65 comments

  • franze 2 days ago ago

    I found it more trustworthy to code my own extensions via ChatGPT. These are the last 2 ones. I pretty much dont care if people use them, as the mostly fulfill my own usecases.

    https://chromewebstore.google.com/detail/comparative-chatgpt...

    https://thisismy.franzai.com/

    The cost of (small) software is fast approaching 0, and it can be faster now to code your own solution, instead of looking for one that nearly mostly fulfills your usecases.

    • richrichardsson 2 days ago ago

      > I found it more trustworthy to code my own extensions

      I used to have a ton of little single use extensions that I barely ever used but thought at the time of installation, ”that could be useful one day". Then I started noticing I was liking really random shit on Facebook. That immediately ceased when I uninstalled all but Bitwarden, Leechblock and uBlock Origin. I will never install another random 3rd party extension again

      • collinvandyck76 2 days ago ago

        Which of your single use extensions was causing you to like things on Facebook?

        • aragonite 2 days ago ago

          Not the GP, but just last week Google automatically removed a single use extension (https://readermode.io) from my browser after flagging it as malware (as I recall the extension updated itself a day before the removal). The extension has also been taken down from the Chrome web store (https://chromewebstore.google.com/detail/reader-mode/llimhhc...) though Google hasn't provided any details about what it was doing that led to the removal.

          • nomilk 2 days ago ago

            I think the asymmetry in payoffs explains this, since a bad actor who baits and switches their extension could do massive damage to users. So google try to catch this behaviour and inevitably have some false positives (extensions labelled malware that actually aren't). The cost of a false positive is annoyance. The cost of real malware getting through could be your bank balance.

            • hackinthebochs 2 days ago ago

              Automatic extension updates is a stupid practice. The attack surface for a legit extension is minimal, while being huge for a malware update. I'm against almost all automatic software updates in general, but browser extensions take the cake for having an obscene cost/benefit ratio. Chrome won't even let you turn it off. Personally I extract and load all my extensions in developer mode.

          • amelius 2 days ago ago

            I heard (on HN) that often an extension changes owners just before turning bad. Curious if that was the case here.

          • freehorse 2 days ago ago

            https://web.archive.org/web/20240927002632/https://chromeweb...

            There are several complains in the reviews, though it all seems a bit bizarre in that the issue was with an opt-in so-called "eco-mode" that basically was throwing pop-ups with affiliate links.

          • 2 days ago ago
            [deleted]
        • richrichardsson a day ago ago

          I can't answer that question I'm afraid. I disabled somewhere in the region of 5-10 extensions and it would have required more effort than I cared to exert to figure out which was the culprit. This means that I can't categorically state an extension was to blame, but there was a strong correlation between my removing them and the spurious likes stopping.

        • cynicalsecurity 2 days ago ago

          Tons of them. Custom download page, to avoid seeing the old ugly Chrome'a download shelf at the bottom of the screen.

          • JadeNB 2 days ago ago

            > Tons of them. Custom download page, to avoid seeing the old ugly Chrome'a download shelf at the bottom of the screen.

            Just to make sure—you seem to be replying to https://news.ycombinator.com/item?id=42493152, which currently says:

            > Which of your single use extensions was causing you to like things on Facebook?

            Are you saying tons of your single-use extensions caused this Facebook liking, and a custom download page was one of them? Or was this meant to be a response to https://news.ycombinator.com/item?id=42492881?

            (Or maybe something's wrong with parent links today. For me, on the main page, they are now turning into anchored links that don't seem to go where intended, which wasn't happening yesterday.)

      • antihero 9 hours ago ago

        I remember this happening when an extension got sold and then stole my Instagram cookies. Absolutely tonnes of likes of weird shit.

    • adamredwoods 12 hours ago ago

      Interesting that extensions are not seen as trustworthy. I installed a third-party one for work, and it kept opening up the developers website which was blocked by our firewall. Why try to do a web action the user didn't request? It devolves trust.

    • polotics 2 days ago ago

      Haha exactly! Except I didnt bother to publish mine on chromewebstore, it's just on gitlab: https://gitlab.com/natural_aliens/geminiwrap_plugin ...it makes Gemini-Chat voice dictation a bit more useful.

