Is there a way to use browser extensions safely?
Any extension that looks interesting needs access to everything I see on the screen (and even modify it), which to me seems a huge security risk. My understanding is that random extension is able to read and send somewhere almost all my data when I read my email, do online banking, etc.
Do I understand correctly the situation?
>My understanding is that random extension is able to read and send somewhere almost all my data when I read my email, do online banking, etc.
Depends on the permissions requested by the extension but often yes. The permission "Can read all data on any webpage" means exactly that.
> Is there a way to use browser extensions safely?
Yes. Depending on your paranoia /security standards. Here's what you can do ( ordered by importance.)
1. Use more than one browser (but stay away from proprietary or less popular browsers) and/or use multiple profiles (both firefox and chrome has them)
2. Have separate profiles for banking, personal email, work and general browsing. (Also good for productivity)
3. Banking profile should have no extensions.
4. Use only mozilla-vetted 'recommended' and 'security reviewed' extensions in firefox for less important accounts. Check the permissions carefully and see if they're sane. I don't use extensions in chrome at all since google web store does no vetting at all beyond automated scanning. It's the wild west out there.
5. You can be less careful with general browsing profiles as long as you don't log into important accounts. Use firefox containers (this is more for privacy though than security)
6. If some addon is tempting but not reviewed - i try to review the code (if its small and readable enough). after vetting, i disable auto-updates. A greasemonkey script that does equivalent functionality is often preferable since the code is usually smaller and readable. Disable auto-update there too. Otherwise resist the temptation to install too many addons.
Chrome has controls to not allow an extension free reign on all sites despite it asking for them. Allow only on specified sites. it's not a default for some reason, but if the extension doesn't have access then it can't do anything, bad or good.
Of course it doesn't help that it's a finance site that disables paste for which I need an extension to reenable, but at least I'm not letting the rest of my extensions get at my banking web session.
So the current options are
1. don't use extensions - this limits comfort and productivity, and the entire purpose of extensions
2. use extensions but lose security (are you feeling lucky today? what about tomorrow?)
This seems so dumb.
Is this the best solution from google/mozilla/etc?
I am thinking that an option to disable all extensions on a particular site/tab could solve many issues, maybe even with default on for well known email and bank providers.
This would encourage ppl to install more extensions because they don't care what happens when they just read reddit.
Not really, I don't think. I hear a lot of people saying that you can inspect the source if you follow steps X, Y, and Z, but that's not a one time thing. Each time the extension is updated you have to do a full audit. You can install it independently to avoid updates, but then you run the risk of things breaking or falling behind (such as adblocker lists). Happy to learn from more experienced people that I'm wrong on this, but that's my current expectation from decades of using browsers and extensions.
For me, an extension can only require so much hands on effort before that effort outweighs the rewards of the extension. Years ago I had the Vimium plugin and loved it, but the provided functionality isn't worth the necessary audits. Not wanting to have to trust that it never sells out or gets hacked, I got rid of it. These days I just use a small handful of extensions (ublock origin, noscript, vuejs devtools) that I feel comfortable trusting and that make a significant impact on my browsing experience. I can manage without the rest.
- An addon like vimium shouldn't need too many updates so auditing and disabling auto-updates might be worth it.
- Firefox has 'recommended' addons. In addition some of the more popular addons are security vetted (Their addon pages doesn't come with the scary "not reviewed" warning. These can be reasonably assumed to be safe.
- Also read my other reply to gp.
> These days I just use a small handful of extensions
Same here. Resisting fomo and temptations for new shiny is the hardest part but still worthwhile imo
It's possible to extract the extensions source, save it locally, and then manually install it. That insulates you from the risk of a malicious update.
(You could also audit the extension for complete safety, but TBH I'm usually too lazy to do that, and I assume that the risk of an extension currently being malicious is far lower than the risk of an extension later being updated to become malicious)
You're free to use only extensions which are open source. So you can build them yourself, and also spot check changes in the code whenever there's a new upstream release.
That'd help, but a problem is they could still go closed-source and you wouldn't know - the store itself has no concept of open or closed source so it's not like you could check an "uninstall if it goes closed source" box. Maybe there's room for a browser extension that hosts other browser extensions but with a much better security model than what Google allows.
I think that'd be a great idea, an "FDroid for extensions": A store that serves exactly the code in the repo. Sadly I don't think Chrome/Firefox allow building this as an extension itself.
You don’t have to use the store to install and update the extension. You monitor the upstream GitHub release feed, and build and install the extension yourself on every update.
