The event makes clear that browser makers apply minimal scrutiny to the extensions they host.

I think, it would be more useful to differentiate here: Mozilla does a lot fucking more than Google in this regard. Yes, in this case, they didn’t catch it either (with 3 years less time), but at least they’re trying to begin with.

Because for one, it is actually disallowed for extensions on addons.mozilla.org to make web requests that are not necessary for the add-on to function (e.g. telemetry, tracking, ads). And then they have automated scans to try to find violations, as well as actual human code reviews for their “Recommended” extensions.

On the Chrome Store, this sort of tracking is not disallowed. Google just removes these extensions to avoid bad PR after the scandal has been unveiled.
All the smaller extensions that won’t get media attention when someone finds malicious behaviour in them, those can just happily continue sending user data.

Something tells me the cumulative of extensions out there amounts to a frightening amount of privacy incursions. Extensions are like the current day Internet Explorer toolbar. Except with less notoriety for being trash.

there’s a foss alternative called ‘Stylus’