Comment by matheusmoreira

Comment by matheusmoreira 2 days ago

12 replies

View on Hacker News

I believe them. The restrictions are reasonable and appropriate for nearly everyone. Extensions are untrusted code that should have as little access as possible. If restrictions can be bypassed, that's a security bug that should be fixed because it directly affects users.

I also think uBlock Origin is so important and trusted it should not only be an exception to the whole thing but should also be given even more access in order to let it block things more effectively. It shouldn't even be a mere extension to begin with, it should be literally built into the browser as a core feature. The massive conflicts of interest are the only thing that prevent that. Can't trust ad companies to mantain ad blockers.

GeekyBear 2 days ago

> Extensions are untrusted code that should have as little access as possible.

It's entirely possible to manually vet extension code and extension updates in the same way that Mozilla does as part of their Firefox recommended extensions program.

> Firefox is committed to helping protect you against third-party software that may inadvertently compromise your data – or worse – breach your privacy with malicious intent. Before an extension receives Recommended status, it undergoes rigorous technical review by staff security experts.

https://support.mozilla.org/en-US/kb/recommended-extensions-...

Other factors taken into consideration:

Does the extension function at an exemplary level?

Does the extension offer an exceptional user experience?

Is the extension relevant to a general, international audience?

Is the extension actively developed?

Reply View 2 replies
  • xnx a day ago

    > It's entirely possible to manually vet extension code and extension updates

    I thought the core vulnerability of Manifest v2 is the new code can be loaded by an extension on the fly without any extension update. How would you vet that?

    Reply View 1 reply
    • krackers a day ago

      The same way it's done with V3, because no permission-level blacklist/whitelist is going to prevent the person from creating an interpreter within JS itself.

      Looking at https://developer.chrome.com/docs/webstore/troubleshooting#a... it seems most of the heavily lifting is done with some combination of static/dynamic analysis during extension review. The same analysis (plus trivially catching eval) could be done with V2 as well.

      Reply View 0 replies
jowea 2 days ago

Why am I not allowed to trust an extension just as much as I trust the platform it is running on? This is the same logic behind mobile OSes creators deciding what apps can do.

Reply View 1 reply
  • matheusmoreira 2 days ago

    It's a logic I fully agree with. As the owner of the computer, you should of course be able to do whatever you want. The APIs should still be designed around sandboxing and security though.

    I only trust free software, and only after I have read its source code and evaluated the distribution channel. I don't want proprietary obfuscated third party code running on my computer without some serious sandboxing and virtualization limiting access to everything. I went so far as to virtualize an entire Linux system because I wanted to play video games and didn't trust video game companies with any sort of privileged or low level access to my real Linux system.

    Malicious actors are known for buying up popular extensions that are already trusted by their user base and replacing them with malware via updates. The proper technological solition to such abuses is to make them literally impossible. Exceptions can and should be made for important technologies such as uBlock Origin.

    Reply View 0 replies
Barbing 2 days ago

Would that rip off the how-do-we-fund-the-web bandaid, forcing new solutions? Worry about the interim where some publishers would presumably cease to exist. And who would remain afloat—those with proprietary apps, as Zucky as they are, I’d guess…

UBO is absolutely incredibly important. Figure you might know more than me about how journalists and reviewers and the like can still earn a keep in a world with adblockers built in to every browser.

Reply View 1 reply
  • matheusmoreira 2 days ago

    > Would that rip off the how-do-we-fund-the-web bandaid, forcing new solutions?

    Absolutely. The web is mostly ad funded. Advertising in turn fuels surveillance capitalism and is the cause of countless dark patterns everywhere. Ads are the root cause of everything that is wrong with the web today. If you reduce advertising return on investiment to zero, it will fix the web. Therefore blocking ads is a moral imperative.

    > Worry about the interim where some publishers would presumably cease to exist.

    Let them disappear. Anyone making money off of advertising cannot be trusted. They will never make or write anything that could get their ad money cut off.

    People used to pay to have their own websites where they published their views and opinions, not the other way around. I want that web back. A web made up of real people who have something real to say, not a web of "creators" of worthless generic attention baiting "content" meant to fill an arbitrary box whose entire purpose is to attract you so that you look at banner ads.

    Reply View 0 replies
jwitthuhn 2 days ago

An extension I trust is by definition trusted code. What is trusted is for the user to decide, not the broswer developer.

Reply View 1 reply
  • matheusmoreira 2 hours ago

    The user should of course be able to add their own extensions that do whatever they want.

    I'm just saying that I think this is good interface design. Virtualization, sandboxing and gating access to data and computing resources are good things.

    Reply View 0 replies
sensanaty 2 days ago

I get what you mean and I think we align here, but I trust the uBlock team infinitely more than I trust Google to make my own extension decisions. I know there's a subset of regular users who fall for all manner of scam, but Manifest V3 doesn't even solve any of those issues, the majority of the same attack vectors that existed before still exist now, except useful tools like uBlock can no longer do anything since they got deliberately targeted.

Besides, there's ways of having powerful extensions WITH security, but this would obviously go against Google's data harvesting ad machine. The Firefox team has a handful of "trusted" extensions that they manually vet themselves on every update, and one of these is uBlock Origin. They get a little badge on the FF extension store marking them as Verified and Trusted, and unless Mozilla's engineers are completely incompetent, nobody has to worry about gorhill selling his soul out to Big Ad in exchange for breaking uBlock or infecting people's PCs or whatever.

Reply View 0 replies
encom 2 days ago

I trust ublock infinitely more than anything written by Google, a literal spyware company.

Reply View 1 reply
  • matheusmoreira an hour ago

    We agree. Note that I made an exception for uBlock Origin. I think it's so important and trusted it should be a core browser feature. Only reason it isn't is the inherent conflict of interest.

    Reply View 0 replies