I built a platform for discovering and sharing Chrome extension collections
(webextension.net)127 points by trungpv1601 2 days ago | 65 comments
127 points by trungpv1601 2 days ago | 65 comments
richrichardsson 2 days ago | root | parent | next |
> I found it more trustworthy to code my own extensions
I used to have a ton of little single use extensions that I barely ever used but thought at the time of installation, ”that could be useful one day". Then I started noticing I was liking really random shit on Facebook. That immediately ceased when I uninstalled all but Bitwarden, Leechblock and uBlock Origin. I will never install another random 3rd party extension again
collinvandyck76 2 days ago | root | parent | next |
Which of your single use extensions was causing you to like things on Facebook?
aragonite 2 days ago | root | parent | next |
Not the GP, but just last week Google automatically removed a single use extension (https://readermode.io) from my browser after flagging it as malware (as I recall the extension updated itself a day before the removal). The extension has also been taken down from the Chrome web store (https://chromewebstore.google.com/detail/reader-mode/llimhhc...) though Google hasn't provided any details about what it was doing that led to the removal.
nomilk 2 days ago | root | parent | next |
I think the asymmetry in payoffs explains this, since a bad actor who baits and switches their extension could do massive damage to users. So google try to catch this behaviour and inevitably have some false positives (extensions labelled malware that actually aren't). The cost of a false positive is annoyance. The cost of real malware getting through could be your bank balance.
hackinthebochs 2 days ago | root | parent |
Automatic extension updates is a stupid practice. The attack surface for a legit extension is minimal, while being huge for a malware update. I'm against almost all automatic software updates in general, but browser extensions take the cake for having an obscene cost/benefit ratio. Chrome won't even let you turn it off. Personally I extract and load all my extensions in developer mode.
amelius 2 days ago | root | parent | prev | next |
I heard (on HN) that often an extension changes owners just before turning bad. Curious if that was the case here.
digitalengineer a day ago | root | parent |
Correct! That's why I use "Under new management" https://chromewebstore.google.com/detail/under-new-managemen...
freehorse 2 days ago | root | parent | prev | next |
https://web.archive.org/web/20240927002632/https://chromeweb...
There are several complains in the reviews, though it all seems a bit bizarre in that the issue was with an opt-in so-called "eco-mode" that basically was throwing pop-ups with affiliate links.
2 days ago | root | parent | prev |
richrichardsson 21 hours ago | root | parent | prev | next |
I can't answer that question I'm afraid. I disabled somewhere in the region of 5-10 extensions and it would have required more effort than I cared to exert to figure out which was the culprit. This means that I can't categorically state an extension was to blame, but there was a strong correlation between my removing them and the spurious likes stopping.
cynicalsecurity 2 days ago | root | parent | prev |
Tons of them. Custom download page, to avoid seeing the old ugly Chrome'a download shelf at the bottom of the screen.
JadeNB 2 days ago | root | parent |
> Tons of them. Custom download page, to avoid seeing the old ugly Chrome'a download shelf at the bottom of the screen.
Just to make sure—you seem to be replying to https://news.ycombinator.com/item?id=42493152, which currently says:
> Which of your single use extensions was causing you to like things on Facebook?
Are you saying tons of your single-use extensions caused this Facebook liking, and a custom download page was one of them? Or was this meant to be a response to https://news.ycombinator.com/item?id=42492881?
(Or maybe something's wrong with parent links today. For me, on the main page, they are now turning into anchored links that don't seem to go where intended, which wasn't happening yesterday.)
antihero 8 hours ago | root | parent | prev |
I remember this happening when an extension got sold and then stole my Instagram cookies. Absolutely tonnes of likes of weird shit.
adamredwoods 11 hours ago | root | parent | prev | next |
Interesting that extensions are not seen as trustworthy. I installed a third-party one for work, and it kept opening up the developers website which was blocked by our firewall. Why try to do a web action the user didn't request? It devolves trust.
polotics 2 days ago | root | parent | prev | next |
Haha exactly! Except I didnt bother to publish mine on chromewebstore, it's just on gitlab: https://gitlab.com/natural_aliens/geminiwrap_plugin ...it makes Gemini-Chat voice dictation a bit more useful.
