[beeboobaa3]

What are you even talking about? Every piece of desktop software you have ever ran has more permissions than a browser extension.

Is your stance that hobbyist developers should not be allowed to develop desktop software or CLI tools? The entire software development ecosystem would collapse in an instant. Or are you just not familiar with Windows & Macs (lack of a) permission system?

[vunderba]

Unbelievably poor comparison... for several reasons:

1. Most antivirus solutions built into operating systems such as Microsoft defender are unlikely to find suspicious extensions that are exfiltrating your data

2. Extensions autoupdate (and don't require you to re-authenticate their permission set)

3. It is not uncommon for large spyware companies to buy up a bunch of the most popular chrome extensions, and proceed to inject them with malware.

4. Since an extension runs inside your browser, it's much easier to forget that they're essentially always running, whereas once I exit a desktop app it's presumably gone. There's a dangerous level of passivity to browser extensions for an average user who might forget they even have them installed on the browser.

Maybe number 2 has changed in the last 10 years, but it certainly didn't used to be the case.

[beeboobaa3]

> Most antivirus solutions built into operating systems such as Microsoft defender are unlikely to find suspicious extensions that are exfiltrating your data

They can flag antivirus signatures just like everything else, and I've experienced this happening in the past. In the end, extensions are just some javascript/css files in a folder and they get scanned just like everything else.

> Extensions autoupdate

So can any piece of software if it wants to. It's trivial to make an updater start on boot.

> It is not uncommon for large spyware companies to buy up a bunch of the most popular chrome extensions, and proceed to inject them with malware

The same can, and has, happened for "regular" software.

> Since an extension runs inside your browser, it's much easier to forget that they're essentially always running, whereas once I exit a desktop app it's presumably gone

Desktop apps can trivially just not show a window if they want to. They can trivially add themselves to autostart. It depends entirely on what they're doing, just like an extension.

[skybrian]

The lack of sandboxing in desktop applications is bad, but you aren’t going to be writing code to read every web page a user visits by accident, and that’s what some browser extensions do on purpose. They’re inherently working with more sensitive data. So that’s worse in certain ways. (And they are more sandboxed in other ways.)

[beeboobaa3]

> but you aren’t going to be writing code to read every web page a user visits by accident

No, instead you're just reading all files on the filesystem, including the browser's cookie store or whatever. The data you are, or can be, handling is just as, if not more, sensitive since it's literally a superset of what the browser has access to.

> The lack of sandboxing in desktop applications is bad

Some sandboxing would be nice, but the Google/Apple approach of needing to beg the vendor for every little permission isn't the way to go, either. I'd rather have software that can actually do things as opposed to only having useless sandboxed "apps".

[skybrian]

My Mac sometimes prompts me to see if a Mac application should have access to certain directories, such as “Downloads,” so I’m not sure that’s entirely true anymore?

But in any case I think this is missing a distinction between what software developers can install in “developer mode” versus stuff that’s in the store for non-technical people to use. Apps in app stores see widespread use by people who barely know what a computer is, so I think there should be hoops you need to jump through to get distribution to the masses, at least for certain types of apps.

And those apps aren’t useless, they do important but security-sensitive things like banking, things us developers need to do too sometimes.

It’s a different world than hacking around on your Raspberry Pi or an old phone, and I think it should be different. Treating these situations the same muddies the issues.