## Browser extensions are probably bad for you [![Extensions in Firefox were awesome...](pic/firefox_plaginy-200x.png)](pic/firefox_plaginy.png) Want to share my controversial opinion about browser extensions, and how it changed over the years. Just found my post written in old blog 2010 mentioning [22 extensions](pic/firefox_plaginy-200x.png) I was using daily in Firefox. Oh good old times, when extensions were so powerful! When I've started this blog in 2016, I've recommended being careful about extensions, and [review code](https://developer.run/3) before installing it. Today I am strongly against installing extensions at all, because of the following reasons: 1. It is [too easy](https://mattfrisbie.substack.com/p/spy-chrome-extension) for an extension to get access to all your digital life, banking, and stuff. And then do bad stuff with it. 2. Even if you trust the extension author, there is a chance that code will have a nasty vulnerability. 3. Even if the extension author is good at programming, there is a chance that their account will be forgotten, abandoned, stolen, [sold](https://github.com/extesy/hoverzoom/discussions/670) or hacked, and baddies will publish vulnerable code as an update. Such stories happen [too often](https://palant.info), even with [popular extensions](https://hn.algolia.com/?q=extension+hacked). To avoid installing extensions you can use The Only Truly Configurable Browser For Advanced Users ([Vivaldi](https://vivaldi.com)), which has a lot of stuff out of the box. For example, [killing API](https://yoric.github.io/post/why-did-mozilla-remove-xul-addons/) for TabMixPlus was the main reason for me to flee from Firefox[^ff]. In comparison, tab behavior is [highly configure in Vivaldi](https://vivaldi.com/blog/new-tab-opening-closing-behavior-vivaldi/) out of the box. If you still need something very specific, instead of installing the extension, I recommend finding its source, reviewing, forking it, stripping down any functionality you don't need, and installing from your local filesystem ([Chrome-like](https://developer.chrome.com/docs/extensions/mv3/getstarted/#manifest)/[Firefox](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Your_first_WebExtension#trying_it_out)). Keep codebase as small as possible to simplify code review. Here are some examples from me: * [Navigate the Web with keyboard](https://github.com/dmi3/userscripts/tree/master/navigator) - in addition to [VIM-like navigation](https://developer.run/47) it features focusing website search by pressing `/` key. Works on almost any website. Once you get used to it - extremely convenient. * [Duckduckgo](https://github.com/dmi3/userscripts) - my primary search engine has awesome keyboard controls (`↑`, `↓`, did you know that `o` opens first search result?). Unfortunately, sometimes Duck is unable to find stuff I'm looking for, so this extension redirects me to Google by pressing `g` * [Domain in title](https://github.com/dmi3/userscripts/tree/master/dimain-in-title) does what it says. For the needs of KeePassXC. I'm not publishing these extensions to any stores, because they are trivial, and meant to be forked and modified for your own needs :) 🏷️Infrastructure 🏷️Security [^ff]: bug marked as [closed](https://bugzilla.mozilla.org/show_bug.cgi?id=1344749) but this is a lie ---