Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The new user controls are just a temporary stopgap measure. The real solution Google is working towards is Manifest v3, which will be designed as a much better system with fine-grained permissions.

If Google follows the model with Chrome that they did Android, UXSS permissions will eventually be phased out over time and replaced with better, more secure, opt-in, purpose-built APIs in Chrome. (Assuming they can do that without sacrificing _too_ much functionality.)



Almost nobody makes well thought out decisions when agreeing to permissions during the extension install process.

EULAs, Terms of Service, Mobile Apps, Cookie Consents have boy-who-cried-wolf'ed everyone except the most paranoid and tech-savvy to the point that they are mostly ignored.


Stop taking away people's locks just because other people don't use them.

Yes, many non-technical users do not pay attention to permissions. But permissions are extremely helpful to people who do use them -- and the number of people who do use them is larger than the number of people who audit source code or set up VMs.

Educating normal users to pay attention to permissions is a problem. It is a separate problem than, "do they even have tools in the first place if they want to use them." The problem I want solved is how I verify that an extension is safe. Granular extension permissions solves that problem for people like me.

After that problem is solved, then I can worry about educating my friends and family.


The obvious fix for that is to not allow extensions to ask for permissions during the install process, only at runtime.

No idea if that's included in Google's plans for Manifest v3, but I agree with you that it _should_ be done that way if at all possible.


It would nice too if the user was put first and foremost and the user had to give each fine-grained permission approval before it could be used for the first time. And if the user denied any of those permissions the app would continue to function, (either because it's a requirement for being listed in the store, and/or because the framework sends randomized data to the app on the users behalf).


Yes, this is how Android and the Web in general handle permissions. I haven't yet seen what Google is planning for Manifest v3, but I suspect it will use a permissions system built around a similar model, with users getting explicit opt-in prompts for each permission the extension requires. (Though I'm not 100% sure of that yet, it's possible that sort of permissions system might not be practical for browser extensions for reasons I haven't anticipated.)


The "grant permission just once" option on the web is really nice and I wish more platforms would include it (including extensions).

That and the ease that you can revoke permissions. No going into a separate settings window, just click next to the URL bar and everything shows up.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: