No, how it should work is each extension is associated with a private key that i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Chris2048 3 months ago \| parent \| context \| favorite \| on: Chrome extensions spying on users' browsing data No, how it should work is each extension is associated with a private key that is registered with a specific individual or legal entity and implies some kind of liability for anything signed with that key - and if/when the key changes (or the associated credentials), users will be explicitely alerted and need to re-authenticate the plugin. If the old owner gives their key to the new owner, then they should be on the hook for it. I was thinking of this yesterday, as I think this is also how domains should work.

dragonmost 3 months ago [–]

How does this safe guards against having the extension under a company and selling that company off. Still the same entity, different owners, different "incentives".

Chris2048 3 months ago | [–]

Assuming the new owner is a director of the new company, they are now liable. Or possibly the previous owner, if they handed over the key as an asset.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact