Comment by Groxx
9 hours ago
- click install
- "It can: Read and change all your data on all websites"
It's not alarming sounding enough for what that implies, but "it can trigger requests under its control" seems fairly obvious from that. The permission it uses to inject ads can be used to inject ads (or block them).
Why a JSON formatter needs any permission at all is something anyone installing it should be asking themselves.
---
This is not meant to imply that I think the permission model of extensions in chrome or firefox is good, clearly it is not. But it's significantly better and more fine-grained than every single other widely-used permissions system in consumer apps. Ideally there should be more carve-outs for safe niches like a "read a JSON file, rewrite it into something that does not need javascript or external resources" could use, but also that kind of thing is likely to be nigh impossible to make "complete".
"Read and change data on all websites" does not, to me, imply "make network requests on the user's behalf". Yes, I can put on my developer hat and surmise that, under the hood, the extension's injected payload can make network requests by adding <script> elements to the DOM. No user will ever understand this, no matter how much you try to educate them through the permission prompt.
This ends up being significantly worse than any other widely-used permissions system, because injected scripts act as the website, not the extension. If you've already granted location permission to a website, then it is effectively granted to the extension. There is no other ecosystem that works like this.
And to do basically anything worthwhile, including certain types of content blocking, you need this God permission that essentially disables the WebExtension permissions system. This should never have been greenlit in the first place.
>"Read and change data on all websites" does not, to me, imply "make network requests on the user's behalf"
Yeah, I don't like this phrasing either, I think it downplays the risk to a dangerous degree (which is "it can see and do literally anything on any site you visit", which is GIGANTIC). It's one of the worst permissions to request, but it doesn't look like it.
But other permissions systems don't have per-site controls, or the ability to turn things off until activated, or isolate everything, or... the list is huge, others generally have permissions like "can access this folder [and others we haven't told you] [and folders you give it access to, which you can't revoke later https://news.ycombinator.com/item?id=47719602] [and only for applications which opt into this, normal ones can do anything anywhere any time]...." which is much worse.