      My other one, the remove-youtube-shorts, is almost an one-liner, so I didnt even publish it it's too trivial I think. Everyone just make your own!

      • franze 2 days ago ago

        Yeah, creating the marketing screenshots and filling out the publishing form takes longer nowadays then coding the actual extension.

        • polotics 2 days ago ago

          Also if anyone wants to uses an extension I would much rather they make the minuscule effort to create a local folder, put the files in there, and load the extension's folder with the chrome extension mgr. Maybe even they can peek at the source code... I really don't see why I'd have to push my name, address, email etc on some google storefront and submit myself to spam reviews at the big "google-internet" party in the cloud.

        • oefrha 2 days ago ago

          I was updating my Chrome Web Store extensions to MV3 the other day. Had to fill a fair bit of new stuff. Then one dead simple extension I haven’t touched in a decade got its update rejected due to “description provided is insufficient to understand the functionality of the item”, even though anyone who bothered to seek it out absolutely would have no trouble understanding what it does (according to analytics on the dashboard, there are a grand total of ~20 active users and a couple hundred throughout its lifetime), never mind what those lay reviewers think. The review process is really dumb.

      • dsauerbrun 2 days ago ago

        I'm gonna need the remove youtube shorts one

      • 77pt77 2 days ago ago

        But did you "code" them with chatgpt also?

    • amelius 2 days ago ago

      I'm too scared to download extensions, so I use bookmarklets (on Firefox).

      But I like your suggestion of using ChatGPT to write extensions.

      • RustySpottedCat 2 days ago ago

        Tampermonkey scripts with chatgpt is even faster. Adding a functionality to a website just by pasting the site's html in chatgpt and in 2min I get what I need.

        • DaSHacka 2 days ago ago

          Making a simple tool for a site or two is the perfect use case for a userscript manager like TamperMonkey/ViolentMonkey (FOSS alternative), I think making your own extension is somewhat overkill

          Easier to share with others, too

    • croes 2 days ago ago

      Your cost but not the cost.

  • seanwilson 2 days ago ago

    For what it's worth, if you create a new profile for Chrome extensions, they won't have access to your regular browser profile.

    I do this for web developer extensions that typically need a lot of powerful permissions. So I have a Chrome profile that's full of web developer extensions, so they're isolated from private and security sensitive stuff like email and banking.

    Similarly, you can do this by installing Chrome Beta or Chrome Canary for use with different extensions you don't want to take a risk with.

    • nomilk a day ago ago

      I've often wondered what chrome extensions have access to. Is it completely safe to install untrustworthy extensions so long as the user profile is a new one?

      Also, I have a wonderful one-liner [1] aliased in ~/.zshrc (opens chrome with a new user profile with one command)

          open -n -a "Google Chrome" --args --user-data-dir=$(mktemp -d)
      
      
      [1] https://superuser.com/a/1652648/928461
  • dizhn 2 days ago ago

    Not a good day to have Honey in the list :)

    • nomilk 2 days ago ago

      Was curious so just searched. Apparently Honey would try to get the best coupon codes on the web, but they started partnering with businesses to give (say) 10% off via a Honey-specific discount code (e.g. HONEY10), but Honey would ignore other (possibly greater) discounts, thus lulling users into a false sense of security that they were getting the best deal when they often weren't.

      • shreddit 2 days ago ago

        It’s even worse. They steal from other promoters. Say you watch a LTT video and use one of their affiliate links. If you have honey installed they will replace the link with their own affiliate link and cash the promotion bonus without any promotion by themselves.

        • CodesInChaos 2 days ago ago

          Of the three bad things they've been accused of, I'd consider that by far the least. Selling tracking data is an invasion of privacy. Deliberately not showing better discounts violates their core value proposition. Replacing deferral links doesn't hurt the user, and isn't much different from blocking ads.

          • 369548684892826 2 days ago ago

            As a user that might use referral links to support the youtube channel, I do feel in an indirect way this does hurt the user

      • microbass 2 days ago ago

        And, they highjacked referral links, ensuring they got referral commission, not the original referrer.

      • firtoz 2 days ago ago

        Sigh, and I was just thinking about installing it. Time to find another one, or perhaps it will also fall to Goodhart’s Law.

