Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Should have a seperate permission to modify the DOM. This extension only needs to read the DOM.


Yes, a network access and DOM write permission should be one and the same. I think the reason it isn't done is because there are so many ways to leak data over a network. If the extension can trigger a DNS lookup somehow, it can exfiltrate data.

Android used to have a network permission but Google removed it.


> Android used to have a network permission but Google removed it.

That's because google is in the ads business and wants apps to always be able to exfiltrate data to google (google analytics, google ads, etc) & display ads without needing additional permissions.

Having a network permission means there is an incentive for apps to not have the network permission which means they can't load ads. And Google wants you to look at their ads.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: