undefined | Better HN

0 pointsmattbierner8y ago0 comments

I work on VSCode. We are aware of the possibility of bad plugins or even good plugins that go bad. The real nightmare scenario would be what's happened with some Chrome plugins, where a widely used plugin is either co-opted or bought out and becomes malicious (even worse if it disguises its maliciousness).

All of these package ecosystems are similar to NPM in that they are built on trust and community policing. This is not enough. One possible way forward is to move towards an security model more like iOS's or Androids where apps need to explicitly get the user's permission before performing potentially dangerous operations like making network requests.

I'd be interested to hear how other platforms have tried tracking these sort of concerns

0 comments

2 comments · 2 top-level

ReverseCold8y ago

Explicitly asking the user before a plugin can make a network request would be great! I don't know what "sidebar enhancements" is/was, but it doesn't sound like that would need network access.

AdmiralAsshat8y ago

My concern would be that throwing internet connection under a consent flag may stop some shady apps, but the rest will just invent a bogus reason for why they need to connect: "We need to connect to the internet to check for updates!" How many Android apps have requested access to your Contacts, and waived the harvesting concerns away by saying it only needs to see your Contacts so that it can more easily pair you with your friends? Nevermind that they're also uploading the entire contact list to their servers...

Without an easy way to know who the package is connecting to, it only instills a false sense of security.

j / k navigate · click thread line to collapse