Hacker News new | past | comments | ask | show | jobs | submit
ok_dad | on: TabBoo – add random jumpscares to websites you're trying to avoid
I would hope that these days the popular extension devs would know about this type of attack and would guard against it by perhaps selling the extension code but shutting down the original extension page under their control so users have to choose to install the new company's extension. As a matter of fact, why won't Google/Mozilla prevent this by making an extension and a person's account inseparable, and have legal language in the ToS that says they can't sell the extension as-is with the install base to a new company? It would prevent so much.
stavros | parent | next
The offer would be $10k for the extension page, or $10 for just the code.

Google/mozilla don't add legal language because legal language doesn't make something illegal. They can say "we'll remove your extension if we find out you've sold it", but they way they'd find out would be that the extension now serves malware anyway.

CobrastanJorji | parent | next
That'd be interesting, but imagine how poorly it'd work given how often medium/large companies change hands. Heck, when Google itself became a subsidiary of Alphabet, it didn't require everyone to create new "Alphabet" accounts and replace Google Chrome with Alphabet Chrome.

Although...I'm not necessarily opposed to that. Companies can change names and ownership a little too easily. Making it painful might help some things.

alasarmas | parent | next
I remember reading somewhere that, in times long past, if a company name was of the form “Johnson and Sons” (for example), it would be considered fraud to sell that company outside of the named family.

I personally think you’re on to something with tying companies to the reputation of specific natural persons, but I don’t think that is where we are going anytime soon.

jaredsohn | parent | next
>why won't Google/Mozilla prevent this by making an extension and a person's account inseparable

This can be gotten around easily by making a separate Google account for the extension. It would require using gmail rather GSuite (without transferring over the entire GSuite domain.)

jslakro | parent
That would be the right thing but browsers are not interested in adding friction to an ecosystem that already has its own rules. Extensions offer a lot of value to users witjout any effort from the browser companies