>Any such process would have to be difficult for external programs.
Why? If the user already has a malicious 'external application' running on their system with sufficient privileges to do any of this, then they're already screwed, and they have bigger problems to worry about than malicious WebExtensions.
More generally, I don't think we should hold applications responsible for the security or behaviour of parts of the software/hardware stack at equal or higher privilege level to them, including other applications. Mostly because, well, they can't do anything truly effective in that regard.
I see you're worried about average users unknowingly installing random malicious crap, and I've seen a lot of that myself. I think the way forward is pretty much what is being done on mobile platforms currently: universally applied application sandboxing, usage of existing fine-grained access control models (and also the development of ones that are saner to use), and better communication to the user about what their applications are doing and what the permissions they are requesting actually mean. Yes, it's still a clusterfuck, but it's an improvement.
A security model involving applications in an arms-war with one another, using increasingly byzantine restictions in an attempt to prevent external manipulation, feels less like something I would want any part of, and more like something out of a dystopian sci-fi novel.
: Although I think Google went too far on the "lock things down completely" side of things when they made it outright impossible to, say, use rsync to backup or sync the entire contents of a phone's sd card to/from the network
Why? If the user already has a malicious 'external application' running on their system with sufficient privileges to do any of this, then they're already screwed, and they have bigger problems to worry about than malicious WebExtensions.
More generally, I don't think we should hold applications responsible for the security or behaviour of parts of the software/hardware stack at equal or higher privilege level to them, including other applications. Mostly because, well, they can't do anything truly effective in that regard.
I see you're worried about average users unknowingly installing random malicious crap, and I've seen a lot of that myself. I think the way forward is pretty much what is being done on mobile platforms currently: universally applied application sandboxing, usage of existing fine-grained access control models (and also the development of ones that are saner to use), and better communication to the user about what their applications are doing and what the permissions they are requesting actually mean. Yes, it's still a clusterfuck, but it's an improvement.
A security model involving applications in an arms-war with one another, using increasingly byzantine restictions in an attempt to prevent external manipulation, feels less like something I would want any part of, and more like something out of a dystopian sci-fi novel.
: Although I think Google went too far on the "lock things down completely" side of things when they made it outright impossible to, say, use rsync to backup or sync the entire contents of a phone's sd card to/from the network