> Note that firefox doesn't have this problem [...] maybe has something to do with the fact that they show usage numbers on the results page.
Mozilla does a manual code review of newly submitted or updated extensions. So, an actual human being sits down and looks at the code. They'll notice when a fake uBlock Origin is submitted.
With that, they also enforce a rule which Google does not have, that any connection to the internet which is not necessary for the add-on to function (ads, telemetry) have to be opt-in.
This isn't perfect protection, for example the extension Web Of Trust required sending browsing data back home in order to function, which they then sold in anonymized form, which was proven to be deanonymizable last year. But it does take out the incentive to spread fake versions in a lot of cases, as you just can't publish an ad-ridden or trojan uBlock Origin clone.
> With that, they also enforce a rule which Google does not have, that any connection to the internet which is not necessary for the add-on to function (ads, telemetry) have to be opt-in.
This sounds pretty cool and reasonable. But extensions still can modify the currently displayed website, right? Doesn't that make it trivial to submit data somewhere? E.g. <img> tag with GET params, as the most basic form of this.
Mozilla does a manual code review of newly submitted or updated extensions. So, an actual human being sits down and looks at the code. They'll notice when a fake uBlock Origin is submitted.
With that, they also enforce a rule which Google does not have, that any connection to the internet which is not necessary for the add-on to function (ads, telemetry) have to be opt-in.
This isn't perfect protection, for example the extension Web Of Trust required sending browsing data back home in order to function, which they then sold in anonymized form, which was proven to be deanonymizable last year. But it does take out the incentive to spread fake versions in a lot of cases, as you just can't publish an ad-ridden or trojan uBlock Origin clone.