• elucubra@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    2
    ·
    7 months ago

    Why does it ask to access MY data in so many sites? According to Firefox, that includes passwords

    • DarkThoughts@fedia.io
      link
      fedilink
      arrow-up
      6
      ·
      7 months ago

      That’s not a correct interpretation of the permission:

      Access your data for sites in the “named” domain

      The extension could read the content of web pages you visit in the specified domain, as well as data you enter into those web pages, such as usernames and passwords.

      It requires permission to modify said domains to remove the paywall from their articles.

    • Fitzsimmons@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      4
      ·
      7 months ago

      These extensions work first by looking at the contents of the page you’re on to detect a paywall, and then make modifications to the page that remove the paywall. There’s no way for the browser-creators to guarantee that the extension isn’t also silently adding a hidden element that captures everything that you type into that website, in addition to the paywal removal, so they’re basically trying to warn you such a thing could happen.

      And that is a genuine risk from every extension in the addons store, but I would say that risk is potentially even higher with a piracy extension installed from a github relese. (Not this one in particular per se, which I have no opinion about, just in general.) If it makes you uncomfortable, a reasonable compromise could be to create a new browser profile for use only with this extension, or maybe even use a different browser entirely than your daily driver.