Comment by jowea
Why am I not allowed to trust an extension just as much as I trust the platform it is running on? This is the same logic behind mobile OSes creators deciding what apps can do.
Why am I not allowed to trust an extension just as much as I trust the platform it is running on? This is the same logic behind mobile OSes creators deciding what apps can do.
It's a logic I fully agree with. As the owner of the computer, you should of course be able to do whatever you want. The APIs should still be designed around sandboxing and security though.
I only trust free software, and only after I have read its source code and evaluated the distribution channel. I don't want proprietary obfuscated third party code running on my computer without some serious sandboxing and virtualization limiting access to everything. I went so far as to virtualize an entire Linux system because I wanted to play video games and didn't trust video game companies with any sort of privileged or low level access to my real Linux system.
Malicious actors are known for buying up popular extensions that are already trusted by their user base and replacing them with malware via updates. The proper technological solition to such abuses is to make them literally impossible. Exceptions can and should be made for important technologies such as uBlock Origin.