Can we use "dextensions" to avoid the dangers of browser extensions?

This week's post will deal with a different side of security. User security.

A while back, Google executed a major purge of cryptocurrency related materials from its Play Store in an attempt to appease those who allow it to dodge taxes in global havens.

In that same move, they "accidentally" removed MetaMask from the Chrome Web Store. Now, that situation has since been resolved, but that brief hole of opportunity allowed scammers to insert fake MetaMasks in place of the original. Google inadvertently exposed its users to incredible danger.

If you're not familiar with it, MetaMask is the Chrome plugin which lets users interact with the blockchain through the browser. For example, it makes it possible to use a game like CryptoKitties without knowing much about the blockchain, by providing users with an in-browser wallet which then interacts with Ethereum-based smarts contracts.

Granted, this only affected new users who were just going to install MetaMask, so existing users were safe. And yes, it was quickly resolved, but it was a problem big enough to warrant an official response even from MetaMask. This response mentions an important issue: while MetaMask is available built-in with the Brave browser, this is not so with Chrome, Opera, Ghost and Firefox.

So... how can such an important plugin bypass the centralization effect of a curated browser plugin store controlled by a single entity?

Manual installs

One approach is opting to turn on developer mode in the browser, downloading an extension manually, and trusting it through verification of hashes.

No matter the complexity or size of a package of software - from 30kb browser extensions to 30 gigabyte video games - anything can be hashed into a single string of letters and numbers. For example, see this tool and try inputting any amount of content. You'll notice the hash under the input field changing, but not its length. It doesn't matter how much content you put in, the hash is always completely different even if a single letter changes.

By downloading some software, hashing it, and then comparing it to a pre-approved hash usually issued by the developer, you can make sure that the software you're installing is actually the software issued by the developer and thus can be trusted.

Admittedly, this approach is complicated, error prone, and hard for non-technical people to follow, and automated versions of it imply a trust factor towards whatever is doing the automating, but this does help avoid the problem of installing a fake MetaMask.

Decentralized Browser App Store

A way to potentially mitigate the above issue with the technical approach is to have a decentralized app store from which people can install extensions.

These extensions would not be subject to central control because they could be hosted on a system like IPFS and therefore would be immune to being taken down. The trust factor could be resolved by different versions of the extensions having reputation points. The network could have validators who, in turn would have their own reputation points and these validators would vote on the extensions. The more reputation a validator has, the faster they can crash or raise an extension's reputation in turn and their reputation power could decrease and reset day by day like on Steemit to prevent brigading, paid voting, or other types of abuse. The reputation points could be stored in smart contracts, hence also being decentralized.

The biggest problem with this approach is the fact that Google is not only able but also highly likely to block installations from such stores in the interest of keeping their monopoly under the guise of user safety.

The second biggest problem is that in order to install custom extensions, you need an extension to facilitate that and that's a Catch 22. For example, see the extension TamperMonkey - it lets you inject custom JavaScript and CSS into specific websites, but needs to be installed from the main Chrome App Store. This "master extension" which facilitates installations of other users' scripts is therefore also subject to disapproval from Google.

Hybrid Model - A Dextension Ecosystem

Ideally, a browser should support decentralized extensions natively. Barring that, however, an acceptable compromise would be a MetaMask-like extension which uses the blockchain for input and output of information and IPFS for downloading other extensions.

Part one would be a suite of smart contracts. One contract would contain structs of data with the hash of the extension and its reputation score. One would have the validators and their individual reputations. Once a new version of an extension is published, a new entry is created in the smart contract with a blank reputation. Votes need to come in again for the new release to make it trusted. The releases in the contract would contain hashes to a release for each browser, making it a central store for all browsers, eliminating Google / Mozilla / Opera app silos.

Part two would be the IPFS storage of the extensions. Since items on IPFS are stored by the hash of the content, it is impossible to host something else in place of the originally intended content. Then, only the actual reputation of the hash of content is the potential attack vector. If a new version of an extension is compromised, the previous, highly-reputable release remains accessible.

Part three would be a web store homepage hosted on IPFS. A fully decentralized website - completely uncensorable. This would be a searchable catalog of these dextensions, connecting directly to the blockchain and bypassing any centrally controller server.

The missing part?

How do we get this into the browsers? We can make the landing page super-rich in instructions for manually installing them. We can even make a super-extension that's very fundamental and unlikely to change, like TamperMonkey, which then installs new extensions into itself (impractical, bloated). We can even make a desktop-based installer which would trigger manual installs of these custom extensions for the users, but all of this is incredibly impractical, technically limiting, and implies a trust factor towards this management software.

So how?

That's the million dollar decentralization question.

Maybe... a new browser?

More on that in another post.