alt Hacker NewsIt's a nice idea, but I have mostly stopped using/installing any software that is not open-source a long time ago. So, please open-source it, especially if you want users to truly trust it.
Even then, I would recommend anyone to install (small to mid) browser extensions by cloning and inspecting the source and just then loading it yourself - if you don't know: any browser extension can read input/password fields across all site(s) you gave it access to (yeah, it's crazy but unfortunately true).
Replies
Author here. This is a good callout, there are a few reasons why it's a plugin and not open source (yet).
First is that I didn't want to make a plugin in the first place, I wanted to make a bookmarklet, but HN's CSP policy was too strict. So that was a bummer.
Second is that I have very mixed feelings about open source these days, and so open-sourcing feels less and less like the sensible default state. One of the sibling comments here discovered the alltrust.json and vibecoded around it, which is really a case in point about why open sourcing feels like I'd be leaving myself "open" to be domineered (not just by users, but by bots and companies as well).
Third is that the system/plugin is partly LLM-assisted itself (even though the code is minuscule), and I'm self conscious of being a slop-slinger. Or at least, pushing up repos with LLM code just feels, idk... lazy and asymmetrical (despite this plugin having clear utility, which I think it does).
But it's completely fair to say "oh look, a plugin about trust that's closed source, how hypocritical." I get that. If there's enough interest I'll open source it, sure.
Wow "trust as in trust me bro", thanks for the heads-up. Only Y Combinator is allowed that level of access to HN karma metadata right now; what a gold mine.
This could become/converted to a userscript making it easy to inspect and more cross compatible. It's very easy these days.