@This2ShallPass @themachinestops As an extension developper on Mozilla’s store, yes it’s definitely possible. There’s some automatic review process but what you state in your implicit data consent disclosure (that’s how they call it) is up to the developer.

However, the extension can’t access all websites unless you specifically allow it while installing. There’s an “All websites” permission, so if it’s that or if it includes some kind of sketchy site then it’s a bad sign.

Finally, just like any web page, you can always inspect an extension and check the network requests to see if it’s doing malicious stuff. If so, then you can report it.

But since mozilla accounts are free and only require a verified email, they could just create another one. It’s an endless game of whack-a-mole!

@MonkderVierte The thing is, since the code is running inside a browser extension there’s no way to interact with third party tools that aren’t part of the standard JavaScript api.

Well, I mean there’s Native Messaging https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native/_messaging but it only works for PC (Bye bye to ~70% of Android users) and I’d have to use a forked version to be able to handle messages from the browser extension, so I think that’s not the best solution for me

@MonkderVierte I’m afraid I can’t handle that from a browser extension, but good to know!