[vkou]

> 2) Every extension has to provide schema of any data it intends to send out of browser.

Just because I supplied a schema does not mean I'm not exfiltrating sensitive data, in a way that would not be obvious from the logs.

[petagonoral]

How many extensions _need_ to send data outbound? Before approving extensions for store/signing, the schema can be checked and if it's not tight enough - rejected.