Google needs to act on removing these extensions/doing more thorough code reviews. Reputability is everything, and they can be actually valuable (e.g. LastPass, my own extension Ward)

There has to be a better system. Maybe a public extension safety directory?

▲

yetanotherjosh 10 hours ago | parent | next [-]

I don't understand how code review would catch this. The extension advertises itself as an AI protection tool, that monitors your AI interactions. The code is basically consistent with the stated purpose. That it doesn't stop collecting data when you turn of the UI alerting is perhaps an inconsistency, but I think that's debatable (is there a rule in google's terms that says data collection is contingent on UI alerts being enabled?). I'm curious what workflow or decision tree you'd expect a code review process to follow here that results in this being rejected? The problem here doesn't seem like code related, it's policy related, as in, what are they doing with the information, not that the extension has code to collect it.

▲

johncolanduoni a day ago | parent | prev | next [-]

I’m not sure there’s much more juice to squeeze here via automated or semi-automated means. They could perhaps be doing these kind of human-in-the-loop reviews themselves for all extensions that hit a certain install count, but that’s not a popular technique at Google.

	▲	bennydog224 12 hours ago \| parent [-]
		Chrome extension codebases are fairly basic, I think there's room to build an agentic code scanner for these, but the juice probably isn't worth the squeeze to justify for them $$$-wise. Manual reviews I agree are expensive and dicey.

▲

H8crilA a day ago | parent | prev | next [-]

Do you think Google wants to have the extensions system, given that this is how people block ads?

▲

Liquix a day ago | parent | next [-]

adblockers on chromium-based browsers were severely crippled by manifest V3. they're fine with extenisons (and apparently malware) as long as users can't effectively block their tracking/ads.

▲

Legend2440 a day ago | parent [-]

Adblockers are still working fine though? I’m on chrome with ublock and I’m not seeing any ads.

▲

anonym29 a day ago | parent [-]

you're not using ublock, you're using ublock lite. it cannot do dynamic filtering, script blocking, or url parameter removal, among other limitations.

▲

charcircuit 20 hours ago | parent [-]

Why does that matter if he's not seeing ads. A severely crippled adblocker means that you would see ads during regular usage.

Additionally, Brave a chromium based browser has adblocking built into the browser itself meaning it is not affected by webextention changes and does not require trusting an additional 3rd party.

	▲	ozgrakkurt 19 hours ago \| parent [-]
		Tracking is also very important. Blocking scripts is very useful

▲

bennydog224 a day ago | parent | prev [-]

I wouldn’t be surprised if it goes away - it’s very “old Google”. We’re moving more towards walled gardens.

▲

est a day ago | parent | prev | next [-]

Google is doing code review on extensions?

	▲	bennydog224 a day ago \| parent [-]
		I’m not sure, but whenever I cut a new release I upload my extension code and it goes through a review period before they publish.

▲

bandrami 21 hours ago | parent | prev [-]

Is this even a problem that code review could find? Once they have your conversation data what happens then isn't part of the plug-in.

	▲	bennydog224 12 hours ago \| parent [-]
		You're not wrong, but one thing about scammy developers is they tend to be ballsy and not covert. The Koi blog covers all the egregious code specifically for exfilling LLM conversations. This stuff is a walking red flag if it was in a public commit/PR.