[croes]

There isn't really a special protection if you install a extension in developer mode.

More the opposite because you have to totally trust the source.

Web stores search for certain malware patterns and get at leat some.

[rpdillon]

Thanks for pointing this out. The whole discussion around "the developer doesn't see my data" confused me, as the question of whether the code is malicious is orthogonal to installation method.

Given that uBlock Origin can do this, I'd recommend that route. uBlock Origin is probably the most trustworthy extension I've ever run across, and Gorhill has proven that he is trustworthy over many years.

[RheingoldRiver]

You're not wrong, but in this case the total source code is like 30 lines long so it's not hard to verify what it's doing yourself

[croes]

But that is independent from the way you install an extension.

You gain no security from an unpacked extension.