        • shreddit 2 days ago ago

          I’d really like to know what exactly you are looking for? There is no such thing as “free” and no browser extension will give you something for free. You are paying, one way or the other…

          • andelink 2 days ago ago

            My thoughts as well. Given their business model, any Honey replacement will be engaging in the same sort of behavior. Never seemed worth it to me.

          • firtoz 2 days ago ago

            I want to see and/or collect discount codes for things

          • JadeNB 2 days ago ago

            > I’d really like to know what exactly you are looking for? There is no such thing as “free” and no browser extension will give you something for free. You are paying, one way or the other…

            Sometimes there are really-free things. Old-style open-source software is a collection of such things. Extensions, at their beginning, were too, and some of them still are. As far as I know, for example, there's no 'gotcha' in uBlock Origin (although there is the 'gotcha' of knowing to look for them instead of the myriad other solutions that are non-free).

      • handsclean 2 days ago ago

        Before the rest of these abuses, Honey was blatantly tracking users and selling that data, which I think is a good example of how privacy abuse is often a canary of generally immoral behavior.

    • shreddit 2 days ago ago

      I’m actually impressed by honey. They could have either just sold the user data, or only switched the referral links, or just showed their users the “best” coupons.

      But they went for all of it. I’d have wanted to be in the room when the higher ups chose this path.

    • d3vr 2 days ago ago

      For anyone else outside the loop, MegaLag released a video [1] yesterday exposing the shady practices by Honey

      1: https://youtube.com/watch?v=vc4yL3YTwWk

  • vermayash8 2 days ago ago

    Interesting, I find it useful. A couple of features you could think about:

    1. Is there a feature to create a "pull request" to the collection maintainer to propose adding some extensions to their collection? Otherwise, there would be several public shared collections for the same use-case and it may become scattered.

    2. I'd like to be able to favorite / like / star a collection, and that to be used as a signal to search results ranking.

    Another adjacent domain to expand could be Tampermonkey scripts.

    • trungpv1601 2 days ago ago

      Thank you for the feedback. I will add it to the roadmap.

  • RadiozRadioz 2 days ago ago

    Any plans to support FireFox extensions?

  • popoxdev a day ago ago

    Nice work I find it useful since I like to use a few extensions for development. Do you have any insights over the market share for extensions between Chrome and Firefox. I'm developing an extension and I don't know if it's worth to maintain both versions?

    • trungpv1601 a day ago ago

      For me, your Focus Chrome extension is enough. No need to overthink about making both versions. Chromium has huge opportunities including Chrome, Brave, Opera...

  • demaga 2 days ago ago

    Neat site. Nice to see my extension that I just published a couple of days ago here! It doesn't even have any users yet.

    How did you obtain this info? Is there an API for that?

    https://webextension.net/chrome/extension/epjjmfojjmbgignfnk...

  • anonymous344 2 days ago ago

    I used to use extensions in the chrome, but then I noticed that my dev server private urls were being botted. Only way for them to get leaked was virus, google or some extension. For me it seemed like the Window Resizer -addon was leaking every url I visited. And it's not the only addon that seem to use google analytics. wtf?

  • deanc 2 days ago ago

    What UX library did you use here? It looks like bootstrap but isn't (as far as I can tell).

  • sneak a day ago ago

    Browser extensions are a major security risk and you should not install any that you wouldn’t trust with your login cookies on every site you visit.

  • bl4kers a day ago ago

    Userscripts > extensions

  • cynicalsecurity 2 days ago ago

    The less of Chrome extensions, the better.

  • hieunc229 2 days ago ago

    Interesting extension

  • ned99 2 days ago ago

    I like the UI. Neat.

  • 2Gkashmiri 2 days ago ago

    Please promote Firefox extensions. Chrome and Google are on a dangerous trajectoryin ruining peoples lives.

    Please dont be part of the problem in promoting chrome / chromium

    • JadeNB 2 days ago ago

      > Please promote Firefox extensions. Chrome and Google are on a dangerous trajectoryin ruining peoples lives.

      Unfortunately, Firefox is on a trajectory of "imitate what Chrome's doing." I certainly no longer trust Mozilla as I once did. They're probably better than Google, but they've made it clear they're going to make decisions for market share over respecting their historical ideals.

    • trungpv1601 2 days ago ago

      Yeah. I'm working on it

  • arthuryuzbashew 2 days ago ago

    [dead]