Hacker News new | ask | show | jobs
by beaconstudios 1919 days ago
it shouldn't be necessary for users to know this because the permission-granting relationship is potentially adversarial, so the user will always be on the back foot unless they're technical/power users. It should be Google's responsibility to ensure that extensions only request the permissions they need.
1 comments
dwohnitmok 1919 days ago
> It should be Google's responsibility...

That seems ripe for more of the same articles of this flavor. The specifics would probably be just something akin to "turns out that using this permission in a way that Google didn't anticipate immediately gets your app shelved and leads to loss of users."

link
beaconstudios 1919 days ago
If you extrapolate down the fine-grained-permissions line, you eventually end up with effectively a legal system where the rules are encoded explicitly (and enforced programmatically) but the spirit-vs-letter of the law is left to interpretation by a judge (the reviewer in this case).

That's probably better than the scenario we have right now. Such a system of smaller permissions would be an improvement over every extension asking for all permissions and being able to do what they want with your browser.

link