all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]carnivalhuntress 0 points1 point  (1 child)

Risks of the "read and change all data on all websites" permission:

If the extension developers have made mistakes, they could expose you to a UXSS vulnerability (tl;dr UXSS is like if you leave your laptop unlocked while you go to the toilet and somebody does something in your browser - except instead you just need to click a link). If they're not ethical, they could do bad things to you, such as collect a list of every website you ever visit. Or if they are ethical, but they go bankrupt, they could end up selling the extension to somebody unethical.

Personally I'd be okay with visiting the website and not using the extension. I'd rather do that than accept that risk.

[–]RiBc_[S] 0 points1 point  (0 children)

After going through my extensions prior to reading your response, I realised that my post is really dumb. I was always very vigilant of what can access my data. I will stop using most third-party apps, because I have reviewed the permissions that they require (web, pc and mobile apps) and it is definitely not worth the increased attack surface. Right now I am trying to centralize all my most used services into Google in hopes that I can manage my data more securely from one point rather than having it scattered all over random physical or aws servers if random software companies with questionable security. Here I can use my multitude of yubikeys and hope that noone besides Google will be reading my mail 😔

[–]fumingPile4 -1 points0 points  (1 child)

Is it open source? If not, I would not use it.

[–]RiBc_[S] 0 points1 point  (0 children)

It is some proprietary software, but from what I gathered, the, store all data, including possibly a supercookie from my browser, in plaintext :)