undefined | Better HN

0 pointswizzwizz44y ago0 comments

There's no design of browser add-on that could check for that. They update it every so often as it is, and they could serve the modified version to everybody, but it only does the modified behaviour for some people.

0 comments

1 comments · 1 top-level

dane-pgp4y ago

The browser add-on that comes closest is Signed Page[0], and in theory it could provide TOFU level security by requiring the user to opt in to new versions. For unclear reasons, though, the devs seem to be against implementing that.[1]

Any system for protecting against backdoors assumes that someone is auditing the code to check for user-specific code paths, so the only extra layer of security to add is some sort of Binary Transparency. A good example of that is Sigstore, which is being experimentally integrated with the Arch Linux package ecosystem.[2]

[0] https://github.com/tasn/webext-signed-pages

[1] https://github.com/tasn/webext-signed-pages/issues/13

[2] https://github.com/kpcyrd/pacman-bintrans

j / k navigate · click thread line to collapse