So, this is a rally against all extensions? Expanding this argument, we basically get to a point where we don't trust any software:
1. No more browser extensions.
2. Want ad-blocking in Firefox? Request feature.
3. Feature request denied.
4. Fork Firefox.
5. Add ad-blocking to Firefox fork.
This leaves us with a couple of issues:
1. The bar to adding functionality to a browser has now been raised significantly. With a larger barrier to entry, we will see fewer extensions for trivial things like 'adding collapsible threads to HN', which can make your life easier, but isn't worth a fork of the entire browser to achieve.
2. Trust. You still have to trust the developer of the browser fork that same way that you have to trust the developer of the browser extension.
There's nothing different from any other extension, so what you're saying nobody should be using extensions in their browsers. Good luck with convincing people not to do it.
Well, I for one don't use any extensions with Chrome. And not even from security concerns. Just from lack of any interest to do so. Why should I? For some marginal utility?
I'd take it more average people don't use extensions either -- if they know what they are in the first place.
Well, Stallman browses the web by sending emails[1], so he still has you beat :)
But you must realize 99.999% of the population would never do that, and for most people extensions are vital and useful. So giving them such security advice is like saying "oh, personal security is simple - just never have any money and anything valuable and never leave home". Not very practical.
>Well, Stallman browses the web by sending emails[1], so he still has you beat :)
Well, I browse with Chrome Canary (and when it's in it's weird days, Beta), so I'm not any kind of Luddite.
I just don't see any extensions that are that useful. After all, we managed to get by without extensions in the "not using Firefox" camp for ages, until Safari/Chrome introduced them and we could get a taste.
To me they are more like the BS browser toolbars of yore.
>But you must realize 99.999% of the population would never do that, and for most people extensions are vital and useful.
Most people? If anything I'd say most people don't use extensions. From those that use a browser that doesn't support them, to those that couldn't be bothered or don't even know what they are.
Do you have any numbers that "most people" use extensions?
Yes, this is the point of extensions. Extensions are help you and others do things with the browser that the vendor shouldn't really spend time on. Approaching them with the idea that they're useless doesn't really help your argument.
For example, I once wrote a browser extension that extracts class calendar info from the school website and automatically syncs it to the calendar application of your choosing. It turned my class scheduling process from an error-prone 2 hour process to a 3-click 10 minute step. You can label that as a useless, marginal utility, but that's being facetious at best.
Although I don't do this on regular basis, but I happen to read many browser extension sources. They're mostly relatively easy to understand and contain no unconventional clever hacks or obfuscated parts. The only obfuscated code in most extensions are minified third-party libraries (like jQuery).
Won't say ABE's code is compact or easy to read, but it's fairly comprehensible and reviewing it in reasonable time feels possible. It is well possible that some tricky security issue will slip under the radar, but code contains no tricky math or crypto stuff where every single point is crucial for security, and spotting malware/spyware code should be possible.
1. The bar to adding functionality to a browser has now been raised significantly. With a larger barrier to entry, we will see fewer extensions for trivial things like 'adding collapsible threads to HN', which can make your life easier, but isn't worth a fork of the entire browser to achieve.
2. Trust. You still have to trust the developer of the browser fork that same way that you have to trust the developer of the browser extension.