Re: Toy extensions won't mess with their revenue stream.
"what red lines they're looking at"
Three simple things.
1, block all content that isn't approved (scripts, images over a certain size, pop-ups)
2, auto-delete all unapproved cookies after 120 seconds
3, completely block all requests to domains known to serve up nothing worthwhile (doubleclick, facebook, fbcdn...).
You wouldn't let a complete stranger into your home, to insert a USB key into your computer, to run the software of their choosing on your machine. So why the hell does everybody seem to think it's okay to do this "in a browser". If the script offers me benefit, then it (and it alone) can run. Otherwise, GTFO.