“Edit (2020-10-28): As @firstname.lastname@example.org pointed out, extensions acquire this Verified badge by paying for the review. All the more interesting to learn what kind of review has been paid here.”
I did not expect the #Honey browser extension to provide great privacy. Still, finding four (!) different mechanisms allowing the Honey server to run arbitrary code on any website exceeded my expectations by far. It even uses AES for obfuscation.
My only theory so far: this whole thing is a pretense to satisfy Mozilla’s requirements. Because Mozilla (unlike Google) doesn’t allow extensions to run remote code, as compromising the server responsible for this code would compromise the extension as well.
Why? I mean: seriously, why?
Software developer and security researcher, browser extensions expert. He/him
Other Mastodon account for non-technical topics: https://social.tchncs.de/@WPalant
A Mastodon instance for info/cyber security-minded people.