[interlocutor]

No, not secure enough. Remember ActiveX? The security policy of ActiveX was, the browser asks the user if he wants to install the ActiveX. If the user says yes, anything that happens afterwards is the users responsibility.

What you're suggesting is not that much better. Do you expect your grandma to be able to review the permission list for the browser extension?

Browser extensions are the modern day ActiveX. Yes, lots of them are very useful. But you could say the same about ActiveX controls too.

[bostik]

> policy of ActiveX was, the browser asks the user

Therein lies the problem. The entire industry has, ever since windows 3.1 (!), done their best to condition users with a single and highly destructive mindset:

"Press OK to make the annoying window go away."

The only way around this, and I'm not saying this lightly, would be to make the pushers and vendors CRIMINALLY AND PERSONALLY liable for the damage they cause to end users. Once we see the third or fourth offender nailed through their genitals, head down, on the town hall wall, the message will start to get through.

[tracker1]

A lot of it happens in countries other than country of origin... and extradition is difficult and often expensive. Though, I wouldn't mind seeing the people that write rogue extensions that harm people get doxed.

[petagonoral]

No, I expect browser staff/interested technical parties to review extension before publication. Why would your grandma review it?