Keep in mind, extensions can update themselves at any time, including when they're bought out by someone else. In fact, I bet that's a huge draw... imagine buying an extension that "can read and modify data on all your websites" and then pushing an update that, oh I dunno, exfiltrates everyone's passwords from their gmail. How would most people even catch that?
DO NOT have any extensions running by default except "on click".
There should be at least some kind of static checker of extensions for their calls to fetch or other network APIs. The Web is just too permissive with updating code, you've got eval and much more. It would be great if browsers had only a narrow bottleneck through which code could be updated, and would ask the user first.
(That wouldn't really solve everything since there can be sleeper code that is "switched on" with certain data coming over the wire, but better than what we have now.)
It would be interesting if you could easily install browser extensions via a source repository URL (e.g. GitHub, or any git URL), then at least there would be more transparency about who/what you are trusting by installing it. Blindly trusting a mostly anonymous chrome store "install" button seems insane, since they don't do any significant policing. Wasn't the promise of safety one of the primary reasons Google started the chrome store?
Like user.script/grease monkey. It use to be that you could publish a reasonably large script and someone would review it. Even better was to start out simple then gradually update it so that existing users can continue reviewing by looking at the changes.
I think the permission system should be much more complicated so that the user gets a prompt that explains what is needed and why.
Furthermore there should be [paid] independent reviewers to sign off on extensions. This adds a lot of credibility, specially to a first time publication without users. That would also give app stores someone to talk to before deleting something. Nefarious actors working for app stores can have their credibility questioned.
Keep in mind, extensions can update themselves at any time
GP suggested only installing extensions you can build yourself from source. Most extensions that auto update do so via the Chrome store. If you install an extension from source, that won't happen.
