[awinter-py]

yes -- browser permission model needs to be much more granular

would be great if something like ublock is only able to disable dom elements, not insert them, for example, and has strong guarantees about not doing IO

users are much more able to audit permissions than to audit changing code

but permissions need to be 'shaped like' APIs or else they are too broad to provide power + safety together

[TeMPOraL]

It should start with access permissions being limited to user-specified (even if prefilled) list of sites/domains. There are extensions clearly meant for a single page (e.g. improving the UX), or a class of pages. I never install them, because even if those pages are not critical, the permission request is always scoped to "all data, every site", which means that e.g. this nice plugin decluttering YouTube could also exfil data from my bank's webapp.

[awinter-py]

pretty sure chrome provides this? or at least whatever build of chromium I am on, at least for local-unbundled extensions