top | item 16653210

(no title)

nandhp | 8 years ago

"Access all data on all websites" isn't the only permission level. However, there are a lot of things extensions do that can only be implemented as hacks within the page the user is viewing, and if you want to run a script in a webpage -- even if it's just `document.addEventListener('keypress', function (e) { if ( e.key == 8 ) history.go(-1) });` -- the browser has to assume it could be reading all the data it wants.

You could argue that "adding a browser keybinding" should be a separate API. You're not wrong (I'd love an extension like this to replace Ctrl+Q with Ctrl+Shift+Q), but browser vendors (at least Mozilla) seem to be very reluctant to add more APIs.

I was going to mention how I've been confused by people having overreactions like "it's just an extension to rewrite 'millenials' to 'snake people', why is it stealing all of my data?", equating the permission to read data from webpages with an implication that it will steal all your data. This never made much sense to me, since it seemed obvious to me that the required permissions for those things would have to be the same. In light of the Cambridge Analytica situation, though, I realize these fears were very well-founded.

discuss

No comments yet.