Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not really, I don't think. I hear a lot of people saying that you can inspect the source if you follow steps X, Y, and Z, but that's not a one time thing. Each time the extension is updated you have to do a full audit. You can install it independently to avoid updates, but then you run the risk of things breaking or falling behind (such as adblocker lists). Happy to learn from more experienced people that I'm wrong on this, but that's my current expectation from decades of using browsers and extensions.

For me, an extension can only require so much hands on effort before that effort outweighs the rewards of the extension. Years ago I had the Vimium plugin and loved it, but the provided functionality isn't worth the necessary audits. Not wanting to have to trust that it never sells out or gets hacked, I got rid of it. These days I just use a small handful of extensions (ublock origin, noscript, vuejs devtools) that I feel comfortable trusting and that make a significant impact on my browsing experience. I can manage without the rest.



- An addon like vimium shouldn't need too many updates so auditing and disabling auto-updates might be worth it.

- Firefox has 'recommended' addons. In addition some of the more popular addons are security vetted (Their addon pages doesn't come with the scary "not reviewed" warning. These can be reasonably assumed to be safe.

- Also read my other reply to gp.

> These days I just use a small handful of extensions

Same here. Resisting fomo and temptations for new shiny is the hardest part but still worthwhile imo




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: