scripting-but-open-source.
https://discourse.ardour.org/t/is-open-source-a-diversion-fr...
[1] https://chromewebstore.google.com/detail/css-selector-helper...
Make it easy to find out which web pages they access and which they modified.
Minimized/encrypted code in extensions should be forbidden. It should be very easy to read the code.
E.g. this extensions says "records user activity", but what is that really: https://chromewebstore.google.com/detail/coffeelings/hcbddpp...
They're not full extensions, but userscripts and user styles go a long way, and extensions exist that allow people to create/use them in the browser (eg. Tampermonkey[0] and Stylus[1].) I consider them incredibly important, even though they can't do as much as extensions.
[0] https://www.tampermonkey.net/ [1] https://chrome.google.com/webstore/detail/stylus/clngdbkpkpe...
I'm fairly satisfied with editing in VS Code, using a tsconfig.json with strict mode and checkJs turned on, then using JSDoc for typing. The ugly bit is the manual copy-paste into the Tampermonkey code area each time.
I have no idea via the Chrome prompts what extensions are able to do, read, see, access, etc. "Allowed to access data on all websites" - Is this literally all data? Like what I'm typing? Like does it know when I go URL to URL? it is just reading the assets? Is there a chrome API that limits their access that I can see? What do I actually need to worry about? I have a video zoomer that lets me zoom in on any video on any website, do I need to literally audit each extension myself and make sure it's not mirroring my data elsewhere or something?
I have no idea. How would a non technical user know any of this?
- Are easy to edit
- Are inactive until clicked
- Work in all browsers
- Work on mobile
- Integrate nicely into the UI. I can move them around, put them into any bookmark folder, assign shortcuts.
I wrote this bookmarlet editor which makes it easy to convert between clean code and a bookmarklet:
Got any good bookmarklets you want to share?
javascript: (function() { document.body.contentEditable = true; document.body.spellcheck = false; })();
Open on wayback machine javascript:location.href='https://web.archive.org/web/*/'+document.location.href.replace(/\/$/, '');
Others that are longer https://github.com/madacol/web-automation/tree/master/bookma...I use a very limited set of extensions I trust like uBlock origin and Bitwarden. Also some developer extensions, but usually not on my main browser. Everything else is just not worth the risk for me.
[1] https://github.com/lunabrain-ai/lunabrain/tree/main/js/exten...
Sure, Webkit and VSCode are both open source and forkable along with their extension support, but any later development would rot compatibility until, and if, a popular fork emerges.
He had the same point, where it feels like browser extensions are a big, somehow under-appreciated market. Browsers are huge platforms -- creating add-ons and making them more capable should be a popular, value-generating thing to do! But for a number of (developer) UX/UI issues, that just hasn't been the case. I hope this changes!
I have moved over to only using extensions that have gone through Mozilla's manual code review necessary to become part of their "recommended extensions" program.
> Before an extension receives Recommended status, it undergoes rigorous technical review by staff security experts
https://support.mozilla.org/en-US/kb/recommended-extensions-...
As an experiment I develop my latest browser extension on Firefox [1], Chrome, and Edge [2] at the same time to see how difficult it is to share the same code base. The difference is minuscule, like less than 0.01%. Chrome and Edge are essentially the same. Firefox is a bit behind in Manifest V3 support and needs a few lines Firefox specific API calls. The manifest files have a few differences. Overall, sharing the same code base is very feasible.
[1] https://addons.mozilla.org/en-US/firefox/addon/one-page-favo...
[2] https://microsoftedge.microsoft.com/addons/detail/one-page-f...
Edit: You might ask where the Chrome version. Well, I had a heck of time to create a new Google account for deployment. Stay tune.
The unfortunate part of web browser extensions is that, like the treadmill of web frameworks and app development, browsers can’t seem to stop changing and tweaking how extensions work and remove perfectly good functionality. So you end up sometimes having to rewrite an extension or its manifest with very little assistance from browser makers. But at least you don’t need to learn XUL any longer, so not all changes are bad ;-)
I wish the chrome store gave badges to extensions like mine to make people more aware, give a filter when searching for new extensions, and to encourage least permissive development.
The chrome store extension rules are also unevenly enforced. Take a look at the source code for something like 1password. It is full of obfuscation and completely unintelligible which is against the store rules. I base64 encoded a single string that was my json dict in an otherwise completely readable js file and it went through on one publish but a few versions later was red flagged.
0. https://zaferbalkan.com/2023/10/03/browser-extension-api.htm...
1. They increase the attack surface of the browser 2. They have routinely been transferred to (for money) or taken over by malicious entities 3. Often they subtly break things in ways that are fine for expert users but which result in support reach out by others
The whole extension thing is a mess.