My other one, the remove-youtube-shorts, is almost an one-liner, so I didnt even publish it it's too trivial I think. Everyone just make your own!
franze 2 days ago | root | parent | next |
Yeah, creating the marketing screenshots and filling out the publishing form takes longer nowadays then coding the actual extension.
polotics 2 days ago | root | parent | next |
Also if anyone wants to uses an extension I would much rather they make the minuscule effort to create a local folder, put the files in there, and load the extension's folder with the chrome extension mgr. Maybe even they can peek at the source code... I really don't see why I'd have to push my name, address, email etc on some google storefront and submit myself to spam reviews at the big "google-internet" party in the cloud.
oefrha 2 days ago | root | parent | prev |
I was updating my Chrome Web Store extensions to MV3 the other day. Had to fill a fair bit of new stuff. Then one dead simple extension I haven’t touched in a decade got its update rejected due to “description provided is insufficient to understand the functionality of the item”, even though anyone who bothered to seek it out absolutely would have no trouble understanding what it does (according to analytics on the dashboard, there are a grand total of ~20 active users and a couple hundred throughout its lifetime), never mind what those lay reviewers think. The review process is really dumb.
dsauerbrun 2 days ago | root | parent | prev | next |
I'm gonna need the remove youtube shorts one
vunderba 2 days ago | root | parent | next |
An extension doesn't make sense for a simple DOM manipulation - I'd recommend installing Tampermonkey then finding a script like the following:
https://github.com/hallzy/remove-youtube-shorts/blob/master/...
DaSHacka 2 days ago | root | parent | prev |
You can do it natively inside ublock origin if you don't want to install an extra extension (often the case for a surprising number of simple extensions, actually).
I used to block it myself with my own filter, but after YouTube changed things up and broke it I've just been using someone else's filterlist and it works the same.
77pt77 2 days ago | root | parent | prev |
But did you "code" them with chatgpt also?
amelius 2 days ago | root | parent | prev | next |
I'm too scared to download extensions, so I use bookmarklets (on Firefox).
But I like your suggestion of using ChatGPT to write extensions.
RustySpottedCat 2 days ago | root | parent |
Tampermonkey scripts with chatgpt is even faster. Adding a functionality to a website just by pasting the site's html in chatgpt and in 2min I get what I need.
DaSHacka 2 days ago | root | parent |
Making a simple tool for a site or two is the perfect use case for a userscript manager like TamperMonkey/ViolentMonkey (FOSS alternative), I think making your own extension is somewhat overkill
Easier to share with others, too
croes 2 days ago | root | parent | prev |
Your cost but not the cost.
seanwilson 2 days ago | prev | next |
For what it's worth, if you create a new profile for Chrome extensions, they won't have access to your regular browser profile.
I do this for web developer extensions that typically need a lot of powerful permissions. So I have a Chrome profile that's full of web developer extensions, so they're isolated from private and security sensitive stuff like email and banking.
Similarly, you can do this by installing Chrome Beta or Chrome Canary for use with different extensions you don't want to take a risk with.
nomilk a day ago | root | parent |
I've often wondered what chrome extensions have access to. Is it completely safe to install untrustworthy extensions so long as the user profile is a new one?
Also, I have a wonderful one-liner [1] aliased in ~/.zshrc (opens chrome with a new user profile with one command)
open -n -a "Google Chrome" --args --user-data-dir=$(mktemp -d)
[1] https://superuser.com/a/1652648/928461dizhn 2 days ago | prev | next |
Not a good day to have Honey in the list :)
nomilk 2 days ago | root | parent | next |
Was curious so just searched. Apparently Honey would try to get the best coupon codes on the web, but they started partnering with businesses to give (say) 10% off via a Honey-specific discount code (e.g. HONEY10), but Honey would ignore other (possibly greater) discounts, thus lulling users into a false sense of security that they were getting the best deal when they often weren't.
shreddit 2 days ago | root | parent | next |
It’s even worse. They steal from other promoters. Say you watch a LTT video and use one of their affiliate links. If you have honey installed they will replace the link with their own affiliate link and cash the promotion bonus without any promotion by themselves.
CodesInChaos 2 days ago | root | parent |
Of the three bad things they've been accused of, I'd consider that by far the least. Selling tracking data is an invasion of privacy. Deliberately not showing better discounts violates their core value proposition. Replacing deferral links doesn't hurt the user, and isn't much different from blocking ads.
369548684892826 2 days ago | root | parent |
As a user that might use referral links to support the youtube channel, I do feel in an indirect way this does hurt the user
microbass 2 days ago | root | parent | prev | next |
And, they highjacked referral links, ensuring they got referral commission, not the original referrer.
firtoz 2 days ago | root | parent | prev | next |
Sigh, and I was just thinking about installing it. Time to find another one, or perhaps it will also fall to Goodhart’s Law.
shreddit 2 days ago | root | parent |
I’d really like to know what exactly you are looking for? There is no such thing as “free” and no browser extension will give you something for free. You are paying, one way or the other…
andelink 2 days ago | root | parent | next |
My thoughts as well. Given their business model, any Honey replacement will be engaging in the same sort of behavior. Never seemed worth it to me.
firtoz 2 days ago | root | parent | prev | next |
I want to see and/or collect discount codes for things
JadeNB 2 days ago | root | parent | prev |
> I’d really like to know what exactly you are looking for? There is no such thing as “free” and no browser extension will give you something for free. You are paying, one way or the other…
Sometimes there are really-free things. Old-style open-source software is a collection of such things. Extensions, at their beginning, were too, and some of them still are. As far as I know, for example, there's no 'gotcha' in uBlock Origin (although there is the 'gotcha' of knowing to look for them instead of the myriad other solutions that are non-free).
handsclean 2 days ago | root | parent | prev |
Before the rest of these abuses, Honey was blatantly tracking users and selling that data, which I think is a good example of how privacy abuse is often a canary of generally immoral behavior.
shreddit 2 days ago | root | parent | prev | next |
I’m actually impressed by honey. They could have either just sold the user data, or only switched the referral links, or just showed their users the “best” coupons.
