I know this is off topic, but how do people assess the risks of installing an extension like this?
The permissions allow "access your data for all websites" which includes reading passwords you type into fields.
This extension looks very useful, but in general I just don't know how to trust it.
Chrome and Firefox have a review team for their extension marketplace, though I believe there are instances of malicious extensions getting through anyway.
And while rather labor intensive, another path toward vetting is examining the source code. I haven't obfuscated it, and Googling for "view extension source code" has many results.
And for what it's worth, I can give an assurance that I'm not a bad actor.
I hit the same problem, however it does attempt to explain why it needs each persmission:
Download files and read and modify the browser’s download history — Required to export data.
Store unlimited amount of client-side data — Required to save sticky note data locally.
Access your data for all websites — Required to load sticky notes on any page.
For note taking I'd only ever use extensions with no permissions needed. "Tagged notes" is an example of a good, simple notes extensions for Firefox.
If I need sync, I'd prefer not to rely on the extension for that. Why would I pay for my own cloud service AND a separate payment for random apps that use their own sync? Most people have their own online storage, and should always be the number 1 way to backup things like personal notes.
If it is a well known extension i will trust it, but often i find myself to extract the extension and Look at the "source code" if it is not open source.