1. They increase the attack surface of the operating system 2. They have routinely been transferred to (for money) or taken over by malicious entities 3. Often they subtly break things in ways that are fine for expert users but which result in support reach out by others
The whole web browser thing is a mess.
Firefox allows their extensions to be far more powerful than Chrome's, but that power means they are also far more dangerous.
If Firefox were to really take off (like it should, imho), are we really ready for a web full of people being attacked by the worst spyware ever?
Chrome, for all its faults, has ruined their extension framework at least in part because they were trying to prevent this threat.
How do we make this work? Endless notification spam from the plug-ins? Expensive certifications for each plug-in release?
How unlike developing for literally any other environment.
Yes, there's always a counter-party. My point is it saves a lot of later grief to consider up front the counter-party you're entering into a relationship with. Their incentives and track record.
Why would the conversation not be about editing the Firefox source code to add or remove "features" to meet one's personal needs.
What is the point of "open source" if, to use the term from the submission title, the software is effectively un-"hackable".
There is no small amount of "attack surface", and many unneeded "features", that could be removed from Firefox to someone's benefit, maybe it's only one user,^0 but but that will effectively never happen. Why. It is open source so anyone should be able to audit the code and change it to their liking.
0. To be clear, I am not commenting about "most users" or the majority of users or whatever. I am referring to the small class of users who are explicitly dissatisfied.
In 1995, there were numerous non-commercial browsers. Netscape, the source of Mozilla, was one of the few attempting to commercialise.
https://www.w3.org/Clients.html
There is nothing wrong with having "all-in-one" programs. As long as other "not-all-in-one" programs also exist as alternatives.
Arguably, the aim of the "all-in-one" program may be to obviate the existence of other programs, namely smaller, simpler ones.
Those pushing gigantic web browsers might assume and argue, e.g., that it is inconvenient to have different programs for different tasks. This could be true. For some users. However it is also true that small programs can be made to work with each other. UNIX is the example. Over thirty years of continual growth. The companies behind the giant browsers probably could not survive without it. There is choice.
Large "all-in-one" programs and small ones like UNIX utilities can co-exist. The two are not mutually exclusive.
Personally, I prefer not to use a giant browser to make HTTP requests on the open internet. It is overkill and there is a profound lack of user control. (Hence "solutions" like "sandboxing", and an ever-incresing number of Band-Aids that serve only to add more needless complexity. The companies releasing these giant "all-in-one" programs are funded by advertising. Enough said.) For me the "modern" browser is more useful as an image viewer and media player.
It is possible to "browse" the web without advertising, tracking or other annoyances, I do it every day,^1 but not with one of these giant advertising-supported "all-in-one" programs like the "modern" web browser. It is a losing battle to try. No amount of "extensions" can change the balance of power over those giant programs.
Despite that these "browsers" are "open source", dissatisfied users who know how to program are not editing the source code to remove the bad bits. Instead they helplessly complain in forums like HN.
1. I am not a typical user. (Though I might be in 1995.) I prefer text over graphics. I like to read without distraction. Because text is easy for the user to manipulate, it seems to have a defense against advertising that is not available with graphics. For example, if text ads were inserted into response bodies, I can easily filter them out.
Because extensions are way easier to write, less likely to break because they use mostly stable public interfaces, and don't require an amazingly long compile.
Theoretically, you could sacrifice full compatibility by implementing only the APIs used for Google, Facebook, YouTube, Reddit, Amazon etc. and have something much simpler. But that would still be a hard task because you are making a big compatibility hack for certain websites. Like the wine compatibility layer only for websites. Except that the websites could stop working at anytime and then you'll have to pile on more interfaces to keep up with them.
When evaluating software utility we often times forget that websites are software and don't attempt cost them in. Using them is a recurring cost in terms of complexity. They are definitely not free or even low cost.
I would say, as the developer of an upfront paid web browser extension, that upfront paid web browser extensions are underrated. ;-)
It's a truism that if you're not the customer, you're the product. But what if you are the customer? I think a lot of the mistrust of browser extensions is due to the difficulty in monetizing extensions directly. If you're making nothing from an extension, and someone offers you a nice check to acquire the extension, it can be difficult to turn down that money, especially if the extension is a support burdern for the developer. Of course I have my price too, as almost everyone does, but at this point the price would have to be 7 figures (maybe 8??), which I don't think anyone would ever pay for my extension. My user base is relatively small, and thus doesn't provide a huge opportunity for data collection or other nefarious schemes, precisely because the extension is paid rather than free.
