The fact that they were requesting https://*/* and http://*/* (i.e. full control over all your accounts) without it being absolutely necessary reflects terribly on them.
Still not clear why localhost (which can mean root access to the local machine since it may have localhost-only services that enable that) and cookies access is needed, also http://*.pushbullet.com is unnecessary since they should always use HTTPS.
If they had properly implemented the extension they may not have this problem now.
Nobody is against enforcing better behaviors from developers, the issue is that they are not telling anyone what those issues are. I don't know why you can always count on someone to defend a multi-billion corporation against small companies, is there no empathy left?
> I don't know why you can always count on someone to defend a multi-billion corporation against small companies, is there no empathy left?
I don't have empathy for companies, I (try to) have empathy for people. Small companies are made up of people. Large companies are made up of people. I try (and often fail, alas) to have empathy for the people in both cases.
Does Google send this message to random developers ([1]) and then look at the changes that developers make to get a list of things that developers apparently think are not so good?
Still not clear why localhost (which can mean root access to the local machine since it may have localhost-only services that enable that) and cookies access is needed, also http://*.pushbullet.com is unnecessary since they should always use HTTPS.
If they had properly implemented the extension they may not have this problem now.