undefined | Better HN

0 pointsnathankleyn10y ago0 comments

Said add-ons can also access your entire browsing history, listen to you type in your passwords to your online banking account, get access to your emails and hence online identities, and generally know everything there is to know about you in a very short amount of time and code.

I'd argue the threat here is that malicious extensions at this level can be done by somebody with little to no experience, compared to kernel extensions which actually require some modicum of skill.

Requiring signing is a recognition of the fact we are increasingly moving our lives online, and hence into the browser.

0 comments

2 comments · 1 top-level

uxcn10y ago· 1 in thread

Add-ons can do malicious things, requiring signatures doesn't stop that and it could even give a false sense of security. However, I think the major concern with signatures is the authority aspect.

nathankleynOP10y ago

You're absolutely right, as indeed pcwalton says above - but it's a step in the right direction from "let anybody have access to anything they feel like".

j / k navigate · click thread line to collapse