←back to thread

Chrome for Android doesn't have extensions, but Edge now has a whole store

60 points soumikmahato | 2 comments | 14 Mar 25 18:19 UTC | HN request time: 0.448s | source

Microsoft edge's latest build version 134.0.3124.57, just added a whole new web-store for Android user unlike google. Extensions are great for adding a tiny bit of functionality to a browsing experience without dedicating an entire app to run in the background. For instance, some users like to use VPNs securely tied in from the browser itself rather than running the full-scale app.
Show context
lxgr ◴[14 Mar 25 18:59 UTC] No.43366005[source]
> Extensions are great for adding a tiny bit of functionality to a browsing experience without dedicating an entire app to run in the background.

And a great way to give permission to read and modify all websites you visit to something that should really better be an isolated application.

I would really not consider web extensions an alternative to standalone apps. In my security model, they inhabit the opposite corner.

> some users like to use VPNs securely tied in from the browser itself rather than running the full-scale app

This might be a mistake, for example. A VPN app runs sandboxed on mobile OSes (and many VPN types are supported by OSes natively so there's no need for an app in the first place), so it can't get access to website data (if HTTPS is used), whereas a web extension usually can.

replies(1): >>43368464 #
1. xboxnolifes ◴[14 Mar 25 23:36 UTC] No.43368464[source]
> And a great way to give permission to read and modify all websites you visit to something that should really better be an isolated application.

Then don't do that. Give them permission to only read specific sites, or even no access if they don't need it.

replies(1): >>43369176 #
2. lxgr ◴[15 Mar 25 01:46 UTC] No.43369176[source]
If only that were possible!

Manifest V2 doesn't even support fine-grained permissions like that (they have to statically declare all sites they ever want to access at build time, and users have to accept all of them at install time).

Manifest V3 is better and offers a dynamic API to request more permissions on a per-site basis, but it's still not perfect – for example, Chrome presents the "proxy" permission as "read and change data on all websites", so as a user, I have no idea if a VPN extension just wants the proxy permission, or write permissions to every site I visit.