That is interesting.

It could be criticism of the existing system. Or he could have other goals/intentions.

He asks specifically if he has broken some rules in Google Chrome's terms of service, where another user replies with quotations from the ToS. He barks at that saying his extension is allowed to do what he does, because his extension does reveal exactly what it does, if you read its permissions carefully.

Although, I cannot confirm whether that is true, but that's what he is saying.

I have no idea what he is up to; but aren't extensions supposed to be reviewed if they in the extension catalogue?

He does indicate the user gives the OK to 'access all data on all websites' - like most extensions do, come to think of it. I do think things like that should be more fine-grained, and/or that developers have to indicate /why/ they need that access.

I really, really have a problems with this permission:

- For a very few extensions, I allow it, but it is very clear that it is an open gateway for hackers,

- Most often, I deeply regret I can't even tell Chrome that I allow the extension on a subset of sites... At least not my gmail please...

- So the base rule is, never install something which requires all perms, obviously.

Users have been warned properly. They're at the mercy of untrustable people.

Problem is, almost no user will ever actually READ any message. They'll just click "OK".

They seem to have an automated review process unless the extension is flagged for manual review. Source - https://developers.google.com/chrome/web-store/faq#faq-gen-0....

In my experience, the review is only for the first upload. Updates don't seem to be reviewed?

Yeah, seems like they should maybe institute some type of manual review for any type of "global" permissions. It would impede the well-behaving apps that legitimately need global permissions, but it might be worth it.

... or incentive them not to request universe permissions.