X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

“Access your data for all websites” permission extensions can save the data on their server?

Veröffentlicht

An extension that has the “Access your data for all websites” permission, can transmit all the data from all websites visited on my browser to their server so to know what credit card I entered on a website or what type of porn do I watch?

How can I check and be sure that it transfer the data or not?

An extension that has the “Access your data for all websites” permission, can transmit all the data from all websites visited on my browser to their server so to know what credit card I entered on a website or what type of porn do I watch? How can I check and be sure that it transfer the data or not?
Zitieren

Mehr Details zum System

Anwendung

  • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Weitere Informationen

Wesley Branton
  • Top 10 Contributor
644 Lösungen 5245 Antworten
Veröffentlicht

Theoretically, yes. However, most extensions don't do that. They simply need that permission to be able to access certain data.

For example, I made an add-on that blocks websites. I have to include the "Access your data for all websites" permission in my add-on so that I can see what websites the user is loading so that it can be compared to a list of websites that they want to block. Most ad blockers need the same permission for that reason.

That said, sure, there could be some that are transferring data (personal or statistical) to their own servers for their own uses. Detecting that would typically require you to use some kind of network traffic inspection tool like Wireshark to monitor and view what traffic is going over your network.

A far simpler idea would be to avoid extensions that aren't widely trusted and review the privacy policies of add-ons before you install them.

Theoretically, yes. However, most extensions don't do that. They simply need that permission to be able to access certain data. For example, I made an add-on that blocks websites. I have to include the "Access your data for all websites" permission in my add-on so that I can see what websites the user is loading so that it can be compared to a list of websites that they want to block. Most ad blockers need the same permission for that reason. That said, sure, there could be some that are transferring data (personal or statistical) to their own servers for their own uses. Detecting that would typically require you to use some kind of network traffic inspection tool like Wireshark to monitor and view what traffic is going over your network. A far simpler idea would be to avoid extensions that aren't widely trusted and review the privacy policies of add-ons before you install them.
Hat Ihnen das weitergeholfen? 1
Zitieren
jscher2000
  • Top 10 Contributor
8793 Lösungen 71928 Antworten
Veröffentlicht

Hi cucurucu, developers who send data out of the browser are supposed to provide a Privacy Policy, which would be linked on the left side of the page on the Add-ons site or in the description. Of course, this assumes the developer is following the rules, so...

Hi cucurucu, developers who send data out of the browser are supposed to provide a Privacy Policy, which would be linked on the left side of the page on the Add-ons site or in the description. Of course, this assumes the developer is following the rules, so...
Hat Ihnen das weitergeholfen?
Zitieren

Fragesteller

Wesley Branton said

Theoretically, yes. However, most extensions don't do that. They simply need that permission to be able to access certain data. For example, I made an add-on that blocks websites. I have to include the "Access your data for all websites" permission in my add-on so that I can see what websites the user is loading so that it can be compared to a list of websites that they want to block. Most ad blockers need the same permission for that reason. That said, sure, there could be some that are transferring data (personal or statistical) to their own servers for their own uses. Detecting that would typically require you to use some kind of network traffic inspection tool like Wireshark to monitor and view what traffic is going over your network. A far simpler idea would be to avoid extensions that aren't widely trusted and review the privacy policies of add-ons before you install them.

It's not possible to implement a system which let the extensions access all the data on websites but to use that data only on the client-side on the local machine, restricting the possibility to send data out on external servers?

''Wesley Branton [[#answer-1260751|said]]'' <blockquote> Theoretically, yes. However, most extensions don't do that. They simply need that permission to be able to access certain data. For example, I made an add-on that blocks websites. I have to include the "Access your data for all websites" permission in my add-on so that I can see what websites the user is loading so that it can be compared to a list of websites that they want to block. Most ad blockers need the same permission for that reason. That said, sure, there could be some that are transferring data (personal or statistical) to their own servers for their own uses. Detecting that would typically require you to use some kind of network traffic inspection tool like Wireshark to monitor and view what traffic is going over your network. A far simpler idea would be to avoid extensions that aren't widely trusted and review the privacy policies of add-ons before you install them. </blockquote> It's not possible to implement a system which let the extensions access all the data on websites but to use that data only on the client-side on the local machine, restricting the possibility to send data out on external servers?
Hat Ihnen das weitergeholfen?
Zitieren
Wesley Branton
  • Top 10 Contributor
644 Lösungen 5245 Antworten
Veröffentlicht

Theoretically, you could. You would just need to know where the data is being sent to (via a network monitor) so that you can block it using a firewall or something. However, that could break some add-ons.

Theoretically, you could. You would just need to know where the data is being sent to (via a network monitor) so that you can block it using a firewall or something. However, that could break some add-ons.
Hat Ihnen das weitergeholfen?
Zitieren
jscher2000
  • Top 10 Contributor
8793 Lösungen 71928 Antworten
Veröffentlicht

cucurucu said

It's not possible to implement a system which let the extensions access all the data on websites but to use that data only on the client-side on the local machine, restricting the possibility to send data out on external servers?

Currently, if an extension has the ability to modify the page, it can inject HTML, CSS, and JavaScript code to do anything the site could do, including images requests, background data communication, and modifying links. I don't know whether there would be a way to restrict what can be done in the page to prevent all scenarios for exfiltration of data.

The Add-ons site uses screening tools that detect certain patterns associated with exfiltrating data, but software is only so smart, so often human review is necessary to catch bad extensions.

''cucurucu [[#answer-1261541|said]]'' <blockquote> It's not possible to implement a system which let the extensions access all the data on websites but to use that data only on the client-side on the local machine, restricting the possibility to send data out on external servers? </blockquote> Currently, if an extension has the ability to modify the page, it can inject HTML, CSS, and JavaScript code to do anything the site could do, including images requests, background data communication, and modifying links. I don't know whether there would be a way to restrict what can be done in the page to prevent all scenarios for exfiltration of data. The Add-ons site uses screening tools that detect certain patterns associated with exfiltrating data, but software is only so smart, so often human review is necessary to catch bad extensions.
Hat Ihnen das weitergeholfen?
Zitieren
Stellen Sie eine Frage

Sie müssen sich mit Ihrem Benutzerkonto anmelden, um auf Beiträge zu antworten. Bitte stellen Sie eine neue Frage, wenn Sie noch kein Benutzerkonto haben.