I've developed a few browser extensions, and every week I receive numerous emails with "revenue offer". Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer "integrations" that don't look so suspicious. Imagine how many developers have accepted these offers. Then look at the number of extensions in your browser and think about how much risk there is that you have an extension with malware.
    • @2Xtreme21English
      311 year ago

      I think the point is that even if an extension comes from a trusted source, the developer could fairly easily push out an update that turns the extension into malware. Check the GitHub link in another comment below where the developer posts the solicitation emails he gets on a regular basis offering to monetize his extension. He isn’t selling out, but maybe not every dev is as willing as he is to forgo a potentially lucrative offer.

    • TheEntity
      131 year ago

      To be specific: from trusted developers. Installing them only from the official repository (is it still possible to reasonably install them any other way?) won’t help if a dev sells such an addon. On the other hand I cannot imagine someone like Raymond Hill (the uBlock Origin dev) doing it, considering his track record.

  • kindenough
    161 year ago

    Firefox will disable extensions in private mode if you want to

  • ToiletFursonaEnglish
    91 year ago

    To add to the blog post, if you use user scripts, utilize your manager’s blacklist and learn REGEX.

    If needed, use Group Policy, Regedit or .plists on macOS to blacklist domains to prevent an extension from running on them. As an example, I use Shutup.css to block comments online, but on something like Lemmy, I want to see comments as that’s primarily how content is created and adding it to my extension domain blacklist prevents the extension from running on the website or any lemmy domains.

    • Coolcoder360English
      51 year ago

      I love the offer of almost $15k to then say they can bargain if the users are active, like if it’s worth that much without active users then that’s definitely shady.

  • Dariusmiles2123English
    81 year ago

    It’s interesting to read as I never thought about the vulnerability these extensions are.

    I guess you should limit the number of extensions you have.

  • @[email protected]English
    81 year ago

    Exactly why most enterprise organizations disable them. You should too if you’re doing anything sensitive data.

    • @[email protected]English
      31 year ago

      That’s why on my work PC I use a completely vanilla Firefox, gotta live with the ads. But I’m not risking giving full access to website content to any extension

      • @bob_wileyEnglish
        311 months ago

        deleted by creator

  • @yuunikkiEnglish
    71 year ago

    deleted by creator

  • FranziaEnglish
    41 year ago

    I thought my ISP already had this data and is selling it. Should I go make sure all my extensions are 100% kosher?

    • beaubbeEnglish
      91 year ago

      Your ISP cannot read https data in transit. Extensions can because the page is now rendered on your local browser.