dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
776
share rss forum feed


mouse
Premium
join:2007-03-29
australia

Chrome's security alert re extensions

I just started using chrome and noticed the security alert when using extensions. In this case Adblock - the alert states "AdBlock can access your data on all websites and access your tabs and browsing activity" - when looking into this further the definition for the first part is : This item can read every page that you visit -- your bank, your web email, your Facebook page, and so on. Often, this kind of item needs to see all pages so that it can perform a limited task such as looking for RSS feeds that you might want to subscribe to.

Caution: Besides seeing all your pages, this item could use your credentials (cookies) to request or modify your data from websites.

Thinking about it, it seems obvious to me that the site needs to read the pages if it should have chance to suppress any ads. However I am wondering how this works in FF as I don't remember a similar alert. Maybe FF does not provide any warning in this case?

OZO
Premium
join:2003-01-17
kudos:2
I guess that the latter could be the case...

You're right, that in order to block something it should be able to read/analyze all web pages you visit. So, it seems logical, that it asks for permission to do exactly that.
--
Keep it simple, it'll become complex by itself...


therube

join:2004-11-11
Randallstown, MD
reply to mouse
In Mozilla, an extension can do anything that the browser can do.
An extension is not limited in any manner, or sandboxed in any way.

Fickey
Terrorists target your backbone

join:2004-05-31
reply to mouse
I'm obviously not smart enough to know, but wouldn't SSL/HTTPS prevent an extension from accessing content?

OZO
Premium
join:2003-01-17
kudos:2

1 recommendation

SSL/HTTPS prevents content from snooping while it's transmitted between web server and browser. Extensions are working within browser and therefore see all content already rendered within it.
--
Keep it simple, it'll become complex by itself...


mouse
Premium
join:2007-03-29
australia
reply to mouse
I am still a bit baffled and unsure how to evaluate that threat. It sounds quite bad if some extension can follow me to my bank site and capture my passwords (if this is what they mean) - on the other hand adblock as an example is one of the most popular extensions in FF and Chrome - i would have expected this to be an issue in this case but apparently it is not.


norwegian
Premium
join:2005-02-15
Outback
I think this is like a proxy - it has to do some filtering in this behavior. While I understand what you are saying, you have 2 choices, use or do not use.
If there is an exploit of the add-ons or extensions here, then it theoretically wouldn't be much different to any other exploit.
Except of course the browser is the door to the world, where-as your localized photo-editing tool doesn't carry so much weight with it.

Good question though, who's vetting the extensions? As there has been a lot of controversy over plug-ins for other software of late, so concern here should be warranted. But as the the end user, there is that 50-50 option - use or don't use. It does really answer your question though I'm afraid.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:3

1 edit
reply to mouse
said by mouse:

I am still a bit baffled and unsure how to evaluate that threat.

Well as already noted an extension is just another part of the browser so it can access data.

That said many popular extensions, for FF anyway, are open-source so the chance of them being malicious is reduced (although not eliminated).

I guess it comes down to trust. I haven't heard of any major extension being malicious but you might not find out until its too late.

Reminds me of Sieur Clubin in Victor Hugo's Toilers of the Sea. He was considered extremely honest and trustworthy until the day he disappeared with all the loot.
--
Don't feed trolls--it only makes them grow!