YouTube Redux 的评价
YouTube Redux 作者: omnidev0
Mrinal 的评价
The latest update requires permission to "Download files and read and modify the browser’s download history". Why does the stateless functionality offered by this extension suddenly require such a strong intrusive permission? Unless, this extension was bought over by some greedy business that wants to collect and sell your data. Just find another extension at this point.
Edit (post dev's response): It's still potentially unsafe in the event that a future update may obfuscate the code, since Mozilla does not require add-ons to be opensource. Since I do not require the export functionality, there should not be any obligation for me to accept the new permission. Currently, it is not so. Also, there are other extensions like uBlock Origin that allows syncing config (custom filter entries) without requiring any download or browsing history permissions.
I am not questioning your commitment to remain open-source, but with this permission, there is a permanent opportunity for you and your successor (if and when) to malpractice.
Edit (post dev's response): It's still potentially unsafe in the event that a future update may obfuscate the code, since Mozilla does not require add-ons to be opensource. Since I do not require the export functionality, there should not be any obligation for me to accept the new permission. Currently, it is not so. Also, there are other extensions like uBlock Origin that allows syncing config (custom filter entries) without requiring any download or browsing history permissions.
I am not questioning your commitment to remain open-source, but with this permission, there is a permanent opportunity for you and your successor (if and when) to malpractice.
开发者回应
发布于 3 个月前The extension now requires download permissions in order to be able to export user's config file. It is not used for anything else besides that single action and there is no malicious intent behind it (and never will be). YouTube Redux is open source and all code changes can be verified in its GitHub repository.
Edit in response to your edit: Your concerns are absolutely justifiable. While at this moment it's a "trust me bro" situation, extension takeovers do happen and this is indeed a security risk for users. That said without delay I will be making this permission optional as well as allowing the user to save the config manually if that permission is denied. Thanks for the feedback and sorry for the scare!
Edit in response to your edit: Your concerns are absolutely justifiable. While at this moment it's a "trust me bro" situation, extension takeovers do happen and this is indeed a security risk for users. That said without delay I will be making this permission optional as well as allowing the user to save the config manually if that permission is denied. Thanks for the feedback and sorry for the scare!