Sidenote: The "collaboration" offers come from time to time even to non-extensions projects, if they are reasonably widely used. E.g. simple tools (rather widely used suite of android apps recently sold).
Though, even if you are, paid products are often monetized in all the exact same ways. Why not.
Of course risks exist with desktop apps too, but historically this kind of buy-and-exfiltrate scheme is comparatively rare with desktop apps, particularly on macOS where signed apps are sandboxed and can’t do a whole lot without user permissions.
How locked down are desktop apps now on Mac, Windows and Linux? I haven't kept up. Do they still a lot of access by default to do malicious things with? I recently saw someone install the Adobe Acrobat desktop app and it installed its own extension inside of Chrome without asking. Games can have scary DRM as well.
Chrome extensions can't read/write to arbitrary places on your hard disk without asking for example and you can isolate them within separate profiles. Not saying they're perfect but there is robust sandboxing of what they're allowed to do. I'm curious how this compares to an Electron-based desktop app i.e. which is running Chrome on the inside but with the standard restrictions Chrome places on tabs and extensions unlocked.
Mac App Store apps are (mostly) sandboxed. Developer ID signed Mac apps distributed outside the App Store are mostly not sandboxed.
/Agree. It is crazy that I have to trust some unknown coder with all my browser data just to enable vertical tabs in Firefox.
Of course many of these extensions are open source and thus auditable. As I lack the skill to detect nefarious code, I am wondering if this might be a good use case for AI. Anyone have thoughts on building a good malware finding prompts?
I mean even having it document a best draft of what the extension code is doing would be awesome.
Unless it’s made into an extension and then you have a recursive hell.
Perhaps not convenient, but it certainly helps keep me on task when I'm in official-paperwork mode. :p
Hopefully transparency is one way to overcome this trust barrier.
That's like being upfront about what kind of getaway car you are going to use for the robbery.
Yeah it would be nice there were a way to limit the entire scope of an addon's permissions to a whitelist of domains. Chromium has a way of whitelisting domains an addon can run on[1] but I've assumed it doesn't affects the broader permissions you mention (general history, etc).
[1] Click 'Details' of the addon and switch the 'Allow this extension to read and change all your data on websites you visit' option to 'On specific sites' then add the sites to the whitelist.
You can do this for the network read/write permissions, where the permission request dialog on install will tell you the URL patterns the extension wants access to.
I can't do this for my specific extension though. My extension checks web pages for problems like broken links, so it needs to be able to fetch any web page URL you give it and then it has to fetch any URLs that are linked to on the page, so I have to ask for access to http://\\\* and https://\\\* (I could maybe get away with just the `activeTab` permission to check the domain of the current tab if the checks were more limited though).
The extension is only doing operations like this within its own tab, when you have the extension open, and for it's own network requests, so it's frustrating there isn't a more granular permission I can ask for as I've isolated it as much as I could.
It's a tricky problem though. Browser makers will have certain kinds of extensions in mind, and optimise to make the permission system and permission request messages friendly for those kinds of extensions. Less standard extensions usually have to settle for broader permissions with less friendly permission descriptions, until hopefully the permission system gets iterated on based on how it's being used in the wild (Manifest V3 in Chrome for example).
As a Linux user, I disagree. It's not quite the same. Yes, I could recompile my kernel if I wanted to. I can recompile most of userspace too. But it's a hassle, especially if you want to diverge from upstream, and maintain that divergence on a long-term basis.
You can do some fun hacks with LD_PRELOAD et al, but it's nowhere near the degree of flexibility and ease of access of browser extensions.
I am allowed to modify all the software as I see fit (and that's excellent), but the friction of actually doing so is (comparatively) high.
The question isn't whether you need to recompile source, change config files, download application plugins or set-up a bunch of check-boxes in a nice GUI.
It's whether you can trust those settings to stick.
I've lost count of people telling me that phone settings I suggested simply "reverted" or somehow turned themselves back on/off.
Even some Linux distros that use Snap alongside auto-updates etc are really quite sneaky.
But to my mind web browsers (and I include all of them, Chrome, Firefox or whatever) are utterly treacherous.
Any careful security stance requires constantly checking and re-checking that policies are still in effect.
... I suppose you could do the same thing with debian too. You'd just need to maintain an overlay repo that rebuilds off the upstream deb sources for the packages you touched.
At that point you're pretty much doing the same thing distro's volunteer maintainer is doing. Take an upstream package, add tweaks, rebuild them automatically with tweaks on the next upstream release.
You have endless different Desktop Endorsements ... Linux offer way more control over the OS then any browser extensions do. Firefox killed the system where you could more modify the look of the Browser, I do not mind, but I am still making this point when we talk about feeling in control.
You make no sense.
and dpkg-buildpackage will do all the hard work for you
The shift of Linux to systemd was a very similar experience to the decline of browser extensions. Yes, you can change how your computer works. But unless you're willing to put a lot of effort into maintaining those changes, the APIs you use will be cut out from under you and it'll be harder and harder to make your computer do what you wanted rather than what someone else thought it should do.
So chrome (or whatever) becomes a platform for distributing and executing software.
The total list of websites is available in the installation popup for the extension.
The chrome web store already bans code obfuscation. minification is allowed as there's no meaningful way to enforce the quality of variable names
The other problem is that the extensions can update. You typically get zero notification an extension was updated. Most extensions start off safe, but later get sold and used to farm data.
This won't help against intentionally-obfuscated code but it should help with security & privacy research for most extensions.
Edit: Firefox version: https://addons.mozilla.org/en-US/firefox/addon/crxviewer/
Like another user mentioned because of this I only trust a few key extensions(and like that user uBlock, Bitwarden, etc) with this sorta access.
I'd be very wary of those scrapy screen/session recording startups if for no other reason than they could be particularly vulnerable to supply chain attacks.
And you realistically have no way to sort the good from the bad. Especially when the good silently get sold to the bad and automatically updated.
I just had one big extension I use get bought by someone last week when it updated. I gotta dig through that now.. I used to hide that extension update popup screen but now I'm glad I didn't.
Unfortunately browsers only make specific api for task that many people does. So there is always a portion of extensions need the 'all data' because there is no way otherwise.
Depends on the permissions requested by the extension but often yes. The permission "Can read all data on any webpage" means exactly that.
> Is there a way to use browser extensions safely?
Yes. Depending on your paranoia /security standards. Here's what you can do ( ordered by importance.)
1. Use more than one browser (but stay away from proprietary or less popular browsers) and/or use multiple profiles (both firefox and chrome has them)
2. Have separate profiles for banking, personal email, work and general browsing. (Also good for productivity)
3. Banking profile should have no extensions.
4. Use only mozilla-vetted 'recommended' and 'security reviewed' extensions in firefox for less important accounts. Check the permissions carefully and see if they're sane. I don't use extensions in chrome at all since google web store does no vetting at all beyond automated scanning. It's the wild west out there.
5. You can be less careful with general browsing profiles as long as you don't log into important accounts. Use firefox containers (this is more for privacy though than security)
6. If some addon is tempting but not reviewed - i try to review the code (if its small and readable enough). after vetting, i disable auto-updates. A greasemonkey script that does equivalent functionality is often preferable since the code is usually smaller and readable. Disable auto-update there too. Otherwise resist the temptation to install too many addons.
Of course it doesn't help that it's a finance site that disables paste for which I need an extension to reenable, but at least I'm not letting the rest of my extensions get at my banking web session.
This seems so dumb. Is this the best solution from google/mozilla/etc? I am thinking that an option to disable all extensions on a particular site/tab could solve many issues, maybe even with default on for well known email and bank providers. This would encourage ppl to install more extensions because they don't care what happens when they just read reddit.
For me, an extension can only require so much hands on effort before that effort outweighs the rewards of the extension. Years ago I had the Vimium plugin and loved it, but the provided functionality isn't worth the necessary audits. Not wanting to have to trust that it never sells out or gets hacked, I got rid of it. These days I just use a small handful of extensions (ublock origin, noscript, vuejs devtools) that I feel comfortable trusting and that make a significant impact on my browsing experience. I can manage without the rest.
- Firefox has 'recommended' addons. In addition some of the more popular addons are security vetted (Their addon pages doesn't come with the scary "not reviewed" warning. These can be reasonably assumed to be safe.
- Also read my other reply to gp.
> These days I just use a small handful of extensions
Same here. Resisting fomo and temptations for new shiny is the hardest part but still worthwhile imo
(You could also audit the extension for complete safety, but TBH I'm usually too lazy to do that, and I assume that the risk of an extension currently being malicious is far lower than the risk of an extension later being updated to become malicious)
It also insulates you from critical security updates. Managing your own security is not without its risks.
That way I force myself to build them from source.
My habit is also to inspect the changes between upstream releases. It's mostly spot checks, but it's better than nothing.
[1]: https://aur.archlinux.org/packages?O=0&SeB=nd&K=firefox-exte...
I'll give an example since I'm tooting so loudly about this, my job entails a lot of R&D and distributing knowledge to other engineers in a concise manner. I use an app called hypothesis- https://web.hypothes.is/ which is very popular in research groups.
What it does is it lets me essentially annotate websites. So for instance I have an application with a front end UI, instead of writing readmes with no interaction to the front end UI I can actually annotate each page like a how-to, or a help doc. You go to that specific URL and get notified that there's a hypothesis doc on it to read.
When I used to work at a k8s distro company I used it to help teach people how to deploy clusters, etc.
Another one is Dark Reader that makes every single website dark mode.. Ublock I can't even remember a time of my life not using to block ads.. I do have null stuff via cloudflare dns as well but still use ublock everywhere since it's also a massive security improvement blocking chaotic javascript.
It's amazing for training situations.
From the terms of service: > Our services evolve constantly. As such, the services may change from time to time, at our discretion. We may stop (permanently or temporarily) providing the services or any features within the services to you or to users generally. We also retain the right to create limits on use and storage at our sole discretion at any time. We may also remove or refuse to distribute any content on the services, suspend or terminate users, and reclaim usernames without liability to you.
The game does not have any save mechanism, so I made a bookmarklet that loads and autosaves to localStorage
```
javascript:(function(){ const exportState = () => JSON.stringify({ discoveries: window.$nuxt.$root.$children[2].$children[0].$children[0]._data.discoveries, elements: window.$nuxt.$root.$children[2].$children[0].$children[0]._data.elements });
const importState = (state) => {
const { discoveries, elements } = JSON.parse(state);
const gameInstance = window.$nuxt.$root.$children[2].$children[0].$children[0]._data;
gameInstance.discoveries = discoveries;
gameInstance.elements = elements;
};
/* Set up a MutationObserver to listen for changes in the DOM and automatically export the current state. */
const observer = new MutationObserver((mutations) => {
const state = exportState();
localStorage.setItem('gameState', state);
});
/* Start observing DOM changes to auto-save the game state. */
const startObserving = () => {
const targetNode = document.querySelector('.sidebar');
observer.observe(targetNode, { childList: true, subtree: true });
};
/* Check for a saved state in localStorage and import it if available. */
const savedState = localStorage.getItem('gameState');
if (savedState) importState(savedState);
else localStorage.setItem('gameState', exportState() );
startObserving();
})();```
That seems orthogonal? Grandma's phone has the same spyware either way, but this makes it a toss up whether it can spy on anything real
Duh?
Who isn't motivated by money, though? The frequent acquisition of free extensions proves that even open source developers are motivated by money too.
The issue, again, is the identity of the customer. Is the customer you, the extension user, or is the customer the advertisers, making you the product?
Come to think of it, it could be a chrome extension...
The developer experience isn't as good as browser extensions yet, though. Iterating on a patch means downloading that package to a local directory and building it there, which won't be enough for, say, patches to system libraries. You have to actually apply the system configuration for that, which means recompiling.
I have a huge amount of respect for the work distro maintainers do. It's not especially fun or glamorous work, and many are unaware that it even happens, but it's essential.
Not ready to spill the beans yet though on my projects, first have low back surgery tomorrow to get an artificial disc put in between L5-S1 - and will see how much my overall pain goes down, and how much my productivity can go up - before knowing when I can make any public announcements.
I really wish they had a DSL for extensions to allow them to be more broadly written. Like, I feel like I have to basically learn js to learn to write a chrome extension and I'm a go/rust dev who will use it literally nowhere and I just want to make the AWS console not suck, for instance.
But I keep trying to will someone like me into existence to make this extension and nobody is appearing lmao.
The annoying thing here is how apps insist on either requiring full album access so they can implement their own photo picker or don’t provide a button to re-trigger reselection of “selected photos”.
I wish they’d just use the standard OS selector dialog and call it a day. I don’t care if the standard selector doesn’t meet some stupid product requirement, it’s good enough.
iOS Settings should have an app setting menu to "Edit Selected Photos".
- You have to put `;` on each statement
- You cannot use inline comments, // you cannot do thisGoogle has removed capabilities for certain categories and it's pretty easy to figure out what's going to be risky.
But I use a set of very useful extensions, none of which present any problem to Google, all of which are extremely useful, and all of which I expect to stick around.
It’s hit or miss. There have been advancements on macOS and Linux where there are mobile-style permissions and sandboxing in some cases, but one needs to be aware of how apps are packaged to be able to leverage these advancements. Adobe stuff and Chrome on macOS for example have basically free reign still as they have specifically opted out of OS sandboxing, while a lot of small indie apps are sandboxed. Chrome I think can be put in a sandbox on Linux by way of Flatpak.
Windows has done practically nothing and is the same as it’s always been where desktop apps can do basically whatever they please, especially if given privileges with UAC (which seemingly every other Windows app needs for some reason).
This is quite strange to me as I was very upset to uninstall it, and distinctly recall reading about the security concerns on this very website. But, whatever it was, I must infer that it was a flash in the pan about nothing.
From what I can tell, internet access is the default just to allow apps to have advertising. Too cynical?
Android originally could deny internet access to Apps which I found useful.
Certainly I don't want an extension or plugin to have pull access to the internet. That may limit functionality. But often only push is needed (e.g. blocking list could be pushed). No third-party keyboard should have internet access.
Edit: rewrote a little clearer.
I spent a bunch of time trying to figure out how I would implement such a feature on a standard Linux system to sandbox apps on my PinePhone, but there's no sane way you can implement a standard "you can have internet access but not touch my local network" policy.
Of course, if you've bought hardware controlled by it, that's unfeasible. Keep it in mind for next time.
I don't suppose there are review sites that mention how predatory and nagging a mobile app is?
I've basically given up on mobile apps around when the ipad 3 was launched and never looked back. The reasoning being that i got an ipad 1 when it was new, and you could still find pay once games then. But they all got replaced by free to play gambling applications mislabeled as 'games'. Then the news about utility applications tricking you into $50/month subscriptions came about...
The userscripts I've made have been mostly for work and I immediately dismissed "Violentmonkey" as unsuitable because of the name, I'm not going to ask my clients or their (less technical) clients to install something that sounds quite nefarious. Unfortunate! ("Tampermonkey" is bad enough, but at least it's widely known.)
Years ago on HN, I had commenters attack statements I made about the value of small, simple software. They literally challenged the terms "small" and "simple". After that I started prefacing these words with "relatively".
"When evaluating software utility..."
Another time, an HN commenter attacked a statement I made about how I evaluate software for myself. He suggested something to the effect that end users were incapable of evaluating software.
I actually very much like Apple's approach to browser extensions forcing them to be truly installed software and in the purview of tools that protect the rest of the system.
The Chrome browser extension ecosystem is perfectly fine in theory but suffers from reinventing installed software without taking any of the lessons we've learned about OS software. Nice cautionary tale but the web is different.
... by allowing software from big corporations not matter how user-hostile it is while randomly flagging/deleting harmless software make by individuals/smaller groups who have not paid the protection racket.
The AV industry is a scam.
> desktop software is more difficult develop (for your average hacker wannabe)
Desktop software can be written in the same languages as webshit and more.
> and has far less valuable data to go after
All data available in browsers is also available to native programs running besides.
I wouldn’t be surprised if Gen Z didn’t live through it.
b) Extensions can remove them, which is the pont of this discussion.
The tooling is often better there too, e.g. one can keep a short leash on app network activity with Little Snitch and similar but I’m not aware of an equivalent for browser extensions.
You don't need the keyboard application to be able to communicate externally for that. You could have a separate, optional, downloader/installer. That's better for security all around.
https://developer.apple.com/documentation/uikit/keyboards_an...
The question is do you actually trust regular users to understand what’s going on when they’re asked for permission to grant an app the ability to do something sketchy?
That narrows the gap significantly - to users who can't understand the issues, but can (even with the app providing an explanation) find reasonably well-hidden settings.
It doesn't matter if it's behind a footnote, an easter egg, a password input, a magic email code, a call with the main project developer, all of the above, etc. No matter how many steps you try to add, there are still an incredible number of idiots who will mindlessly tap through literally any number of dialogs, warnings, and disclaimers to get to what they want.
Their brain will entirely filter out the path they took. They will probably not even remember a single one of those intermediate steps. The only thing they care about is that they're fixing some problem.
This could be one of the reasons Apple and Google don't want you jailbreaking/rooting your devices. Someone will inevitably make a guide, and millions of idiots will follow it. It will legitimately make the device less secure for them because they won't have any idea what they are doing and likely won't even remember doing it. The only thing they care about is that they're fixing some problem.
This is one reason why some people get so panicked and upset when anything on their computer changes unexpectedly, even if the change is actually harmless. They never actually understood anything. They had managed to accidentally get it how they want it through a combination of stuff that they don't remember. When anything changes, they have to go through that process again.
Look, these people are great at following guides and learning routines. Repetitive, mindless tasks like data entry are perfect for them, because they have no other talent to worry about wasting. But because these people exist, you have to be really careful about what settings you add, no matter how well you think it is hidden, because they will be changed by people who don't know what they're doing.
So far, the devs that have told me this have done so because I asked for some setting to turn off some safeguards, and they said that it's a near-universal request from power users, but they still can't do it, because the rest of their userbase is too clueless to be trusted with that setting. They'd receive bug reports from people who have no clue what went wrong, when the reality is that they disabled the safeguards in order to make something work, and then promptly forgot what happened once it worked the way they wanted. This has supposedly happened so many times in the past that they just don't take the risk anymore.
