Skip to main content
Information Security

Return to Question

http://meta.security.stackexchange.com/q/1325 ; Mentioned other browser extension galleries, because they are also mentioned in the accepted answer.
Source Link
edit approved Jun 28, 2013 at 11:33
Rob W
edit approved Jun 28, 2013 at 11:33
Rob W
  • 2.1k
  • 19
  • 21

Almost any browser addon/extension that I install on my Chrome or Firefox (be it Firebug, RESTClient, ...) warns me, saying:

It [the add-on] can:

  • Access your data on all website
  • Access your tabs and browsing activity

Now, practically speaking, I have no time (or the skill) to read through their source-code and verify absence of malware (such as one placed in by its original author).

Given this, can I safely assume these add-ons won't violate my privacy because they are coming from standard/well-known and thus implicitly trusted places, such as the Chrome Web Store, the Firefox add-on site, Opera's add-on site, Safari's extension gallery, or the EFF site.

Even an add-on like HTTPS Everywhere, which you install to maintain privacy and prevent MiTM attacks, warns similarly.

Is there any way to quickly tell what add-on to install and what not to, without having to read their source code?

Almost any browser addon/extension that I install on my Chrome or Firefox (be it Firebug, RESTClient, ...) warns me, saying:

It [the add-on] can:

  • Access your data on all website
  • Access your tabs and browsing activity

Now, practically speaking, I have no time (or the skill) to read through their source-code and verify absence of malware (such as one placed in by its original author).

Given this, can I safely assume these add-ons won't violate my privacy because they are coming from standard/well-known and thus implicitly trusted places, such as the Chrome Web Store, the Firefox add-on site, or the EFF site.

Even an add-on like HTTPS Everywhere, which you install to maintain privacy and prevent MiTM attacks, warns similarly.

Is there any way to quickly tell what add-on to install and what not to, without having to read their source code?

Almost any browser addon/extension that I install on my Chrome or Firefox (be it Firebug, RESTClient, ...) warns me, saying:

It [the add-on] can:

  • Access your data on all website
  • Access your tabs and browsing activity

Now, practically speaking, I have no time (or the skill) to read through their source-code and verify absence of malware (such as one placed in by its original author).

Given this, can I safely assume these add-ons won't violate my privacy because they are coming from standard/well-known and thus implicitly trusted places, such as the Chrome Web Store, the Firefox add-on site, Opera's add-on site, Safari's extension gallery, or the EFF site.

Even an add-on like HTTPS Everywhere, which you install to maintain privacy and prevent MiTM attacks, warns similarly.

Is there any way to quickly tell what add-on to install and what not to, without having to read their source code?

Tweeted twitter.com/#!/StackSecurity/status/349846911127257089
formatting, spelling, removed unnecessary capitalisation in the title, added some links
Source Link
TildalWave
TildalWave
  • 10.8k
  • 11
  • 48
  • 87

Are OFFICIALofficial browser addonsadd-ons really safe?

Almost any browser addon/extension that I install on my Chrome or Firefox (be it Firebug, RESTClient, ...) warns me, saying:

It [the addon] can: Access your data on all website Access your tabs and browsing activity

It [the add-on] can:

  • Access your data on all website
  • Access your tabs and browsing activity

Now, practically speaking, I have no time (or the skill) to read through their source-code and verify absence of malware (such as one placed in by its original author).

Given this, can safely I safely assume these addonsadd-ons won't violate my privacy because they are coming from standard/well-known and thus implicitly trusted places, such as the Chrome webstoreChrome Web Store, the Firefox addon siteFirefox add-on site, or the EFF siteEFF site.

Even an addonadd-on like 'HTTPS Everywhere'HTTPS Everywhere, which you install to maintain privacy and prevent MITMMiTM attacks, warns similarly.

Is there any way to quickly tell what addonadd-on to install and what not to, without having to read their source code?

Are OFFICIAL browser addons really safe?

Almost any browser addon/extension that I install on my Chrome or Firefox (be it Firebug, RESTClient, ...) warns me, saying:

It [the addon] can: Access your data on all website Access your tabs and browsing activity

Now, practically speaking, I have no time (or the skill) to read through their source-code and verify absence of malware (such as one placed in by its original author).

Given this, can safely I assume these addons won't violate my privacy because they are coming from standard/well-known and thus implicitly trusted places such as the Chrome webstore, the Firefox addon site, or the EFF site.

Even an addon like 'HTTPS Everywhere', which you install to maintain privacy and prevent MITM attacks, warns similarly.

Is there any way to quickly tell what addon to install and what not to, without having to read their source code?

Are official browser add-ons really safe?

Almost any browser addon/extension that I install on my Chrome or Firefox (be it Firebug, RESTClient, ...) warns me, saying:

It [the add-on] can:

  • Access your data on all website
  • Access your tabs and browsing activity

Now, practically speaking, I have no time (or the skill) to read through their source-code and verify absence of malware (such as one placed in by its original author).

Given this, can I safely assume these add-ons won't violate my privacy because they are coming from standard/well-known and thus implicitly trusted places, such as the Chrome Web Store, the Firefox add-on site, or the EFF site.

Even an add-on like HTTPS Everywhere, which you install to maintain privacy and prevent MiTM attacks, warns similarly.

Is there any way to quickly tell what add-on to install and what not to, without having to read their source code?

Source Link
Harry
Harry
  • 841
  • 9
  • 12

Are OFFICIAL browser addons really safe?

Almost any browser addon/extension that I install on my Chrome or Firefox (be it Firebug, RESTClient, ...) warns me, saying:

It [the addon] can: Access your data on all website Access your tabs and browsing activity

Now, practically speaking, I have no time (or the skill) to read through their source-code and verify absence of malware (such as one placed in by its original author).

Given this, can safely I assume these addons won't violate my privacy because they are coming from standard/well-known and thus implicitly trusted places such as the Chrome webstore, the Firefox addon site, or the EFF site.

Even an addon like 'HTTPS Everywhere', which you install to maintain privacy and prevent MITM attacks, warns similarly.

Is there any way to quickly tell what addon to install and what not to, without having to read their source code?