A new way to control Extensions which might collect data that they chouldn't
I have an idea which should enhance security within Firefox, specifically to improve the security of Extensions.
It has become clear that many extensions are collecting and selling information about users to tracking and advertizing companies, without the user's knowledge or consent!
In response to learning about this, I started to disable the extensions which I did not need all the time and then "re-activate" them only when I needed to use them. Keeping the active Extensions strictly to essential security minded ones and a few other that I feel I NEED on a very regular basis - or all the time.
This is a bit of a drag and takes time each time I want to use certain extensions, but I now feel that it is necessary - until extensions are PREVENTED from collecting and selling user data!
Today I had an idea which would help and make this "Less of a Drag"!
When I "Disable" an extension, it's icon disaappears from my toolbar and only re-appears when "Re-activated". It would be better if when "Disabled" the Icon STAYED on the tool bar - but "Greyed Out", and with a right click menu with only two items on it - 1) "Re-Activate this extension" and 2) "Remove this extension". It would be useful also for when the extension is "Active" that the Icon has a right click item "Disable this Extension"! - Currently there is only the option to "Remove", which is not what I want to do!
This one relatively small change would allow users who are aware of the dangers, to control potentially "Leaky" but USEFUL extensions. The vast amount of time they would not be ABLE to track and collect users data, which would make what they collect when "Activated" much less useful!
This would be a useful and EFFECTIVE tool against "malware" extensions which are collecting and selling user data. It would be a useful "Stop-Gap" until you get around to actually PREVENTING extensions from doing this!!!!
Ideally extensions should be PREVENTED from having access to or selling any data and should ONLY have access to information that is specifically NEEDED for the functioning of the extension. VERY CLEARLY the very broad designations of the current "Permission" system do not work!!
I hope you take action on this, because it would CERTAINLY help!
Todas as respostas (2)
Having just posted the above, another useful idea would be to have the option to "Log" all internet activity to and from the extension.
In some cases that might be quite a lot and might slow down browsing, but if I have an extension which I've "Not sure about", I could switch this on to find out for sure, how much information they are accessing and if any/much is going "Out"! It would not be something which you would want to leave on!!
This might encourage users to "test out" extensions that they are using and report those that are bad eggs. This would be a valuable "outsourcing" of diagnosis to users, and enable your staff to get more done...
Why don't use open-source extensions?