Communicating security concerns about plugins when installing

[GeckoEidechse]

Unlike Squirrel mods which are limited to SQVM, plugins have full userspace access (basically anything Northstar has access to, just like any binary).

As such, it's trivial to create a plugin that is essentially just a virus so one should use caution when installing plugins and only install them from trusted sources. At the same time, most other modding communities (BeatSaber, BoneLab, ...) do mods via DLLs by default and they seem to be handling everything just fine...

So how do we communicate caution to the player installing a plugin while also avoiding to completely cannibalise plugins?

[GeckoEidechse]

A general idea would be to have a warning pop-up when a mod contains a plugin and then offer the user the option to proceed or abort.

@EladNLG also suggested giving the pop-up an unskippable cooldown for 5 seconds or so before the buttons become clickable to avoid the situation of "the user just clicking next, next, next"

[0neGal]

@EladNLG also suggested giving the pop-up an unskippable cooldown for 5 seconds or so before the buttons become clickable to avoid the situation of "the user just clicking next, next, next"

To add to this suggestion, on top of the waiting 5 second, have the user be forced to scroll down a textbox explaining the unsecure nature of plugins. And only when scrolled down will the 5 seconds start counting down.

[GeckoEidechse]

To avoid alert fatigue I also suggested giving the user an option to set a plugin or plugin author set as "trusted" based on the Thunderstore mod string. User trusted plugins would still give a heads-up that the Thunderstore mod contains a plugin but it would be reduced and/or contain no forced timeout compared to "untrusted" ones.

The idea being that some modders may be considered trusted so we wouldn't wanna show the warning for them.

The set of trusted plugins/authors would be set entirely by the user.

[0neGal]

Hmm perhaps, but you'd have to make sure the user can't just click "Trust Author" too easily, whether you'd hide it away in a settings panel, or make the delay a little longer on that button, or have another "Are you truly sure about this???" kind of alert. And then no more after that.