-
Notifications
You must be signed in to change notification settings - Fork 905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explanation and justification for permissions requested by this extension #213
Comments
@ArhatEves it is indeed unfortunate that the extension requests such scary permissions. the reason for this is that it requires a content script to be run in the background of every open tab. the main functionality this provides is the ability to detect if the user is part way through editing a form. it also does a few other things like set the page scroll position on reload and capture a screenshot before suspending if you have that feature enabled. while this means in theory that it could read anything on the page, record keystrokes etc, you will have to trust me when I say that it does not. the extension is built from the source code of this project. if you would like to see exactly what the content script is doing, you can view the source for it here: https://github.com/deanoemcke/thegreatsuspender/blob/master/js/contentscript.js i believe that chrome relies on the webstore review process to allow the community to determine whether an extension can be trusted. they say this exact thing here: https://support.google.com/chrome_webstore/answer/186213?hl=en given the number of users this extension has, the open source nature of the code, and the lack of any negative reviews in this respect, i would say you can be fairly confident in trusting it. |
Hey, thank you so much for the explanation and links. My mind is at ease! Much appreciated. |
Can this extension be leveraged by a malicious actor to extract the user browsing information? |
The most obvious thing I can think of is that it stores the users tab session history in a local indexedDb database on the users filesystem. When you clear your browsing history, it will not clear this session history, although you can remove this manaully within the extension. There is a feature request to turn off this automatic saving of session history: #587 Other than that, chrome does a pretty thorough job of making sure the code of the extension itself is never compromised. You will receive an 'extension is corrupted' message if this ever happens. I am not a security expert however, so please don't take this as a definite answer. |
Just want to add some more information here about the "Read and change your browsing history" required permissions. |
This aged nicely 👍 |
Lmao yeah no kidding. I have regretfully removed it. Killed most of my tabs
too on its way out.
…On Fri, Feb 5, 2021 at 8:59 PM Nick ***@***.***> wrote:
This aged nicely 👍
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#213 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC2MPBXCZHCFU2IAJLBAMBLS5TEDNANCNFSM4BE5EIIQ>
.
|
sigh, been searching for a safe tab suspender plugin but this is kinda sus |
I recommend This one |
Hey all. I desperately need this, and it's so cool that it's on a GNU license, but it scares the crap out of me that it says it can read and change all your data on the websites you visit. Can someone please explain what that entails exactly? I'm hoping that it's not as bad as it sounds, because it sounds like a security/privacy nightmare.
The text was updated successfully, but these errors were encountered: