Firefox

17794 readers

28 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago

MODERATORS

k_o_t@lemmy.ml

How to check that an add-on doesn't spy on you ? (sh.itjust.works)

submitted 1 year ago* (last edited 1 year ago) by loaExMachina@sh.itjust.works to c/firefox@lemmy.ml

16 comments fedilink hide all child comments

Many add-ons have somewhat spookiy authorisation requirements, such as "access all of your activity". In many cases this is justified by it's function, and of course there isn't any problem with it as long as we're sure all this data stays on your computer and isn't shared with any remote server. How are we sure of that tho? Is there an easy way to check for each add-on ?

you are viewing a single comment's thread
view the rest of the comments

[–] AProfessional@lemmy.world 15 points 1 year ago (1 children)

It just isn’t easy. You can read permissions and try to read the source, but it requires some expertise.

[–] cynber@lemmy.ca 4 points 1 year ago

For smaller extensions, you can start by looking at the manifest.json as this file is the entry point. You can see which part of the code needs access to 'everything' and go from there.

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json

For example, with Instance Assistant for Lemmy, you need to give access to all sites because it needs to run on any Lemmy site and that's not something you can hardcode in.