undefined | Better HN

0 pointsdessant5y ago0 comments

I was approached by Luminati on Twitter to turn my browser extensions into exit nodes, they are enticing developers to exploit users.

https://i.imgur.com/EbT96an.png

0 comments

4 comments · 2 top-level

oefrha5y ago· 1 in thread

This is why these days I roll my own extensions except for a few extremely popular ones developed in the open. Forget small QoL extensions, if I need it I write my own. Malware businesses routinely reach out to any remotely popular extension for acquisitions or “joint ventures”, it’s just too risky to install anything that’s not trust: ultimate, or known to be vetted by tons of people.

Btw, Firefox seems to have made it impossible to run extensions uncrippled from source without uploading to their server for signing. Utter madness.

halfbaked995y ago

I was wondering why my extensions weren't loading up even if after I messed with the settings, thank you!

nashashmi5y ago· 1 in thread

Auto-update of extensions and apps should be set to off by default. There would be less reason for extensions to be bought by other developers for their installed user base.

Secondly, how come there is no regulation about selling chrome extensions and apps?

acdha5y ago

If you turn auto-updates off, you're just reinventing early 2000s desktop security and attackers everywhere will thank you. Updates need to be automatic but there needs to be stricter rules about notifications to users about changes in ownership or functionality. A huge fraction of this would go away if corporate liability didn't allow hiding all of this in terms of service.

j / k navigate · click thread line to collapse