Running any software is inherently unsafe. It’s basically the computer equivalent of eating something given to by a stranger, and you just have to trust them that it’s good for you.

But we do it anyway, simply because we have to - not all of us are software devs with unlimited time on our hands.

It basically comes down to whether you trust the origin or not, as well as check the reviews/comments to gauge the reception of other users. If something fishy is going on, word spreads relatively fast.

Tip: While no means foolproof, if the software in question has a github repo, it adds a layer of trust, because that means anyone can review the source.

Even as a power user… You can’t.

And, in the 21st century, nothing on your computer is safe and private, least of all, browser extensions.

Even if an extension is safe today, with a tiny handful of notable exceptions, it will be”monetized”, or bought and sold to someone that will use it to install adware on your system, train their AI model, or steal your personal information.

There is no feasible defense to this for a layperson, other than absolute transparency in FOSS, and even that is under attack via flaws in the software supply chain.

The best a layperson can hope for is that major vendors care more about exclusivity and locking others out of their ecosystem, such that they are the only ones who have full control of your data (Apple, Google, Microsoft).

deleted by creator

Not much you can do other than researching the current consensus. And for the latter you can try to search discussions about its safety. Good query to start with is “is programname malware/spyware”.

Try virustotal.com. You can scan files and URLs.

Both practically and theoretically, it might be impossible. It basically comes down to trusting trust. https://www.youtube.com/watch?v=SJ7lOus1FzQ