[psychometry]

How can I trust that this extension, which has access to every page I visit, doesn't steal my data? How can I trust that if someone else takes over the project and releases an update, that my data is still secure?

Looks great, but I'm just so skeptical of browser extensions now.

[alexanderby]

Firefox add-ons pass full source code review before the submission after the Stylish incident. Safari extensions also pass manual review, Apple asks developer to send an ID card photo. Not sure about Chrome, you have to simply trust me, the code is not obfuscated and you can always locate the files and see what the extension does in your browser. Google recently announced some security changes https://blog.chromium.org/2018/10/trustworthy-chrome-extensi...

[kristofferR]

Is that really true? I was really alarmed when this extension requested access to all websites and added a ton of obfuscated code with the latest version for no apparent reason: https://addons.mozilla.org/en-US/firefox/addon/restore-old-t...

I've reported it, but nothing seems to happen.

[rickycook]

yes. to submit to firefox you’re required to provide them with the source code, but you may transpile it so long as they can verify that it’s the same AFAIK?

[gnode]

> Apple asks developer to send an ID card photo.

To me this sounds like the most vital thing to improve trust. Having browser developers review all the source code in detail is unrealistic, and even then, won't defeat underhanded programming (is it a bug or a deliberate vulnerability?). Legal accountability combined with auditability at least provide a deterrent to publishing malicious software.

[stephenmm]

Yah I am sure hardcore hackers are giving up the gig b/c they need a PHOTO of an ID! And now the ones who are legitimate have to trust a company with their IDs? This seems like a VERY weak stop-gap measure to a very difficult problem.

[21]

DO they also inspect the hundreds of npm packages an extension might use?

[saagarjha]

> Apple asks developer to send an ID card photo

Is this something specific to Safari extensions? I have never heard of anyone having to do this.

[anewguy9900]

to be less disingenuous, the review process seems to be limited to looking for specific known attack vectors, rather than a full review or evaluation of the sourcecode (which would be impractical). that said, yes, someone at mozilla does at least eyeball it

[miles]

To his credit, the author has released the source for the Chrome and Firefox versions:

https://github.com/darkreader/darkreader

However, I posed the same question in the MAS about the closed-source Safari version, which requires full access to webpage contents ("Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on all webpages") and browsing history ("Can see when you visit all webpages").

The author's response boiled down to "trust me" and "trust Apple's review process".

Shortly after mentioning recent headlines highlighting weaknesses in Apple's review process ("More malicious apps found in Mac App Store that are stealing user data" https://appleinsider.com/articles/18/09/07/more-malicious-ap... , "Mac App Store apps are stealing user data" https://blog.malwarebytes.com/threat-analysis/2018/09/mac-ap... , etc), Apple deleted the review, but a cached version can be found here: http://www.gadgeteur.com/2018/11/26/dark-reader-for-safari-a... and here: https://pastebin.com/DxsWcaj7 .

EDIT: Other than the permissions issue (which was unfortunately a show-stopper for me), I was very pleased with the Safari extension's functionality; it could be a good fit for those who restrict their web browsing to non-sensitive sites or who can remember to disable it when necessary.

[atestu]

But there's no proof that the published source code is the source code of the extension! You still have to just trust them

[ibly31]

There's an extension that allows you to view the source of any Chrome extension direct from Chrome's repository.

"Chrome Extension Source Viewer" I use it to audit every single app that I give permission to read each site.

[keehun]

You can always load your own from source.

[anyzen]

Sure - but do you? Does anyone?

EDIT: a better solution would be if the store itself allowed you to inspect the source that went into building the plugin. Then you would only need to trust the store itself, which you already do (when you trust the browser).

[throwawaylolx]

It's quite common among many groups of people to download and install locally as it also protects you from unwanted automatic updates. For instance, those using MetaMask or Scatter to interact with a blockchain are often advised to install the extension offline.

[anyzen]

I have yet to meet a person who did it though. Though I'll admit that the argument against automatic updates is a good one..

[snaky]

> the store itself allowed you to inspect the source that went into building the plugin

Or at least build it from the source code, like F-Droid.

[gsich]

You don't need to install from the store.

[alexanderby]

Sorry, I'm not sure that publishing a paid app source code would be a good idea. There is a chance that somebody will publish the same app under different name. Somebody has already published a crack for it. And another Safari app already reuses some code from Dark Reader for Chrome.

There was a long discussion regarding this review https://www.reddit.com/r/apple/comments/9y0s2a/dark_reader_d...

You know, some Apple developer can also put some malicious code into Safari, but for some reason you trust them and use their browser, even though they used to slow down older iPhones without a warning, forcing users upgrade to newer devices. Who knows what they will do the next time.

[miles]

> Sorry, I'm not sure that publishing a paid app source code would be a good idea.

In an earlier comment on reddit, you wrote[0]:

"Safari version is not open source yet, but it did pass a manual review too."

which implies it would be open sourced at some point. Have you changed your mind?

> There was a long discussion regarding this review...

Thanks for the heads up. I'm sorry they didn't include the full context, including my comments; the links I shared above do.

[0] https://www.reddit.com/r/mac/comments/9n1eiq/mojave_dark_mod...

[alexanderby]

When the amount of donations will be enough, then I would be able to publish the source code of the Safari app. But currently it is the major source of revenue and it lets me continuing the development and spend as much time as possible.

[spurgu]

Install the extension (in a throwaway Chrome profile), review the code, then repackage it (small modifications needed to package.json) and install it in developer mode. And/or put it up as a repo if you wish (and license allows it).

[balibebas]

That's a valid concern. Certainly an easy way to Target an audience to get at a rich set of data. But who's to say Chromium isn't doing this already anyway?