Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Extensions Security Deficit

James McAllister-Barnard
James McAllister-Barnard
more options

I am observing a trend where popular extensions, such as the "I don't care about cookies" extension, change ownership and become derelict and/or malware, as clearly pointed out in recent reviews for the extensions. However, it takes multiple clicks to get to this information in the reviews, and there is very little curation.

I understand it is likely highly infeasible to audit extensions for malware in any comprehensive way, however I definitely feel that there is room for enhancement of the present processes.

I think this extension search process should be more proactive in informing users of these events. For example, rather than just displaying a star rating next to the extension name, displaying chronological trends would be more information-dense. Like if recent reviews are trending negative. This could also reward and incentivise extensions which are properly supported, (and not malware), displaying that their reviews are maintaining / increasing positivity over time.

A supporting feature could be publicising changes of ownership of an extension prominently - "This extension has changed ownership N times, the most recent change was Y-date to X-owner. Reviews have trended Z since that time".

Is something like this being worked on already? If so I am interested in contributing to it.

I am observing a trend where popular extensions, such as the "I don't care about cookies" extension, change ownership and become derelict and/or malware, as clearly pointed out in recent reviews for the extensions. However, it takes multiple clicks to get to this information in the reviews, and there is very little curation. I understand it is likely highly infeasible to audit extensions for malware in any comprehensive way, however I definitely feel that there is room for enhancement of the present processes. I think this extension search process should be more proactive in informing users of these events. For example, rather than just displaying a star rating next to the extension name, displaying chronological trends would be more information-dense. Like if recent reviews are trending negative. This could also reward and incentivise extensions which are properly supported, (and not malware), displaying that their reviews are maintaining / increasing positivity over time. A supporting feature could be publicising changes of ownership of an extension prominently - "This extension has changed ownership N times, the most recent change was Y-date to X-owner. Reviews have trended Z since that time". Is something like this being worked on already? If so I am interested in contributing to it.

All Replies (1)

James McAllister-Barnard
James McAllister-Barnard Question owner
more options

Also, I note that the community fork of the "I don't care about cookies" extension --

https://addons.mozilla.org/en-US/firefox/addon/istilldontcareaboutcookies/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

appears lower in search results and displays a security warning flag, compared to the original extension --

https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

which presents no security warning yet is according to the comments both derelict and malware.

Seems like undesirable behaviour of these flags. Inverse, really, of their purpose.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.