The dumb thing is you could very easily demonstrate the “need” for sites to disable extensions by default by making a proof of concept extension that had normal behavior everywhere else, but was able to identify when it was on a bank site and jack your credentials. It’s not a lot of code and there’s a reason I’m pretty selective on what I install. It can definitely be done.
Just giving a vague “security” response makes it seem super sketchy.
The dumb thing is you could very easily demonstrate the “need” for sites to disable extensions by default by making a proof of concept extension that had normal behavior everywhere else, but was able to identify when it was on a bank site and jack your credentials. It’s not a lot of code and there’s a reason I’m pretty selective on what I install. It can definitely be done.
Just giving a vague “security” response makes it seem super sketchy.