For what it's worth, if you create a new profile for Chrome extensions, they won't have access to your regular browser profile.
I do this for web developer extensions that typically need a lot of powerful permissions. So I have a Chrome profile that's full of web developer extensions, so they're isolated from private and security sensitive stuff like email and banking.
Similarly, you can do this by installing Chrome Beta or Chrome Canary for use with different extensions you don't want to take a risk with.
I found it more trustworthy to code my own extensions via ChatGPT. These are the last 2 ones. I pretty much dont care if people use them, as the mostly fulfill my own usecases.
https://chromewebstore.google.com/detail/comparative-chatgpt...
The cost of (small) software is fast approaching 0, and it can be faster now to code your own solution, instead of looking for one that nearly mostly fulfills your usecases.
> I found it more trustworthy to code my own extensions
I used to have a ton of little single use extensions that I barely ever used but thought at the time of installation, ”that could be useful one day". Then I started noticing I was liking really random shit on Facebook. That immediately ceased when I uninstalled all but Bitwarden, Leechblock and uBlock Origin. I will never install another random 3rd party extension again
Which of your single use extensions was causing you to like things on Facebook?
Not the GP, but just last week Google automatically removed a single use extension (https://readermode.io) from my browser after flagging it as malware (as I recall the extension updated itself a day before the removal). The extension has also been taken down from the Chrome web store (https://chromewebstore.google.com/detail/reader-mode/llimhhc...) though Google hasn't provided any details about what it was doing that led to the removal.
I think the asymmetry in payoffs explains this, since a bad actor who baits and switches their extension could do massive damage to users. So google try to catch this behaviour and inevitably have some false positives (extensions labelled malware that actually aren't). The cost of a false positive is annoyance. The cost of real malware getting through could be your bank balance.
Automatic extension updates is a stupid practice. The attack surface for a legit extension is minimal, while being huge for a malware update. I'm against almost all automatic software updates in general, but browser extensions take the cake for having an obscene cost/benefit ratio. Chrome won't even let you turn it off. Personally I extract and load all my extensions in developer mode.
[deleted]
https://web.archive.org/web/20240927002632/https://chromeweb...
There are several complains in the reviews, though it all seems a bit bizarre in that the issue was with an opt-in so-called "eco-mode" that basically was throwing pop-ups with affiliate links.
I heard (on HN) that often an extension changes owners just before turning bad. Curious if that was the case here.
Tons of them. Custom download page, to avoid seeing the old ugly Chrome'a download shelf at the bottom of the screen.
> Tons of them. Custom download page, to avoid seeing the old ugly Chrome'a download shelf at the bottom of the screen.
Just to make sure—you seem to be replying to https://news.ycombinator.com/item?id=42493152, which currently says:
> Which of your single use extensions was causing you to like things on Facebook?
Are you saying tons of your single-use extensions caused this Facebook liking, and a custom download page was one of them? Or was this meant to be a response to https://news.ycombinator.com/item?id=42492881?
(Or maybe something's wrong with parent links today. For me, on the main page, they are now turning into anchored links that don't seem to go where intended, which wasn't happening yesterday.)
Haha exactly! Except I didnt bother to publish mine on chromewebstore, it's just on gitlab: https://gitlab.com/natural_aliens/geminiwrap_plugin ...it makes Gemini-Chat voice dictation a bit more useful.
My other one, the remove-youtube-shorts, is almost an one-liner, so I didnt even publish it it's too trivial I think. Everyone just make your own!
I'm gonna need the remove youtube shorts one
An extension doesn't make sense for a simple DOM manipulation - I'd recommend installing Tampermonkey then finding a script like the following:
https://github.com/hallzy/remove-youtube-shorts/blob/master/...
You can do it natively inside ublock origin if you don't want to install an extra extension (often the case for a surprising number of simple extensions, actually).
I used to block it myself with my own filter, but after YouTube changed things up and broke it I've just been using someone else's filterlist and it works the same.
But did you "code" them with chatgpt also?
Yeah, creating the marketing screenshots and filling out the publishing form takes longer nowadays then coding the actual extension.
Also if anyone wants to uses an extension I would much rather they make the minuscule effort to create a local folder, put the files in there, and load the extension's folder with the chrome extension mgr. Maybe even they can peek at the source code... I really don't see why I'd have to push my name, address, email etc on some google storefront and submit myself to spam reviews at the big "google-internet" party in the cloud.
I was updating my Chrome Web Store extensions to MV3 the other day. Had to fill a fair bit of new stuff. Then one dead simple extension I haven’t touched in a decade got its update rejected due to “description provided is insufficient to understand the functionality of the item”, even though anyone who bothered to seek it out absolutely would have no trouble understanding what it does (according to analytics on the dashboard, there are a grand total of ~20 active users and a couple hundred throughout its lifetime), never mind what those lay reviewers think. The review process is really dumb.
I'm too scared to download extensions, so I use bookmarklets (on Firefox).
But I like your suggestion of using ChatGPT to write extensions.
Tampermonkey scripts with chatgpt is even faster. Adding a functionality to a website just by pasting the site's html in chatgpt and in 2min I get what I need.
Making a simple tool for a site or two is the perfect use case for a userscript manager like TamperMonkey/ViolentMonkey (FOSS alternative), I think making your own extension is somewhat overkill
Easier to share with others, too
Your cost but not the cost.
Interesting, I find it useful. A couple of features you could think about:
1. Is there a feature to create a "pull request" to the collection maintainer to propose adding some extensions to their collection? Otherwise, there would be several public shared collections for the same use-case and it may become scattered.
2. I'd like to be able to favorite / like / star a collection, and that to be used as a signal to search results ranking.
Another adjacent domain to expand could be Tampermonkey scripts.
Thank you for the feedback. I will add it to the roadmap.
Not a good day to have Honey in the list :)
Was curious so just searched. Apparently Honey would try to get the best coupon codes on the web, but they started partnering with businesses to give (say) 10% off via a Honey-specific discount code (e.g. HONEY10), but Honey would ignore other (possibly greater) discounts, thus lulling users into a false sense of security that they were getting the best deal when they often weren't.
It’s even worse. They steal from other promoters. Say you watch a LTT video and use one of their affiliate links. If you have honey installed they will replace the link with their own affiliate link and cash the promotion bonus without any promotion by themselves.
Of the three bad things they've been accused of, I'd consider that by far the least. Selling tracking data is an invasion of privacy. Deliberately not showing better discounts violates their core value proposition. Replacing deferral links doesn't hurt the user, and isn't much different from blocking ads.
As a user that might use referral links to support the youtube channel, I do feel in an indirect way this does hurt the user
And, they highjacked referral links, ensuring they got referral commission, not the original referrer.
Sigh, and I was just thinking about installing it. Time to find another one, or perhaps it will also fall to Goodhart’s Law.
I’d really like to know what exactly you are looking for? There is no such thing as “free” and no browser extension will give you something for free. You are paying, one way or the other…
My thoughts as well. Given their business model, any Honey replacement will be engaging in the same sort of behavior. Never seemed worth it to me.
I want to see and/or collect discount codes for things
> I’d really like to know what exactly you are looking for? There is no such thing as “free” and no browser extension will give you something for free. You are paying, one way or the other…
Sometimes there are really-free things. Old-style open-source software is a collection of such things. Extensions, at their beginning, were too, and some of them still are. As far as I know, for example, there's no 'gotcha' in uBlock Origin (although there is the 'gotcha' of knowing to look for them instead of the myriad other solutions that are non-free).
Before the rest of these abuses, Honey was blatantly tracking users and selling that data, which I think is a good example of how privacy abuse is often a canary of generally immoral behavior.
I’m actually impressed by honey. They could have either just sold the user data, or only switched the referral links, or just showed their users the “best” coupons.
But they went for all of it. I’d have wanted to be in the room when the higher ups chose this path.
For anyone else outside the loop, MegaLag released a video [1] yesterday exposing the shady practices by Honey
Any plans to support FireFox extensions?
Yes. I'm working on it
Neat site. Nice to see my extension that I just published a couple of days ago here! It doesn't even have any users yet.
How did you obtain this info? Is there an API for that?
https://webextension.net/chrome/extension/epjjmfojjmbgignfnk...
I used to use extensions in the chrome, but then I noticed that my dev server private urls were being botted. Only way for them to get leaked was virus, google or some extension. For me it seemed like the Window Resizer -addon was leaking every url I visited. And it's not the only addon that seem to use google analytics. wtf?
What UX library did you use here? It looks like bootstrap but isn't (as far as I can tell).
Looks like the website is built with Laravel[1] using Livewire[2] (Alpine JS on the front-end) and the UI library used is Flux[3].
[1]: https://laravel.com/
[2]: https://livewire.laravel.com/
[3]: https://fluxui.dev/
Shout-out to FluxUI.dev
The less of Chrome extensions, the better.
Interesting extension
Thanks Hieu
I like the UI. Neat.
Shout-out to FluxUI.dev
Please promote Firefox extensions. Chrome and Google are on a dangerous trajectoryin ruining peoples lives.
Please dont be part of the problem in promoting chrome / chromium
> Please promote Firefox extensions. Chrome and Google are on a dangerous trajectoryin ruining peoples lives.
Unfortunately, Firefox is on a trajectory of "imitate what Chrome's doing." I certainly no longer trust Mozilla as I once did. They're probably better than Google, but they've made it clear they're going to make decisions for market share over respecting their historical ideals.
Yeah. I'm working on it
[dead]