[hsbauauvhabzb]

While this is historically true, if the text is human readable - ‘may be able to read and transmit to a third party any data you input, including credit card numbers and passwords’ - is fairly likely to raise awareness. It’s not effect, but it’s better than nothing.

It’s worth contrasting clear communication such as the above to a EULA designed by scummy companies to not be read, browsers presumably have nothing to gain by exposing malicious plugins, so they’re a good candidate for the former.

If only we could get Mozilla executive to implement something actually useful instead of whatever meme tech they’ve lost their nut over this week, that’d be nice.

[tweetle_beetle]

In isolation this is true, but for most people they just want the product the extension is offering - skipping past boring warnings is a means to an end. There is also the issue of warning fatigue when extension authors normalise asking for more permissions - more warnings leads to less engagement.

One way to avoid this would be to have an extension market which highlights alternative extensions and how they differ in permissions. But it would be hard to maintain those relationships, create a new oppportunity to game trust, push responsibility onto the market owners, etc. And ultimately, many interact with proprietary products without a direct competitor e.g. if FAANGs made them. So I can't see it happening.