Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Extensions Security Deficit

  • 1 பதிலளி
  • 0 இந்த பிரச்னைகள் உள்ளது
  • 4 views
  • Last reply by James McAllister-Barnard

James McAllister-Barnard
James McAllister-Barnard
more options

I am observing a trend where popular extensions, such as the "I don't care about cookies" extension, change ownership and become derelict and/or malware, as clearly pointed out in recent reviews for the extensions. However, it takes multiple clicks to get to this information in the reviews, and there is very little curation.

I understand it is likely highly infeasible to audit extensions for malware in any comprehensive way, however I definitely feel that there is room for enhancement of the present processes.

I think this extension search process should be more proactive in informing users of these events. For example, rather than just displaying a star rating next to the extension name, displaying chronological trends would be more information-dense. Like if recent reviews are trending negative. This could also reward and incentivise extensions which are properly supported, (and not malware), displaying that their reviews are maintaining / increasing positivity over time.

A supporting feature could be publicising changes of ownership of an extension prominently - "This extension has changed ownership N times, the most recent change was Y-date to X-owner. Reviews have trended Z since that time".

Is something like this being worked on already? If so I am interested in contributing to it.

I am observing a trend where popular extensions, such as the "I don't care about cookies" extension, change ownership and become derelict and/or malware, as clearly pointed out in recent reviews for the extensions. However, it takes multiple clicks to get to this information in the reviews, and there is very little curation. I understand it is likely highly infeasible to audit extensions for malware in any comprehensive way, however I definitely feel that there is room for enhancement of the present processes. I think this extension search process should be more proactive in informing users of these events. For example, rather than just displaying a star rating next to the extension name, displaying chronological trends would be more information-dense. Like if recent reviews are trending negative. This could also reward and incentivise extensions which are properly supported, (and not malware), displaying that their reviews are maintaining / increasing positivity over time. A supporting feature could be publicising changes of ownership of an extension prominently - "This extension has changed ownership N times, the most recent change was Y-date to X-owner. Reviews have trended Z since that time". Is something like this being worked on already? If so I am interested in contributing to it.

All Replies (1)

James McAllister-Barnard
James McAllister-Barnard கேள்வியின் உரிமையாளர்
more options

Also, I note that the community fork of the "I don't care about cookies" extension --

https://addons.mozilla.org/en-US/firefox/addon/istilldontcareaboutcookies/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

appears lower in search results and displays a security warning flag, compared to the original extension --

https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

which presents no security warning yet is according to the comments both derelict and malware.

Seems like undesirable behaviour of these flags. Inverse, really, of their purpose.

Helpful?

கேள்வி எழுப்பு

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.