Anyway, all this is to say that while hiding a setting, as opposed to automatically prompting for it, can definitely rule out a decent chunk of idiots, you will never be able to rule out the resourceful idiots that can mindlessly follow instructions.
Do you want software that allows you to do anything on a good day but is potentially catastrophic on a bad day?
The answer may still be yes, but regardless it's a more complicated a question than best vs worst.
Not at the expense of expert freedom.
1) “identified as risky” seems like it could hide some significant complexity (and room for error).
2) An extension might need to read from the keyboard. I don’t want to OK it every time. If I check once and then mark it as OK, I’d be worried that it could do something evil with that permission somehow, in a far-flung bit of the code.
I'm not sure why a similar system doesn't exist for browser extensions. Furthermore, there are limits to what features you can and cannot disable for Chrome extensions, and as far as I'm aware there are no logs of what actions they took.
I had an extension that randomly redirected me to scam URLs while doing completely innocuous things such as visiting the homepage for Gmail, YouTube, or performing a Google search (after pressing enter for the initial query, before clicking on any URL.) I had 15 extensions, and the redirects were infrequent enough that disabling extensions one by one wouldn't help much: it could potentially take months to track it down, and there's no way of disabling the permission to redirect to different URLs. I searched the minified source code for all of the extensions that I had, but none of them had the URLs I was redirected to. My guess is that they pulled data from a server and then redirected me to whatever malicious URL it pulled at that time. I also checked network traffic in the Chrome Task Manager to see if there was an extension sending data for unknown reasons, but again, nothing, so it likely periodically pulls a URL to redirect me to from some server, redirects me, and then sleeps for a few days. Short of un-minifying all 15 extensions and trying to understand the purpose of every redirect, many of which would be legitimate, I'm not sure what can be done.
In the end, I removed every last extension aside from my password manager and uBlock Origin (which fixed the issue — over one month later I've never been redirected to a scam URL.) Many of the extensions I used were open source, but I don't think any hash system exists to verify the minified code matches the source files for Chrome extensions (maybe I could do that manually, but I don't want to do that every time there's an update for any of the 15 extensions I had.)
It's unfortunate, as many of the extensions I used improved my productivity and helped me focus better and be distracted less. But as it is currently, the browser extension ecosystem simply isn't safe.
From what I've heard, Firefox's review process is better in some ways than Chrome's, but their extensions can have even more control of your browser.
I don't think it's impossible to design an extension system that is secure: extensions just need to have the ability to be granted extremely limited permissions, and any permission beyond what is reasonable should be denied in the review process for putting it on the Chrome or Firefox extension stores. Most of my extensions shouldn't have even needed Internet access (if they can execute JavaScript, they'd still be able to redirect me to a scam URL, but if it couldn't have pulled a URL from an external server, then the URL would need to be in the minified JS, so I'd have been able to catch it.)
We've been there, nobody died. 15+ Years ago, Firefox was significant more powerful, while also having a significant higher marketshare.
LOL
As long as they are lines [like ones used to collect card info](https://www.theregister.com/2018/09/11/british_airways_websi...) from British Airways (supply chain attack).
For how many days will profit be collected is the question (plus the fun criminal investigation).
Like, when you're typing and it's being monitored: in the corner of the window it says"Extension TweetSyndicator is reading your keyboard. Click here to manage extension."
If the "console" analogy doesn't resonate, think of Apple as NASCAR. NASCAR has created a private ecosystem. Participating in NASCAR as a team or a driver is a choice, contingent upon meeting their requirements and paying entry fees. NASCAR implements numerous safety measures — SAFER barriers, catch fencing, HANS devices, etc. — to protect everyone involved, whether spectators (users) or drivers and teams (developers and vendors).
NASCAR prioritizes the ecosystem first, then spectators, then teams and drivers — in that order. It doesn’t compromise the ecosystem or spectator safety to accommodate individual teams or drivers. Driver safety is crucial, not just because NASCAR values them, but because incidents involving drivers can negatively impact the ecosystem and spectators.
Those wishing for NASCAR to resemble the Baja 1000 are tilting at windmills. Similarly, people who want iOS to be like Android aren't just wasting their time, but also disregarding the preferences of users who prioritize platform safety.
> Those wishing for NASCAR to resemble the Baja 1000 are tilting at windmills. Similarly, people who want iOS to be like Android aren't just wasting their time, but also disregarding the preferences of users who prioritize platform safety.
How providing ability to sideload and having ability to use custom browser engine compromise the system? How having ability to use terminal disregard platform safety?
All of those are artificial limitations and you know it.
While I do use search engines and the resultant resources all the time, I don't follow steps completely cluelessly/mindlessly and later forget that I did it. I don't know what the equivalent would be for non-tech - I at least try to understand what a guide is doing so I can reproduce it independently later. I try to develop basic intuition for everything that I do. It is hard for me to imagine someone who lacks that ability. I don't mean to be offensive to anyone in particular, I just use "idiots" for the sake of argument to explain how any setting will eventually be found and changed.
Is it normal to forget the steps you took to accomplish a task? To, say, specifically turn off a setting for crash protection, then completely pull a blank if the program gets into a crash loop later?
What’s more likely is that if you change a setting with an incomplete mental model of what that setting affects, you might later discover that it opened you up to some risk that you did not appreciate when you made the change.
This affects technical users just as much as nontechnical users, it just kicks in at a different level.
A user who clicks the ‘install anyway’ button on an OS warning dialog telling them they are about to run untrusted software might be doing so without an appreciation of quite how many safety features they just disabled, so when asked later on ‘when did you turn off your firewall?’ they honestly don’t know that was something they ever did.
But likewise, a developer who enables a setting to solve problem A, without realizing that that setting will also screw them when they run into problem B, is… basically the cause of 99% of debugging.
‘It can’t be DNS because that would always be cached, unless there’s some setting that… son of a bitch, who knew that when you enable debug logging it disables DNS caching?’ - some developer somewhere at least once a day
Yes, it’s very common. Immediately after doing it, in fact.
Do you not even make mental notes of permanent changes you've made to the system...?
I mean, I don't think you'd, say, turn off some crash protection and then later complain about crashes. You'd remember that you previously turned it off, wouldn't you?
I'm so confused, heh.
> I'm so confused, heh
I’m biased right now because you assume stuff about me that you maybe shouldn’t.
Everyone’s experiences and thought processes might be starkly different from each other.
(No matter which observational group you put people into.)
I only talked about "typical thought processes" because you said "we all" which I assume meant the general population. Didn't assume anything about you.
Even though the base problem was given to me by another, everything I wrote about "what makes a resourceful idiot / how they are a problem" is based on my personal perception of the ones that I've seen. Which is most likely going to be a neurodivergent's impression of certain neurotypicals. AKA biased.
And the "I don't think" was leading a question, not making an assumption about you.
> Everyone’s experiences and thought processes might be starkly different from each other.
...which is I'm so hesitant to believe that everyone is a resourceful idiot.
And why I made a disclaimer about the fact that my own thought processes might be starkly different from not just who I'm describing, but other brains in general.
The mind process you have described is pretty standard, even using some different things to recover information instead of saving it. There is no neurodivergent path of extracting information and there is no neurodivergent understanding of reality or neurodivergent thought process.
> At this point I don't really know if you understand what 'neurodivergent' means. People who suffer for neurodivergency does not have different mental mappings than those who are neurotypical. Also, the way they construct their own world does not differ from neurotypical
to
> Do you feel that something needs to be addressed about the way LoganDark disclaimed that they were biased on account of their neurodivergency
?
You would be surprised.
> The mind process you have described is pretty standard, even using some different things to recover information instead of saving it.
Well, I'm glad that it seems accurate at least. I was trying to describe a "standard" process, after all.
I should let you know, though, that my brain doesn't work that way. Reason why I say I'm biased is because I don't see what I described as a particularly interesting way to live life, so my description of it might be overly cynical / insulting.
> There is no neurodivergent path of extracting information and there is no neurodivergent understanding of reality or neurodivergent thought process.
I don't know about a neurodivergent path of extracting information either, but you should know for a fact that certain neurotypes, such as autistic ones, do have a different thought process than normal.
When I think about something, my brain will also pull up every possible related thing and assemble an entire picture for me automatically. This is usually called something like "increased associative ability". I'm just very good at considering very large quantities of facts simultaneously.
It's not the same as being reminded of something I know. It's recalling every thing I know simultaneously that could possibly have any effect or be related in any way. Anything that could possibly have relevance.
I get that "for free" as a part of my neurotype. A neurotypical person would likely have to do that consciously or go through some sort of mental process in order to reproduce the same result. I don't have to do that. It happens automatically and instantly.
But because it happens automatically, I can end up looking really awkward because I tend to not be conscious of my processing delays. For example, someone asks me a question, I go "what?" and then give them an answer anyway before they can repeat it. For a second I thought I didn't hear the question, but it was just processing in the background.
Everything processes in the background for me. Thoughts just evolve on their own, draw from relevant memories on their own. All I really have to do is watch.
Try telling me that everyone's thought process works that way.