Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wait until you see what’s possible with executables!

I like this project, but I also worry that eventually we’re going to lose access to extensions entirely because people will take away the wrong message.

Safeguards are good, but at a certain point I want my devices to trust that I know what I’m doing.



> Wait until you see what’s possible with executables!

The most important thing is whay you tell the user -

Windows says "We don't know where Trojan.exe came from, it could be a virus, are you sure you want to run it?"

Chrome says: "You downloaded Trojan.exe from our store, we manage it and check it for viruses. It only asks for harmless permission, install it!"

One is warning you, the other is entrapment.


Windows has an app store now too.

> It only asks for harmless permission, install it!

Not true. It lists all the permissions being requested. Sure the scrollbar issue is real and should be an easy fix.

I don't understand why people are so confused about permissions. If the user grants your extension permission to read your browsing history so it can provide value to them, why is that a problem? It's not. The problem is if the user grants a malicious extension the same permission because the extension is fraudulent. The author said this extension would never pass chrome store review, so it seems that the user would never be in this position in the first place and your example doesn't really match reality.


>I don't understand why people are so confused about permissions.

I don't understand why people (read: devs) still assume permissions are read and understood.

The vast majority of people simply do not read nor understand permissions and just instantly hit the OK button. Even Linus from LinusTechTips doesn't read permissions, and he's even a tech guru unlike most people.


So hopefully the Chrome store review process is the nanny they need.

The only thing that has permission to read and modify website data on my browsers is my password manager. I trust it. Without that permission it could not operate and provide me immense value. Yes, I would be hosed if it got pwned. It's a calculated risk on my part.

One cannot live in a world where we have the benefits of browser extensions and also disallow all behavior that could ever possibly be used for bad. It's an inconsistent worldview.


> hopefully the Chrome store review process is the nanny they need.

This is very disrespectrull.

When you supply exhaustive documentation of your software, how it works, what it does, to users, then you can mock them.


What are you talking about? I'm not mocking anybody. We have app store reviews because it's a known fact that not all users read or care about permissions. My point is simply that those safeguards exist for those users and they seem to be working rather well.


A nanny is for kids. Saying someone needs a nanny can be pejorative.


People (usually) understand the words that pop up when an extension/app asks for permissions. But they don't necessarily understand the implications of allowing those permissions. And most have little grasp on how to judge an authors trustworthiness, other than the star rating on the store listing... which is driven by other users who mostly also don't have a clue.

It is not unusual to see stories of malicious applications or extensions with hundreds of thousands of happy users and good reviews.


> I don't understand why people are so confused about permissions.

Ask the not-tech-savvy.


This article is not an example of a Chrome extension being downloaded from the store. Nor is it a case of the extension appearing to only ask for harmless permissions ("read and change data on all websites" is above the fold).


I'm not sure how you somehow drew the conclusion that Windows' warning is better than Chrome's.

Windows says "Now I know I say this for literally every program you download, but I'll say it again. It might be harmful because all programs can do anything at all. Good luck!".

Chrome says: "This might be harmful and it can do these things: X, Y, Z."

Apart from the stupid scrollbar issue that's clearly better.

The only problem is they have done the permission model that we've known for like a decade is broken: ask for permissions up front, you can grant all or deny all.

Could they not have spoken to the Android team who spent like a decade fixing that mistake and moving to fine grained on demand permission prompts?


> It only asks for harmless permission, install it!

I see it asking for two very scary permissions, two somewhat scary permissions, and one annoying one?


I think the problem is that you don't actually know what the permission is for. It isn't in relation to anything. It's a blanket permission. But almost everything asks for some kind of blanket permission when you install it. Your only option is to say yes. For mobile apps, things have got better and a lot of things ask for their blanket permission later on in the piece. In many cases, it's still not in relation to anything. When they are in relation to something, you're usually not granting permission to do the thing you want to do, you're granting permission to do anything like what you want to do.

The user isn't giving informed consent, because even if, like you, they are informed about what the worst case is for granting this permission, they have no reasonable knowledge about whether the worst case is likely, even knowing that they've been asked to give permission. The questions are simply too generic for informed consent to be possible. (Mobile apps are getting better here as well, but there's still a long way to go.)

So the permissions aren't actually about managing your risks; they're about managing Google's risks.


How would you like this to work?


The problem is not a single person is capable of making informed decisions on extensions. One day they could be good and reputable, next day they have been sold to a malware company.

Maybe the middle ground is all extensions have a legal entity in your country so you can sue them for spyware.


What?

The same can happen with any piece of software in the world. Why single out extensions?


We sandbox apps to prevent them from reading each others data. It's impossible to sandbox web extensions and have them retain basically any of the functionality needed.

As well as almost all regular software is backed by some large company with legal presence to hold responsible. The same can not be said for most extensions.


> We sandbox apps to prevent them from reading each others data.

This is also true of web extensions. I suspect you've never developed one. You can't read another extension's data. It's also not true on desktop platforms. The user is still the security domain in desktop computing.

> As well as almost all regular software is backed by some large company with legal presence to hold responsible. The same can not [sic] be said for most extensions.

Is this true? All the browser extensions I use are published by a real legal entity that can be sued if they are negligent. What corner of the web are you on?


There are at least 100s of extensions that are published by legal corporates, adgaurd extension is pretty sure a legally registered company as an example.


Not really any: popular open-source software, which gets reviewed and rebuilt by many independent people (distro maintainers) has a much lower chance to be hijacked this way.


Oh yes it can. Project owners have sold out before--sometimes without telling anybody. The threat vector is the same. Something you trust gets sold to someone else and it abuses previously acquired trust. Open source doesn't actually fix this specific trust issue. And BTW your browser extension's source is available to peruse locally on your machine after you install it. Surely you did that, right?


Being a popular open-source project is not a guarantee, it merely lowers the chances and complicates the attack.

Regarding extensions code: indeed, I do read the code of extensions that require some elevated permissions, if these extensions are not otherwise vetted. This is why I avoid installing excessively complicated extensions, unless they ask for minor permissions. Having the list of tabs if no big deal; accessing data in your tabs, even for a particular site, triggers scrutiny.


> Being a popular open-source project is not a guarantee, it merely lowers the chances and complicates the attack.

It also makes it easier to deal with it after the fact. You can fork an open source project the minute it's detected that it's doing something it shouldn't. When closed source software goes bad you can't pick right up from the last known good version and move on, you have to find a product that entirely replaces what you had and hope that it does everything you need at least as well which isn't always likely since you were presumably using the other software because it was better than existing alternatives.


Sounds like we agree then that extensions are not any different from other apps in this respect and that you should always review the source code if you are installing software that needs to be given great power.


> next day they have been sold to a malware company.

Or pwned


That already happened with Firefox for Android. The old version allowed extensions, the current version only allows something like 10 specific ones.

There will always be a forked browser or an independent browser that supports/allows extensions as long as the web uses HTTP.


It takes two clicks to install an extension. There's no differentiating people who know or don't know what they're doing with two clicks.


Is this a roundabout way of saying, just don't use Google products and services? (non-rhetorical q)


Oh, I am quite certain most corporations and hackers did exercise this curiosity for all of 2022, at everyone's expense. Shout out to Google for the ongoing cover-up. Can't lobby this one away.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: