I wish browser extensions had more fine-grained permissions but it's a tricky problem verifying if software is using permissions maliciously (see the Obfuscated C Code Contest and the Underhand C Contest) and how to communicate nuanced permissions to users (most users don't read and/or understand tech stuff, and can be easily mislead).

A tip in Chrome that I never see mentioned if you want to be extra safe when trying extensions:

- Go to Profiles > Add profile > Continue without account

- Install any extensions you feel like in this profile and they're completely isolated from the tabs logins, history, cookies and so on in your regular profile. Similarly, you can run Chrome Beta or Chrome Canary for installing extensions into, alongside regular Chrome.

E.g. you can install 10s of potentially risky web development extensions into this profile (they usually need a lot of access to do what they need to do), and keep them sandboxed away from the profile where you do your personal banking or login to work websites.

It's not practical for every extension, but I do this for my web development stuff and only use a couple of extensions for personal stuff.

I sell a browser extension where the permission I really want to ask for is "can only observe the network traffic it sends/receives in its own tabs" but I'm lumped with having to ask for the "read and write all your data" permission, but I make sure to share the above tip in the description (shameless plug: https://chromewebstore.google.com/detail/checkbot-seo-web-sp...).

Small bit of feedback on your post, you use the same screenshot when referencing how Honey's execs used to respond to customer feedback. Based on reading the post I think you intended two different screenshots.