this post was submitted on 02 Sep 2023
47 points (84.1% liked)

Firefox

20333 readers
108 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
golden_zealot@lemmy.ml
47
Browser extensions spy on you, even if its developers don't (vitonsky.net)
submitted 2 years ago by vitonsky@programming.dev to c/firefox@lemmy.ml
5 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] vitonsky@programming.dev 11 points 2 years ago

You can see the code of extensions, but it may be minimized, so it hard to known what the code do.

Extensions with label "Recommended" are pass the manual review of Firefox moderators, so you can trust them more than addons with no this label. However you still should keep in mind that any extension developer may be victim of complex scam attack.

The most probable reason usually is a not enough funding the developers

  • Developer spend time on maintaining the project but users does not donate them
  • Scammers offer to developer some integrations that not looks too suspicious and allow them to earn some money
  • Developer agree offer and after some time scammers enables malware to hack extension users

To minimize the possibility of hijacking addons by scammers, we have to:

  • conduct background check before install extension
  • ensure the extension have github with open source code and developer are real person
  • ensure development are active and developer have high engineering skill, check them respond on feedback and issues
  • donate the developer if you like the product, to motivate them keep distance of scammers offers