Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Entirely agree, although as a developer the auto updating is definitely a feature. Since it lets you assume users are all on the same version.

It is definitely a risk for users though.

You can also "opt out" of automatic updates, but the process is a bit involved.

1. Locate the extension on disk

2. Copy it to some other location

3. Add it as a developer extension via the "Load unpacked" button in the extensions screen.

I would also advocate for extensions being open source, but of course most of them are not.



Great points. I'm the author of a few extensions and I do agree that it's nice to see the vast majority of users end up on the same version within a day. I think a reasonable middle-ground would be for Chrome to confirm that you want to perform the update if a privacy-sensitive change is made. For example: "This extension would now also like access to X/Y/Z. Confirm update?".

Even that would only be a small step in the right direction, though, since plenty of apps already have broad enough privacy settings to inject scripts on any page with no change needed to the app manifest's permissions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: