One benefit that FOSS provides is that there’s more eyeballs on the source code, so yeah, it’s a very strong trust signal. But sometimes priorities are a bit different, and ultimately you need to trust something.
IMO it still makes sense to personally vet browser extensions and trust the OS/browser:
1. It’s hard to create a new operating system or browser, so we don’t see many new ones. (Not taking into account Firefox forks / Chromium reskins here.) For browser extensions, the entry barrier is much lower, and the chance that one of them will be malicious is higher.
2. It’s also much harder to audit all of Linux, or Firefox/Chromium, especially if you’re not too familiar with the domain. For browser extensions on the other hand, it’s usually possible to go through them in one night.
IMO it still makes sense to personally vet browser extensions and trust the OS/browser:
1. It’s hard to create a new operating system or browser, so we don’t see many new ones. (Not taking into account Firefox forks / Chromium reskins here.) For browser extensions, the entry barrier is much lower, and the chance that one of them will be malicious is higher.
2. It’s also much harder to audit all of Linux, or Firefox/Chromium, especially if you’re not too familiar with the domain. For browser extensions on the other hand, it’s usually possible to go through them in one night.