I have worked on the 1Password browser extension (one of the most widely used in the world, I would have to guess) for the last several years and keeping browser extensions light enough to not cause an unnecessary burden on users is one of the things we keep top of mind. We minify our code using Google Closure Compiler (for the desktop app’s extension) or Uglify (for the new 1Password X), and folks assume this is because we want to obfuscate some secret sauce in the code, but really, it’s about these kinds of good citizen goals. Recently, we were testing a build and the minifier has inadvertently been disabled for just one of our libraries and it ballooned the packaged file by multiple megabytes. When you start injecting this amount of script content into every document (in each iframe and some sites have as many as 100 on a page), size definitely matters.
I think the extension hosts could do a better job of disclosure though. It would not be hard to see that a script listed in the content scripts (or injected programmatically) is using one of these big ad frameworks’ scripts and alert the user or require the extension developer to indicate this clearly in their extension listing. Chrome’s store presentation is particularly well suited to this due to the distance between the form the developer fills in and the presentation of the form on the store.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I have worked on the 1Password browser extension (one of the most widely used in the world, I would have to guess) for the last several years and keeping browser extensions light enough to not cause an unnecessary burden on users is one of the things we keep top of mind. We minify our code using Google Closure Compiler (for the desktop app’s extension) or Uglify (for the new 1Password X), and folks assume this is because we want to obfuscate some secret sauce in the code, but really, it’s about these kinds of good citizen goals. Recently, we were testing a build and the minifier has inadvertently been disabled for just one of our libraries and it ballooned the packaged file by multiple megabytes. When you start injecting this amount of script content into every document (in each iframe and some sites have as many as 100 on a page), size definitely matters.
I think the extension hosts could do a better job of disclosure though. It would not be hard to see that a script listed in the content scripts (or injected programmatically) is using one of these big ad frameworks’ scripts and alert the user or require the extension developer to indicate this clearly in their extension listing. Chrome’s store presentation is particularly well suited to this due to the distance between the form the developer fills in and the presentation of the form on the store.