Add-on Permission in detail
Hi, I am a bit of a panaroid person, so regarding to the permission: "access my data for all websites", does that means an add-on has the ability to make input in the background by itself? For example, whether an add-on is able to control my account on a website, changing the settings, password, and etc?
Modified
Chosen solution
Eddie said
Hi, I am a bit of a panaroid person, so regarding to the permission: "access my data for all websites", does that means an add-on has the ability to make input in the background by itself? For example, whether an add-on is able to control my account on a website, changing the settings, password, and etc?
In theory, it's possible, if you are logged in to the site and the site's forms can be manipulated by a script. Many sites have protections against scripts taking high-risk actions, or require additional verification for those actions.
If you want to browse critical sites without your extensions being active, you could use a private window for those sites and make sure the extensions do not have permission to run in private windows. See: Extensions in Private Browsing.
Read this answer in context 👍 1All Replies (3)
The developer explains the purpose behind each required permission here. https://github.com/gorhill/uBlock/wiki/Permissions
- Access your data on all web sites
- Since first version.
- - To be able to inspect all net requests so that they can be cancelled if needed.
- - Only on http- and https-based URL addresses.
Chosen Solution
Eddie said
Hi, I am a bit of a panaroid person, so regarding to the permission: "access my data for all websites", does that means an add-on has the ability to make input in the background by itself? For example, whether an add-on is able to control my account on a website, changing the settings, password, and etc?
In theory, it's possible, if you are logged in to the site and the site's forms can be manipulated by a script. Many sites have protections against scripts taking high-risk actions, or require additional verification for those actions.
If you want to browse critical sites without your extensions being active, you could use a private window for those sites and make sure the extensions do not have permission to run in private windows. See: Extensions in Private Browsing.
jscher2000 said
Eddie said
Hi, I am a bit of a panaroid person, so regarding to the permission: "access my data for all websites", does that means an add-on has the ability to make input in the background by itself? For example, whether an add-on is able to control my account on a website, changing the settings, password, and etc?In theory, it's possible, if you are logged in to the site and the site's forms can be manipulated by a script. Many sites have protections against scripts taking high-risk actions, or require additional verification for those actions.
If you want to browse critical sites without your extensions being active, you could use a private window for those sites and make sure the extensions do not have permission to run in private windows. See: Extensions in Private Browsing.
Got it, so if I want to be safe, I can turn off the extension when logging into my accounts, thanks!