Tracking Browser Extension Ownership
Addressing a dire and pernicious problem in the extension ecosystem
Browser extensions are often dismissed as gimmicks or frills because the ecosystem is highly diverse: UBlock Origin can be installed alongside Music of Minecraft. Yet dismiss browser extensions at your own peril, as they are some of the most important tools for guarding privacy and enhancing security.
A perfect analogy for how extensions fit into the open web is driving a car:
Roads are the internet. Everyone uses the roads to move around, but without any rules or protections, it would be chaos.
Traffic signals, signs, speed limits, and police are the web browsers. These enforce rules for how the roads must work, and they exist to protect everyone on the road.
Seatbelts, mirrors, backup cameras, and collision warnings are the browser extensions. These are in your own car, and they exist to protect you.
With this perspective, it becomes imperative to protect the integrity of the extension ecosystem.
Addressing Browser Extension Transfers
Extension developers are constantly getting offers to buy their extensions. In nearly every case, the people buying these extensions want to rip off the existing users.
When an extension is purchased and transferred, existing users are unaware that any of this has happened. The new owner is free to push updates, and the users’ browsers will happily accept and install these updates.
To address this problem, I built Under New Management, an extension that tracks when your installed extensions have changed owners.
The response was incredible!
Next Steps
I’ve recommended an API change to the Web Extensions Community Group (WECG) to directly address this issue, and I’ve looped in the Chrome Extensions team. I’m pleased to say that they are taking this very seriously.
Make sure to leave a comment on the WECG GitHub issue!