Ask HN: Would you trust a new browser security extension in 2025?
The hypothesis: Current browser security is fragmented. You need multiple extensions (uBlock, Privacy Badger, HTTPS Everywhere) plus something for phishing protection. Most all-in-one options are bloated (Norton, Avira) or have privacy concerns.
What I'm considering: - Zero data collection (no accounts, no telemetry) - Open-source (MIT license) - Phishing detection (local + Safe Browsing API) - HTTPS enforcement - Cookie auto-delete - Pop-up blocking
Questions for HN:
1. Is there actually a gap here? Or is the current extension ecosystem already perfect?
2. What would make you trust a NEW security extension in 2025? Open source alone doesn't seem sufficient - there are sketchy OS extensions too.
3. Would you ever pay for browser security ($3-5/month)? Or should everything be donation-supported?
4. Is Manifest V3's limitations (30k rules, webRequest restrictions) a dealbreaker even for security-focused extensions?
I put together a survey to gather structured feedback: https://forms.gle/CrxiWDFM23wvHT7g9
But honestly more interested in the discussion here. Talk me out of this if it's a bad idea.
6 comments
[ 1.7 ms ] story [ 23.9 ms ] thread(I develop Privacy Badger.) There are significant benefits to adding PB or uBO to a browser that doesn't already ship with a real built-in ad blocker. While PB and uBO work well together and you may want to use both for various reasons, I wouldn't say you need both. Either one is enough by itself for most people.
>HTTPS Everywhere
HTTPS Everywhere has been deprecated and eventually removed from extension stores a few years ago: https://www.eff.org/deeplinks/2021/09/https-actually-everywh...
>Phishing detection
Why isn't what's built into browsers enough?
>Cookie auto-delete
Why bother when blocking trackers and ads?
>Pop-up blocking
Is that the same as the various "annoyances" ad blocker lists?
Time. I wouldn't trust it while it's new. I'd develop trust in it over time as I've observed the results of other people using and examining it.
> Would you ever pay for browser security ($3-5/month)?
I don't rent software, so I wouldn't pay a recurring fee. A one-time fee isn't out of the question, though.
> Is Manifest V3's limitations (30k rules, webRequest restrictions) a dealbreaker even for security-focused extensions?
Pretty much, in that I wouldn't be using a browser with that limitation in the first place.
> What I'm considering: - Zero data collection
...
> Phishing detection (local + Safe Browsing API)
Please, find the contradiction
Open source is a bare minimum, although even that's not worth as much given how much harder it is now to load extensions that you've compiled yourself.
But those features you're talking about sound like they need extensive privileges within the browser. And while your extension might do what it says today, what's stopping you sticking a load of malware and adverts in there tomorrow? Or selling it to someone else who does?
If the author is an established person whose been known for years to develop good quality extensions and not sell out, then that gives some assurance. If it's an organisation like the EFF, even better?
But a random anonymous person making their first extension? No chance.