this post was submitted on 27 Jul 2024
744 points (99.3% liked)

Technology

59438 readers
3397 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Very interesting article!

you are viewing a single comment's thread
view the rest of the comments
[–] kuberoot@discuss.tchncs.de 2 points 3 months ago (1 children)

I mean, couldn't an addon just read the password you put into a login field, or send in a request, and send it off to their servers?

[–] LainTrain@lemmy.dbzer0.com 3 points 3 months ago (1 children)

If an add-on is modifying contents of pages it shouldn't or of the clipboard when it shouldn't, you would have to give it explicit permission at install time, i.e. "This extension can: Read and Modify Data on all sites you visit: Read and Modify contents of the clipboard."

Obviously a simple URL redirector for wikipedia requesting access to this data is absurd and would be an immediate red flag. The reason this very thing doesn't happen more often, is because frankly you'd have to be so computer illiterate to get to that stage that it is much easier to just phish you with basic Facebook profile info for much greater gains.

This is also the reason most "hacks" nowadays are either supply-side or phishing, shit is just too secure, no fun. We should bring back ActiveX.

[–] Plopp@lemmy.world 2 points 3 months ago (1 children)

Obviously a simple URL redirector for wikipedia requesting access to this data is absurd and would be an immediate red flag.

To you, yes it should be. But it does require knowledge about how websites and browsers work that most people don't have. I'd be very surprised if 50% of people have any idea what those permissions actually do and what would be reasonable for different extensions to have.

[–] LainTrain@lemmy.dbzer0.com 2 points 3 months ago (1 children)

But installing few extensions doesn't protect against it if the few extensions you install have scope and permissions to do bad things. It's all worded in plain English, at some point you gotta just not use computers anymore if you can't read.

Even if it's good advice for nan checking emails on IE6 on windows vista, it really shouldn't be necessary for a Lemmy user.

[–] Plopp@lemmy.world 1 points 3 months ago

Of course having fewer extensions installed doesn't protect you from the ones that you have installed. But the fewer you have the smaller your attack surface is. And as a general tip, I think it's a good one, even on Lemmy. Because I'm not going to assume people's understanding of the web, browsers or permissions. And when it comes to the general population, a lack of understanding of an extension's permissions has very little to do with ones ability to read.