If the folks watching this thread have not seen these two Doug Crockford presentations I would suggest taking the time to have a look.
http://www.webdirections.org/resources/wdn08-douglas-crockford/ http://video.google.com/videoplay?docid=452089494323007214&q=user%3A%22Google+engEDU%22&total=333&start=0&num=10&so=1&type=search&plindex=5# These security problems are a major issue, and unfortunately most users are going to blame Google and Chrome for problems rather than the bad people out there who sabotage the open web for their own gain/ pride. We also have to understand that this is nothing new. I could create a popular website and then decide to start doing bad things with it one day. Most bad people don't have that much foresight, so the phishing scams on the web and within the browser extension ecosystem will most likely continue to be short term tricks that end when they have played out. I really think that the solution is to give the user the information they need to make informed decisions about their own security. I like the idea of using algos to track the data storage and network request patterns of extensions, and alert users when those patterns change and how they have changed. I think forcing applications to use only a subset of data exchange formats, like JSONRequest for example, could also help by allowing automated tools to detect bad guys sooner. In the end, I think we really need to encourage our criminal justice systems to go out and nail these criminals. The advantage extensions have is that it is easier to find and prosecute an extension author who has an account with Google or Mozilla (or whatever). -- You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en.
