You live by that and I’ll live by the advice I’ve seen from infosec professionals that recommend as few add-ons as possible due to security concerns. But yes, browsers are getting more secure over time and that’s good.
You obviously shouldn’t install closed source or otherwise shady extensions from dodgy authors you don’t know, but on the whole there is very little they can do that you should worry about.
Sorry if I’m nitpicky or confused here. You just said it’s obvious that you shouldn’t install closed sourced or otherwise shady extensions. Do you think a normie knows and cares if an extension is open source? And how do they know if an extension is “shady”? And what about legit extensions that get bought by shady people and turned into shady ones long after they’ve been installed and the user base trusts it?
Obviously a simple URL redirector for wikipedia requesting access to this data is absurd and would be an immediate red flag.
To you, yes it should be. But it does require knowledge about how websites and browsers work that most people don’t have. I’d be very surprised if 50% of people have any idea what those permissions actually do and what would be reasonable for different extensions to have.
Of course having fewer extensions installed doesn’t protect you from the ones that you have installed. But the fewer you have the smaller your attack surface is. And as a general tip, I think it’s a good one, even on Lemmy. Because I’m not going to assume people’s understanding of the web, browsers or permissions. And when it comes to the general population, a lack of understanding of an extension’s permissions has very little to do with ones ability to read.
Removed by mod
You live by that and I’ll live by the advice I’ve seen from infosec professionals that recommend as few add-ons as possible due to security concerns. But yes, browsers are getting more secure over time and that’s good.
Removed by mod
Sorry if I’m nitpicky or confused here. You just said it’s obvious that you shouldn’t install closed sourced or otherwise shady extensions. Do you think a normie knows and cares if an extension is open source? And how do they know if an extension is “shady”? And what about legit extensions that get bought by shady people and turned into shady ones long after they’ve been installed and the user base trusts it?
I mean, couldn’t an addon just read the password you put into a login field, or send in a request, and send it off to their servers?
Removed by mod
To you, yes it should be. But it does require knowledge about how websites and browsers work that most people don’t have. I’d be very surprised if 50% of people have any idea what those permissions actually do and what would be reasonable for different extensions to have.
Removed by mod
Of course having fewer extensions installed doesn’t protect you from the ones that you have installed. But the fewer you have the smaller your attack surface is. And as a general tip, I think it’s a good one, even on Lemmy. Because I’m not going to assume people’s understanding of the web, browsers or permissions. And when it comes to the general population, a lack of understanding of an extension’s permissions has very little to do with ones ability to read.