This add-on requests all permissions to everything, and there seems to be no official statement as to why

[rulatir]

I tried to install this add-on, and Thunderbird told me that the add-on basically requests all permissions to everything in Thunderbird and on my computer. Please explain why the required permissions are declared so broadly and where can I find a detailed statement with a convincing argument that nothing short of full access to everything would be sufficient for this add-on's operation. In a perfect world (i.e. if I designed the APIs ;) ), this add-on should be able to do its job with only these operations allowed:

• list messages in folder as (id, content_hash) pairs
• delete message by id

[eyalroz]

What you've seen is, essentially, an attempt to discourage you from using extensions.

You see, Thunderbird (and Firefox) are actually made up from a certain core written in C++, and "chrome" written in Javascript, with XUL or XHTML defining the user interface and CSS for styling. Some packages of chrome are bundled and are the core of the application (like the 3-pane window, the message composition window, or the address book), while most of them aren't - these are (regular) extensions. An extension chrome package is just like the application's chrome packages - it can do what they can do.

Unfortunately, a few years ago, Mozilla decided it didn't like this model, and that it wanted to copy Google's approach. In Chrome, extensions are second-class citizens which can only use limited and separate APIs. So, they first devised a "WebExtension API", which is naturally very limited; then they prevented the loading of regular extensions, and only allowed "WE API" to be loaded via a different mechanism (using Chrome-like manifests).

Now, for Firefox, that just killed most extensions, not all of them, and some key extensions could be ported, sometimes with limited functionality, to the WE APIs. But - for Thunderbird, that just meant essentially all extensions would be gone. So were offered a loophole, which allows loading regular extensions via an experimental extra "WebExtension API" which can load privileged chrome, overload app windows etc. - mostly like in the old days.

This is what my extension does, and this is what other key Thunderbird extensions do. The developers have added a few extra WebExtension APIs, enough to support some specific extensions going over. And now we're starting to see the loophole getting closed. First, you're getting a warning about it. Next, perhaps after extension use will decrease sufficiently, they'll just stop loading regular extensions altogether and users will be fully "protected".

[eyalroz]

Bottom line: Thunderbird has "permissions to everything", just like every application, and so do regular extensions like this one. If you don't trust the reviews of this extension on addons.thunderbird.net - please don't use it.