Hacker News new | past | comments | ask | show | jobs | submit login

This is clickbait. The authors argument is that the extension has enough privileges to track you, not that it actually does.

For example, uBlock Origin has similar privileges but I doubt the author would bat an eye.

EDIT: I take back my comment :)




Not only did you miss the point of the article, you must have missed where in these very comments the author replies to someone else who just barely skimmed the article.

I will copy/paste it for you.

"You could also read the article before commenting. It’s one thing when an extension could do something but its code can be inspected to verify that it doesn’t. It’s an entirely different thing if it delegates its privileges to a web service that could do anything and that nobody can inspect.

Note: I’m the author of this article. "


> It’s an entirely different thing if it delegates its privileges to a web service that could do anything and that nobody can inspect.

Would it be more accurate then to say it potentially lets Amazon track you? Without the word "potentially," or similar, it makes it sound like they are in fact doing it when you just said it "could."


To be clear, I'm not the author so I cannot answer on their behalf.

In my opinion though, "could" is so close to "potentially" in definition that it seems rather pedantic to hinge the entire article and its conclusions on that single choice of word.


The title of the article on HN does not contain any such qualifiers.

Actual Title: How Amazon Assistant lets Amazon track your every move on the web

HN Title: Amazon Assistant lets Amazon track your every move on the web

I should have been more specific.


If Amazon does track some users of their extension right now, we wouldn’t know. It’s a web service, nobody can tell whether it behaves the same for everyone. It has all the privileges, and I can look into what it does with these privileges in my case, but I cannot tell whether it works the same for you.

Note: I am the author of this article.


All right upon closer reading you are correct. I seem to have missed the point of the article. There are some good points that the author brings up.

However I still think the title could be better. There are lots of things that applications "can" do. I put more trust into random applications that run on my system.


Yes, you put considerable trust into applications running on your system. But I hope that you don’t just install random applications. You probably choose only vendors where you can reasonably assume that they don’t want to accept the backlash of having shipped a malicious application.

Now shipping a malicious application is always a risk. This application release is evidence of misbehavior, should someone choose to analyze it. This risk is almost non-existent with dynamic web applications. It would have to be the one targeted user who analyzes megabytes of code.

To sum up: there is a good reason why websites are sandboxed and don’t get any access to your system.

Note: I am the author of this article.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: