1. 20

  2. 3

    The article is a little short on recommended solutions. One seems to be a curated app store like iOS has. But perhaps there is something in between?

    1. 4

      Of course there is: open source extensions.

      1. 2

        Why “of course”? They’re essentially open source now:

        $ head -n4 ~/Library/Application\ Support/Google/Chrome/Default/Extensions/mlomiejdfkolichcflejclcbmpeaniij/5.4.7_0/require_config.js 
        /*jshint unused:false */
        var require = {
          baseUrl: '.',
          paths: {

        One can make it easier by requiring source maps for compiled JS, but the problem will still be that there are a lot more extensions than volunteers are willing to review.

        Apple has invested incredible amounts of money in building out review infrastructure, automating the testing / review process, and eating the costs of manually reviewing each app on their store. This makes economic sense because the iPhone / iPad / AppStore were a >$1e11 business for them in 2014.

        Who is going to build that process / infrastructure for a crowdsourced version?

        1. 2

          That’s not what open source means.

      2. 4

        Or perhaps, use Firefox.

        1. 5

          He also mentions one such extension for Firefox having approximately 400k users.

          1. 2

            How if Firefox any different?

          2. 2

            Require that extensions publish and be installed from their source code in human-readable format. Forbid them access to any API that allows them to execute downloaded code. This gets you much, much cheaper auditing.

            Require that network requests be individually approved by the user in a UI that exposes the payload and includes the warning that anything obfuscated should be denied. Aggregate these denials and feed that back into the app store.

            Finer-grainer permissions, permitting access to page text but not url or network requests, etc. Implement taint tracking, so that a value like the current URL cannot be used to build outgoing network data.

            Better UI in the app store, including serious warnings against applications that require permisisons that could be used to implement tracking.

          3. 1

            You can browse the code of any extension you have installed. I assume the js is heavily minified and obfuscated, but you never know. It isn’t code which has to be downloaded more than once, so perhaps it was left alone.

            1. 1

              This is an ugly one. Some third-party tracking services use a tracking script SDK inside the extensions. But the first time it runs, it replaces this code by making a few requests fetching new JavaScript-code and storing it in the extension’s file storage and saves references to the files in the local storage of the extension. This makes it possible for the extension to constantly run and update arbitrary code controlled by the third-party not included by the extension from the beginning. Now, note that this file storage and local storage functionality is only because of the tracking scripts, not due to the functionality of extension itself.

              So checking the extension code once is not enough.