[Groxx]

I really wish browsers would change their security model for extensions :\

"all or nothing" is ridiculous as the only option - let me revoke access or restrict it to specific sites. I may not care if X has access to site Y, but giving it access to Z means giving it the keys to my life so hell no. I don't even want to use it on Z.

[vezycash]

> "all or nothing" is ridiculous as the only option - let me revoke access or restrict it to specific sites.

Thank you. I've been waiting for Firefox to add this feature for almost 2 years. For a privacy focused browser, this should be a must have, top priority.

[csin]

I think they have already? In the old days, you just click once to install a mouse gesture addon.

Now you have to dig into the settings. And give it permission before it could work. At first I found that annoying. But upon reflection. I guess it's a necessary evil.

Edit: I misread the parent comment.

[gnicholas]

Chrome lets you limit access to a list of specified websites. Right click the extension icon, click manage extension, and find the option there.

[sershe]

I wish there was a way to exclude some websites instead! I want most of the extensions like ad/script/etc blockers to run everywhere, except say GMail.

[Groxx]

Excellent, I hadn't noticed that one yet. Yeah, that's a good start.

[gnicholas]

I only discovered it because I was going to add a similar feature to my Chrome extension, and I was researching to see how others tend to implement it. I was glad to see that Chrome offers the feature natively, and surprised to see that Firefox didn’t.

[ffpip]

You can add domains to protected sites. No addons will work there.

So if you want no extension to be able to read gmail,

Add mail.google.com or google.com to

extensions.webextensions.RestrictedDomains in about:config

[mehrdadn]

It's fairly new (maybe 1-2 years old, I forget), that's probably why you didn't notice it.

[rob-olmos]

Agreed. Like with Pocket's Chrome extension permission model[1] that has a "read everything on all websites", when really it only needs brief access to the URL when I want to save something.

I tried changing the "Site access" setting to "On click" -- but then the extension started acting funny or not working in some cases.

Chrome has added a more limited "activeTab" permission[2], but even that might be too much since it grants control to the tab and continues to allow permission on the same origin.

Like the GP said, even if the extension developer isn't trying to exfiltrate data, they should do more to protect users from a compromise of their extension, and browsers should give them the models to do so.

IMO, good security models can be a foundation forward to better overall security compared to desktop apps since it seems that browsers are becoming an OS of their own.

1: https://help.getpocket.com/article/912-what-permissions-does...

2: https://developer.chrome.com/extensions/activeTab

[scns]

In Firefox you can choose for every extension if it is allowed to work in private mode.

[pvorb]

But this ties me to use private mode everytime I visit an important site. This is not what I want.

[ffpip]

You can add domains to protected sites. No addons will work there.

So if you want no extension to be able to read gmail,

Add mail.google.com or google.com to

extensions.webextensions.RestrictedDomains in about:config

[aabbcc1241]

You could fork the extension and modify it for your own usage

[Groxx]

while true, you can say this about anything which doesn't have any permissions system too. why worry about end-user security, they can just fork and modify.

which means, effectively, that it becomes a 0.001% or worse event. arguably the whole point of privacy-focused (or even -aware) software is to increase that beyond "fork and modify"'s ratio, as far as possible, because it doesn't work in practice for the vast majority of the globe.