I’m the owner of this Add-on, my name Geane and I would like to participate in this conversation please.
So to clear things up and to resolve this issue, let me explain please:
The fact that this Add-on has a lot of scripts loaded into it, is simply an architectural design, it has nothing to do with malicious acts or affecting performance.
One should be aware of the difference between a website and an Add-on -
Website - loading a lot of scripts that are not bundled together on a WEBSITE will create a performance hit due to the amount of the HTTP Requests the browser will have to make.
Add-on - upon installation, the user downloads the Add-on itself into his/hers computer and loading a lot of files will not affect performance as they are loaded from the local computer’s hard-drive which is very fast and unnoticeable.
In terms of design:
The Add-on’s code can easily be viewed, it has a lot of scripts, all broken into modules which makes design easier, more effective and less prone to bugs.
That’s how you usually should write programs, the only difference between a website and an Add-on, is that for a website, you should bundle all the files into one single file to improve performance (reason explained above), for an Add-on, there is no need.
Having said that, if Mozilla decides this is a performance issue, I will definitely create a new version that bundles all scripts into one file.
“Exchange messages with programs other than Firefox” - this is requested because this Add-on works with a native application, although, the user doesn’t have to install the application which makes this permission redundant.
“Input data to the clipboard” - this allows the user to copy the link into the clipboard if they wish to.
“Open files downloaded to your computer” - this was supposed to be used to open the native application once downloaded into the user’s computer, however, it is not used and will be removed - I accept the criticism here!
“Display notifications to you” - if the user installs the native application, every time it finishes its work, it notifies them - this makes a nice user experience.
“Access browser tabs” / “Access browser activity during navigation” - this helps detect relevant pages as they are loaded.
“Download files and read and modify the browser’s download history” - that’s the permission to download files.
“Access browsing history” - this is not used yet at the moment and is meant to clear a bit the download history when multiple files are downloaded. I might remove it.
“Access your data for all websites” - the big permission, the one that scares people - although this video downloader is specific for one website, the detection algorithm is complex and requires a few more domains as the videos are served from different locations as “jscher2000” pointed out (thanks jscher2000! :))
But most importantly, it is there because these domains are prone to change and have historically if I remember correctly.
It is impossible to anticipate ahead of time which domains will be needed for future detection.
This permission is used very responsibly to not affect all other irrelevant websites.
A lot of video downloaders such as this use this permission, it’s not uncommon.
Having said all that, I will look into narrowing the permissions a bit as I can understand they might look scary.
The Add-on breaking the browser:
Do you have relevant facts to this accusation ?
I have never received a single complaint about performance, well, except yours.
Regarding executing and opening files downloaded into your computer:
I will remove this permission as noted before, however, it’s currently not used at all.
You may look for “downloads.open” in the Add-on’s code, that line is commented and not used.
Also, it can only be invoked by a “user action” - and there are none currently.
You may read about it here -
Communication with a native application:
This is optional, the user may want more options that are not possible from the extension itself.
If the user doesn’t download/install the companion app, this permission becomes unusable.
A native app is common, “Video DownloadHelper” uses one.
I don’t know in which circumstances you claim your Anti-virus detected this Add-on as a virus.
When it comes to security, AMO’s platform/reviewers are responsible for handling any malware/malicious Add-ons and they have reviewed my Add-on a few times already.
Also, “WebExtensions” by design is very secure.
Regarding negative reviews:
These are most likely spam, Mozilla will investigate it.
They started last month.
It’s very easy to abuse AMO when it comes to reviews.
I hope that clears everything up.
Thanks for listening,