I have always been a firm believer in an addon-free life. I avoid third-party addons like the plague because I've always been paranoid of their capabilities of stealing d… (read more)
I have always been a firm believer in an addon-free life. I avoid third-party addons like the plague because I've always been paranoid of their capabilities of stealing data and sharing sensitive information.
But I'm starting to really get tired of ads, and after looking at some plugins available, I've decided I need to make certain aspects of my browser easier to use. OneTab for example is looking like something that would reduce a lot of headache in my life.
I decided to check up on Mozilla and their advice regarding addon safety, and came across this page:
and on that page, I came across this part of the article:
How do I stay safe?
While there is an element of risk to installing any third-party software, there are a few simple best practices you can follow to reduce it. Is the extension made by a reputable developer? Are the user ratings high? Are the permission requests consistent with the features of the extension?
I have a bone to pick with this guideline or, "best practice".
Is the extension made by a reputable developer? Are the user ratings high?
First of all, does the fact that a reputable developer made the addon have any bearing on whether the addon is safe?
And second of all, the reputation of the developer is directly influenced by the user-ratings a developer's addon/s receive.
Google and Facebook are both majorly reputable companies, and they sell your data like Lemonade on a summer's day.
More importantly, user-ratings are only an indication of how well the advertised functions of the addon work. And I bet any addon developer who is developing an addon to do dirty work in the background, is definitely going to make sure that the advertised functions of the addon are in proper working order.
Another issue here is that, user-ratings consist primarily of users....The average Joe, not by security researchers, or even developers/coders. Does the average Joe really leave a user rating behind based on how safe he thinks the addon is?
Just a thought. Telling people that a "best practice" for determining the safety of an addon should factor in the user-rating seems a little misleading.
Regardless though, can Firefox not have a function that tells you what kind of info an addon is passing over the internet?