|
|
|
|
|
|
by unix1
3402 days ago
|
|
|
> you're already in the business of trusting the creator of the extension Those were my thoughts exactly. And tangentially related to your point, I am wondering why the addon developer, who I have explicitly trusted by intentionally installing their software, is not at least on the same or even higher level of trust as an unknown 3rd party web developer whose arbitrary Javascript application the browser automatically installs and runs when I visit a desired 1st party website? There are no built-in protections that Firefox (or any browser) provides for running arbitrary 3rd party code that happened to be included by an unsuspected website that features 3rd party fingerprinting, tracking user actions, access to DOM, whether for "benign" or malicious purposes. In my mind that is just as, if not more, important for both security and privacy. It looks like it is yet to be seen whether Mozilla's extended WebExtensions API will provide enough for existing add-ons that use current low-level access that to some level restrict 3rd party web applications. |
|
|