upvote

points

by bpt311 hours ago |
comments
upvoteby bmacho7 hours ago|
next
[-]
> What would a safe extension model look like to you?

> At some point, you have to implicitly trust someone

A model so I trust my OS and my browser, and I don't have to trust anyone else, that is, they can't harm me.

reply
upvoteby bpt37 hours ago|
parent|
[-]
You need open source extensions (they are now, as the source is included) and you need to personally audit them, or you need to find a browser with every single feature you want.

Or do you want the browser to enforce permissions on extensions so you can lock them down as well as auditing them?

reply
upvoteby raw_anon_111110 hours ago|
prev|
[-]
This is a solved problem for at least ad blockers for over a decade on iOS. The ad blocking extension gives Safari a list of URLs and regex expressions to block
reply
upvoteby blackcatsec10 hours ago|
parent|
next
[-]
No, it's a solved problem for ad blockers, a very specific problem case that extensions have traditionally solved. But the entire concept of extensions is far greater than just "ad blockers", although that's the use case for which 99.9% of people have used them for.

But there are other uses cases, like cloud2butt.

reply
upvoteby bpt310 hours ago|
parent|
prev|
[-]
It's solved if you trust Safari. I'm not sure that's the case for the parent poster.
reply
upvoteby raw_anon_11119 hours ago|
parent|
[-]
So you don’t “trust” Safari but you trust Firefox? In 25 years absolutely no one has accused Apple of storing your browsing data that’s not e2e encrypted (its stored so it can sync across devices).
reply
upvoteby bpt37 hours ago|
parent|
[-]
Did I say I trusted Firefox?

I'm not the person who wants to redesign the browser extension ecosystem, but I can build Firefox from scratch and review the source code if I want, unlike Safari.

reply
upvoteby raw_anon_11117 hours ago|
parent|
[-]
Right and you’re going to analyze every single line of code and verify it?
reply
upvoteby bpt37 hours ago|
parent|
[-]
What exactly is your issue?

Once again, I'm not the one who said they would like to design a new browser extension framework, but I have created custom versions of Firefox that have all ability to phone home removed and modified extension support. So not verifying every single line of code, but making fairly substantial changes in the direction the parent poster wanted to go in.

I'm interested in a conversation about that, not you pestering me about whatever issue I seem to have triggered within you that resulted in your interjections in this conversation.

reply
upvoteby raw_anon_11116 hours ago|
parent|
[-]
That the geeks solution to “I don’t trust $companyX” is that “I am going to compile an alternate solution without looking at the source code”. Is kind of meaningless.
reply
upvoteby bpt34 hours ago|
parent|
[-]
Good thing no one has proposed that solution anywhere other than your own mind.
reply
upvoteby raw_anon_11111 hours ago|
parent|
[-]
> but I can build Firefox from scratch and review the source code if I want, unlike Safari.

You didn’t say this?

reply
upvoteby bpt31 hours ago|
parent|
[-]
How does "I can build Firefox from scratch and review the source code if I want" mean “I am going to compile an alternate solution without looking at the source code”?
reply