But they went for all of it. I’d have wanted to be in the room when the higher ups chose this path.
d3vr 2 days ago | root | parent | prev |
For anyone else outside the loop, MegaLag released a video [1] yesterday exposing the shady practices by Honey
vermayash8 2 days ago | prev | next |
Interesting, I find it useful. A couple of features you could think about:
1. Is there a feature to create a "pull request" to the collection maintainer to propose adding some extensions to their collection? Otherwise, there would be several public shared collections for the same use-case and it may become scattered.
2. I'd like to be able to favorite / like / star a collection, and that to be used as a signal to search results ranking.
Another adjacent domain to expand could be Tampermonkey scripts.
trungpv1601 2 days ago | root | parent |
Thank you for the feedback. I will add it to the roadmap.
RadiozRadioz 2 days ago | prev | next |
Any plans to support FireFox extensions?
trungpv1601 2 days ago | root | parent |
Yes. I'm working on it
popoxdev 21 hours ago | prev | next |
Nice work I find it useful since I like to use a few extensions for development. Do you have any insights over the market share for extensions between Chrome and Firefox. I'm developing an extension and I don't know if it's worth to maintain both versions?
trungpv1601 21 hours ago | root | parent |
For me, your Focus Chrome extension is enough. No need to overthink about making both versions. Chromium has huge opportunities including Chrome, Brave, Opera...
demaga 2 days ago | prev | next |
Neat site. Nice to see my extension that I just published a couple of days ago here! It doesn't even have any users yet.
How did you obtain this info? Is there an API for that?
https://webextension.net/chrome/extension/epjjmfojjmbgignfnk...
anonymous344 2 days ago | prev | next |
I used to use extensions in the chrome, but then I noticed that my dev server private urls were being botted. Only way for them to get leaked was virus, google or some extension. For me it seemed like the Window Resizer -addon was leaking every url I visited. And it's not the only addon that seem to use google analytics. wtf?
deanc 2 days ago | prev | next |
What UX library did you use here? It looks like bootstrap but isn't (as far as I can tell).
vallode 2 days ago | root | parent | next |
Looks like the website is built with Laravel[1] using Livewire[2] (Alpine JS on the front-end) and the UI library used is Flux[3].
[1]: https://laravel.com/
[2]: https://livewire.laravel.com/
[3]: https://fluxui.dev/
trungpv1601 2 days ago | root | parent | prev |
Shout-out to FluxUI.dev
sneak 21 hours ago | prev | next |
Browser extensions are a major security risk and you should not install any that you wouldn’t trust with your login cookies on every site you visit.
cynicalsecurity 2 days ago | prev | next |
The less of Chrome extensions, the better.
hieunc229 2 days ago | prev | next |
Interesting extension
trungpv1601 2 days ago | root | parent |
Thanks Hieu
ned99 2 days ago | prev | next |
I like the UI. Neat.
trungpv1601 2 days ago | root | parent |
Shout-out to FluxUI.dev
2Gkashmiri 2 days ago | prev | next |
Please promote Firefox extensions. Chrome and Google are on a dangerous trajectoryin ruining peoples lives.
Please dont be part of the problem in promoting chrome / chromium
JadeNB 2 days ago | root | parent | next |
> Please promote Firefox extensions. Chrome and Google are on a dangerous trajectoryin ruining peoples lives.
Unfortunately, Firefox is on a trajectory of "imitate what Chrome's doing." I certainly no longer trust Mozilla as I once did. They're probably better than Google, but they've made it clear they're going to make decisions for market share over respecting their historical ideals.
trungpv1601 2 days ago | root | parent | prev |
Yeah. I'm working on it
arthuryuzbashew 2 days ago | prev |
[dead]
franze 2 days ago | next |
I found it more trustworthy to code my own extensions via ChatGPT. These are the last 2 ones. I pretty much dont care if people use them, as the mostly fulfill my own usecases.
https://chromewebstore.google.com/detail/comparative-chatgpt...
https://thisismy.franzai.com/
The cost of (small) software is fast approaching 0, and it can be faster now to code your own solution, instead of looking for one that nearly mostly fulfills your usecases.