> This is why I only run open source extensions that I can actually audit.
How far does your principle extend? To your web browser too? Google Chrome itself is partly but not entirely open source. Your operating system? Only Linux? Mac and Windows include closed source.
I didn't claim that it's implausible. I asked a question.
On the other hand, it's not that implausible either that someone might be running Google Chrome, Windows, Mac, etc. We know that many HN commenters do. Thus, while the OP may be 100% consistent, "I only run open source extensions that I can actually audit" would not be a consistent principle for those who also use closed source software.
> You don’t have to apply the same policies to everything you use.
What's the reasoning behind it, though?
You can arbitrarily apply different policies to different things, but there's no rhyme or reason to that.
If the difference ultimately comes down to trusting certain developers to an extent that you don't need to audit their source, then I'm not sure why that couldn't also be true of certain extension developers.
One benefit that FOSS provides is that there’s more eyeballs on the source code, so yeah, it’s a very strong trust signal. But sometimes priorities are a bit different, and ultimately you need to trust something.
IMO it still makes sense to personally vet browser extensions and trust the OS/browser:
1. It’s hard to create a new operating system or browser, so we don’t see many new ones. (Not taking into account Firefox forks / Chromium reskins here.) For browser extensions, the entry barrier is much lower, and the chance that one of them will be malicious is higher.
2. It’s also much harder to audit all of Linux, or Firefox/Chromium, especially if you’re not too familiar with the domain. For browser extensions on the other hand, it’s usually possible to go through them in one night.
How far does your principle extend? To your web browser too? Google Chrome itself is partly but not entirely open source. Your operating system? Only Linux? Mac and Windows include closed source.