[skybrian]

And that’s why it shouldn’t be in the Chrome app store at all.

As a hobbyist developer, having that kind of access in other people’s browsers is not something I want, and I’m suspicious of developers who do seem to want it. It’s like “hey, I wrote a fun game that requires root access.”

At least limit it to people who know what Github is.

[firtoz]

> hey, I wrote a fun game that requires root access

So... Just like AAA game studios, eh?

[MOARDONGZPLZ]

No. They are large and presumably have some sort of trust, and can lose the trust of people if they do particularly shady things. This may not bear itself out in practice of course. But a game studio has something to lose, whereas hobbyist developer 73683 asking for root permissions for no real gain to you has nothing to lose from any number of things like scraping sites you visit or using your browser as a tor exit node or any number of things.

[sandworm101]

>> No. They are large and presumably have some sort of trust, and can lose the trust of people if they do particularly shady things.

Sony? Microsoft? EA? Apple? Exactly which giant megacorporation is beyond shady things?

https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...

[ocodo]

Apparently people are a telepathically interconnected species, who won't fall for corporate scams in waves.

Sadly, both those things are untrue.

[gryn]

yeah, I'm sure Genshin impact's creators went out of business when their Kernel access anti-cheat was hacked by ransomware or more recently the hacks mid live broadcasted tournaments (don't remember which game, I think it was apex).

I mean that's what kids, teenagers, and young adults and non technical people in general are known for: their prudence and good technical decision making.

lets not talk about the other risk vector that Tencent, a chinese company is the one buying most of these game studios that have Kernel access (not exclusively).

[dspillett]

It doesn't even need to be a hack, or a malicious new owner taking over a game or other software package that has such access.

The original company could be malicious/stupid/both. See https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk... for the most famous example of “both”.

[MOARDONGZPLZ]

I don’t know what that is.

[dspillett]

Which is the problem with games having kernel access for anti-cheat and <whatever-else-they-want-to-do-with-it>.

You don't know what they are doing in there. You don't really know who they are. Even if you do, corporate machinations might mean who has access to the facility to <what-ever-they-want-to-do> on your PC could change at any moment without your knowledge.

Most end-users are blissfully unaware of the potential consequences of these level of access (Games having kernel access, and browser extensions having all-sites/all-contexts access).

[techjamie]

Can you imagine if one of the big anti-cheats got hit with a supply chain attack? That would be devastating.

[oneeyedpigeon]

Right, but Google is surely the one at fault here. There should be absolutely no reason that this extension can "change all my data on all websites", whatever the hell that actually means.

[tetromino_]

Not "change all my data on all websites" but "read the content of all websites I visit".

Because an extension that finds all button elements on all websites you visit, must necessarily start by reading the content of all websites you visit.

[oneeyedpigeon]

Yes, I think that one's acceptable in this case. It's the "change all my data" that is problematic.

[Retr0id]

I was under the vague impression that Manifest V3 was supposed to prevent this sort of thing. But looking at the extension, it is using MV3. Maybe it really was just about weakening ad blockers.

[skybrian]

I think both the developer and Google have some control over what appears in the Chrome store.

[beeboobaa3]

What are you even talking about? Every piece of desktop software you have ever ran has more permissions than a browser extension.

Is your stance that hobbyist developers should not be allowed to develop desktop software or CLI tools? The entire software development ecosystem would collapse in an instant. Or are you just not familiar with Windows & Macs (lack of a) permission system?

[vunderba]

Unbelievably poor comparison... for several reasons:

1. Most antivirus solutions built into operating systems such as Microsoft defender are unlikely to find suspicious extensions that are exfiltrating your data

2. Extensions autoupdate (and don't require you to re-authenticate their permission set)

3. It is not uncommon for large spyware companies to buy up a bunch of the most popular chrome extensions, and proceed to inject them with malware.

4. Since an extension runs inside your browser, it's much easier to forget that they're essentially always running, whereas once I exit a desktop app it's presumably gone. There's a dangerous level of passivity to browser extensions for an average user who might forget they even have them installed on the browser.

Maybe number 2 has changed in the last 10 years, but it certainly didn't used to be the case.

[beeboobaa3]

> Most antivirus solutions built into operating systems such as Microsoft defender are unlikely to find suspicious extensions that are exfiltrating your data

They can flag antivirus signatures just like everything else, and I've experienced this happening in the past. In the end, extensions are just some javascript/css files in a folder and they get scanned just like everything else.

> Extensions autoupdate

So can any piece of software if it wants to. It's trivial to make an updater start on boot.

> It is not uncommon for large spyware companies to buy up a bunch of the most popular chrome extensions, and proceed to inject them with malware

The same can, and has, happened for "regular" software.

> Since an extension runs inside your browser, it's much easier to forget that they're essentially always running, whereas once I exit a desktop app it's presumably gone

Desktop apps can trivially just not show a window if they want to. They can trivially add themselves to autostart. It depends entirely on what they're doing, just like an extension.

[skybrian]

The lack of sandboxing in desktop applications is bad, but you aren’t going to be writing code to read every web page a user visits by accident, and that’s what some browser extensions do on purpose. They’re inherently working with more sensitive data. So that’s worse in certain ways. (And they are more sandboxed in other ways.)

[beeboobaa3]

> but you aren’t going to be writing code to read every web page a user visits by accident

No, instead you're just reading all files on the filesystem, including the browser's cookie store or whatever. The data you are, or can be, handling is just as, if not more, sensitive since it's literally a superset of what the browser has access to.

> The lack of sandboxing in desktop applications is bad

Some sandboxing would be nice, but the Google/Apple approach of needing to beg the vendor for every little permission isn't the way to go, either. I'd rather have software that can actually do things as opposed to only having useless sandboxed "apps".

[skybrian]

My Mac sometimes prompts me to see if a Mac application should have access to certain directories, such as “Downloads,” so I’m not sure that’s entirely true anymore?

But in any case I think this is missing a distinction between what software developers can install in “developer mode” versus stuff that’s in the store for non-technical people to use. Apps in app stores see widespread use by people who barely know what a computer is, so I think there should be hoops you need to jump through to get distribution to the masses, at least for certain types of apps.

And those apps aren’t useless, they do important but security-sensitive things like banking, things us developers need to do too sometimes.

It’s a different world than hacking around on your Raspberry Pi or an old phone, and I think it should be different. Treating these situations the same muddies the issues.

[dougseismic]

Gatekeeping hobbyist mentioned