this post was submitted on 04 Oct 2023
79 points (98.8% liked)

Firefox

20485 readers
21 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
golden_zealot@lemmy.ml
79
How to check that an add-on doesn't spy on you ? (sh.itjust.works)
submitted 2 years ago* (last edited 2 years ago) by loaExMachina@sh.itjust.works to c/firefox@lemmy.ml
15 comments fedilink hide all child comments
 

Many add-ons have somewhat spookiy authorisation requirements, such as "access all of your activity". In many cases this is justified by it's function, and of course there isn't any problem with it as long as we're sure all this data stays on your computer and isn't shared with any remote server. How are we sure of that tho? Is there an easy way to check for each add-on ?

you are viewing a single comment's thread
view the rest of the comments
[–] everett@lemmy.ml 12 points 2 years ago* (last edited 2 years ago) (1 children)

I think it's "access your data" permissions that are the ones to be wary of, due to the explanation here. Defending against this, I'm not really sure. Someone who knows more should chime in, but maybe a software firewall like Little Snitch/OpenSnitch that will let you approve/deny every connection. (This will probably get fatiguing fast.)

[–] MelodiousFunk@kbin.social 9 points 2 years ago (1 children)

As a longtime Little Snitch user, it's freakin exhausting.

[–] authed@lemmy.ml 3 points 2 years ago (1 children)

I thought little snitch worked per app and not for each connection one app makes

[–] MelodiousFunk@kbin.social 4 points 2 years ago (1 children)

You can make rules network-wide, per-app, or per-incident. The latter is useful for getting a handle on app behavior. Like if you see it contacting 'updates.somedev.com' weekly, you can choose to allow or disallow permanently based on how benign you think the app is. But more likely, anything trying to phone home has a dozen CDNs it's trying to hit rather than an easily identifiable URL. Block one, it tries to hit the other. Maybe today, maybe next week. It gets overwhelming (which IMO is a feature for the dev, not a bug).

[–] authed@lemmy.ml 1 points 2 years ago

Thats cool