This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Permission "Access your data for all websites" - how can that be "safe"?

Go to solution
ddrinnan
Making moves

‎03-01-2024 11:46 PM

Hi,

I believe this is my first time ever posting here, so I apologize in advance if I make any errors (such as where to post this, how I present it, etc).

I was looking for a Firefox extension to help download videos, and am considering "Video DownloadHelper".  It appears to be very popular, and is "Recommended" by Mozilla.  The description of "Recommended" extensions includes the statement "They're examined from every angle to ensure they meet our strict policies, leaving no room for compromise".  And above that, is says that considering "Add-on Badges" (such as "Recommend") can be used "to protect your safety and privacy"

But the Video DownloadHelper says that it needs the "Access your data for all websites" permission.  And the description for that permission includes the statement that the extension "could read the content of any web page you visit, as well as data you enter into those web pages, such as usernames and passwords".... or presumably then - bank account numbers, Social Security numbers, investment information, thoughts on social issues, etc.

So - call me provincial (lol), but... how could an extension that has that type of ability ever be considered "safe", and/or "recommended"?

Even if the extension was thoroughly tested and things like that weren't happening 'yesterday', the extension would be ABLE to do it 'tomorrow' before anyone ever discovered that it was happening... if ever.

So, is anyone able to alleviate my concerns about that issue (or my interpretation of what I read)?

Thanks very much,

    -dave

1 ACCEPTED SOLUTION

Go to solution
jscher2000
Leader

‎03-03-2024 12:01 PM

Like any app you install on your computer, phone, or tablet, you need to decide whether you trust the author with the access allowed. Here's how Mozilla helps:

The Mozilla Add-ons site has two kinds of code review prior to making an add-on available for download. One is a manual code review by humans, and the other is a software-based algorithmic code review.

New extensions get both a software review and a manual review. Most updated versions get software review, subject to possible later manual review which I assume is rare. Updated versions of Recommended Extensions are always reviewed by a human, as are updates to certain popular extensions that have a very large number of users.

For more information on the Recommended badge, see the support article: Recommended Extensions program. More generally, there is this support article: Tips for assessing the safety of an extension.

 

View solution in original post

4 REPLIES 4

Go to solution
Mizar
Familiar face

‎03-02-2024 05:03 AM

Most plugins if not all need that permission.

Recommended plugins will use that permission in a non malicious way. Still, since this is the internet take that with a grain of salt. I'd recommend you read the reviews made by other users and then decide.

Go to solution
dmitche3
Making moves
In response to Mizar

‎03-02-2024 11:18 AM

Absolutely.  But if you are concerned with security, make sure that the extensions don't run in a private window.  I know. That sucks as everyone wants every tab to be private. I can't think of a single case where someone doesn't want the private window.  It's just plain stupid opening a "normal window" to me.

0 Kudos

Go to solution
jscher2000
Leader

‎03-03-2024 12:01 PM

Like any app you install on your computer, phone, or tablet, you need to decide whether you trust the author with the access allowed. Here's how Mozilla helps:

The Mozilla Add-ons site has two kinds of code review prior to making an add-on available for download. One is a manual code review by humans, and the other is a software-based algorithmic code review.

New extensions get both a software review and a manual review. Most updated versions get software review, subject to possible later manual review which I assume is rare. Updated versions of Recommended Extensions are always reviewed by a human, as are updates to certain popular extensions that have a very large number of users.

For more information on the Recommended badge, see the support article: Recommended Extensions program. More generally, there is this support article: Tips for assessing the safety of an extension.

 

Go to solution
ddrinnan
Making moves

‎03-03-2024 09:01 PM

Thank you ALL for your responses.  Each was helpful to me in its own way... especially yours, @jscher2000 .  I feel much less concerned now.

I know that 'everything' can't be re-explained 'everywhere', but given that privacy and security are such BIG issues, and the review process is *so* thorough, perhaps a few extra words could be added to reassure readers, under the explanation of what "Recommended" means/implies?  I'm not sure who to "recommend" that to... if you'll pardon the pun?

Thanks again,

    -dave

Copyright © 2024 Khoros, LLC