little-rat VS hoverzoom

Great idea! We need a lot more visibility into what extensions are doing. I made little-rat [1] last year, to detect network calls coming from other extensions. Love to see more tools like yours!

[1] https://github.com/dnakov/little-rat

It says 1.0 in the extensions manager, but it was downloaded fresh this evening by clicking on the 'ZIP' link in your readme.md on here:

https://github.com/dnakov/little-rat/tree/main

2: https://github.com/dnakov/little-rat

I recently installed the Little Rat chrome extension, which I found here on HackerNews.

https://github.com/dnakov/little-rat

And what I found is that the Midnight Lizard chrome extension is monitoring my browsing-- sending home screenshots.

You can see examples here: https://ibb.co/JQvgt3p

Apparently my browsing data is being ingested by a company called "Mark Monitor Inc." (based on WhoIs search for the domain the data is sent to -- https://www.whois.com/whois/ytimg.com )

Nifty - but please do this more carefully:

https://github.com/dnakov/little-rat/blob/main/popup.js#L36

I do not want to have to worry about whether another extension can inject xss into yours with a crafted request/id/name.

I will leave this as a gallery of emails with offers to buy extension hoverzoom: https://github.com/extesy/hoverzoom/discussions/670

Sidenote: The "collaboration" offers come from time to time even to non-extensions projects, if they are reasonably widely used. E.g. simple tools (rather widely used suite of android apps recently sold).

> Manifest V3 will stop this by limiting what Google describes "remotely hosted code." All updates, even to benign things like a filtering list, will need to happen through full extension updates through the Chrome Web Store. They will all be subject to Chrome Web Store reviews process, and that comes with a significant time delay.

So the author can't think of any other reason for this change other than to "slow down ad blocker updates"

Well how about stuff like this: https://github.com/extesy/hoverzoom/discussions/670

Where an extension dev details offers to "monetize" his app and basically perform a bait and switch and make it malicious.

These type of offers are actually quite common. See this[0] and the discussion[1]. I try to stick with only the most popular of extensions in the hope that any malicious changes would be widespread news, but it is still a gamble.

[0] https://github.com/extesy/hoverzoom/discussions/670

[1] https://news.ycombinator.com/item?id=37066680

As a maintainer of a semi-popular chrome extension[1], I receive so many buy-out offers that I started publicly collecting them[2] for everyone to see.

[1] https://chrome.google.com/webstore/detail/hover-zoom%20/pccc...

[2] https://github.com/extesy/hoverzoom/discussions/670

Also, here's a open source alternative.

I don't want to download a sieve from a russian forum. Hover Zoom+ is working fine.

Hover Zoom+: https://github.com/extesy/hoverzoom/ (this is the open source one, not the old one with malware)