As developers we have to use only the minimum required set of permissions for our extensions to work. Then we need to educate the users about the importance of the consent popup and what exactly each permission warning means. The most severe permissions are similar to giving the keys to your home, willingly. For optional features of your extension use optional permissions that the user can accept later manually, this drastically reduces the potential vectors of attack.
As consumers we live in a world where big companies own our entire online presence and we accept it because it's just how it is. But we mistakenly think that just about any third party provider should be able to "Read and modify all your data on all websites you visit", which is what most extensions require on install. Think about it: do you want some random developer to have read/write access to your entire online activity?
Even if the extension was not malicious initially, it can become one without you ever knowing, so please don't post a list of your extensions unless they have very limited permissions required.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As developers we have to use only the minimum required set of permissions for our extensions to work. Then we need to educate the users about the importance of the consent popup and what exactly each permission warning means. The most severe permissions are similar to giving the keys to your home, willingly. For optional features of your extension use optional permissions that the user can accept later manually, this drastically reduces the potential vectors of attack.
As consumers we live in a world where big companies own our entire online presence and we accept it because it's just how it is. But we mistakenly think that just about any third party provider should be able to "Read and modify all your data on all websites you visit", which is what most extensions require on install. Think about it: do you want some random developer to have read/write access to your entire online activity?
Even if the extension was not malicious initially, it can become one without you ever knowing, so please don't post a list of your extensions unless they have very limited permissions required.