-
-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libredirect asking for more permissions #646
Comments
Hi @bheeshmpita I only got the message that the new extension requires the bookmarks permission (Firefox): Its because of this commit: b91ae8e After I accepted the new permissions I didnt see any options if I right click on a bookmark: But as far as I understood the commit, there should be. Maybe I should restart Firefox. You can always build the code yourself, if you dont trust the addon on the addon store enough: https://github.com/libredirect/libredirect#development |
Please can you make the new bookmark permission of version 2.5.3 to be requested only if we want to use that feature i think it is somehow be possible no? thanks |
Yes, I think that would be possible: Should work on all chromium and Firefox Desktop browsers, other clients (mobile, safari) doesnt support the bookmark permission at all: |
Does anyone know why does it need this bookmark permission? |
To have a context menu just like when you right click a link: #568 |
Not everybody likes extensions adding new context menu entries. So i think there should be an option to disable it, and then this permission wouldn't be needed. |
Will be focused on next release. |
@ManeraKai @IkelAtomig No, just no. I don't want an addon that is supposed to just redirects URL to have the permission to READ and MODIFY my bookmarks. The security implication of that is MASSIVE, you effectively have COMPLETE access to the bookmarks of ALL users. This is like the 5th time that the people behind Libredirect proves themselves to be HIGHLY unprofessional and borderline SHADY while ignoring EVERY single BASIC security practices. |
https://fosstodon.org/@libredirect/109976625888898306 - This is the reason to do so. The extension is Open source. We don't delete or add or alter the bookmarks. You could check the code yourself. It's only for the sake of redirecting bookmark links as the users wish. This isn't something we did intentionally. Rather fulfilling the request of a fellow user here : #568. It's my mistake that I didn't write about it in Release notes. Which was somehow missed out from my eyes. Apart from that we are trying to explain in the best way when users are asking questions. |
This is the part of the code where it does so, it's just doing it's job nothing else.
We're trying to just use the permissions that are needed for a feature, for example with clipboard, we just used the
We never said we are. Me and @IkelAtomig are just normal people who work in their free time on LibRedirect. We are not a "Commercial Company" or something. |
@ManeraKai Thanks for the clarification and your work. As a normal user who doesn't have much understanding how the code works it makes sense to give the bare minimum permissions to the service for its functioning, so that's the reasoning the issue was opened. |
There is more to the argument than that. There are also numerous ways a malicious 3rd party might try to sneak some malware into this extension or its entry on the addons site. A minimal permission list is a strong assurance that the damage that could be done in this case is limited. |
@samtygier A balance between User convenience and Security is sort of hard to balance. If you want to strict security. You need to lose convenience by not having certain features and vice versa. @bheeshmpita At a bare minimum, You need to enable Twitter and reddit redirection. If you want, no other features. You need to either modify code yourself or the best bet for you is Redirector extension. |
thanks @IkelAtomig for the help. |
Excuse me but is it possible to make this feature optional or browsers are not that flexible? |
@IkelAtomig tried to setup the extension, but failed. If you can help https://github.com/einaregilsson/Redirector/issues/343#issue-1618404359 |
@pm4rcin The feature isn't in the manifest.json but rather executed at runtime, so it's not hardcoded, meaning that it can be flexible. I'll try to figure it out. |
@bheeshmpita - I never used Redirector for the full potential or only of little use. If you need Regex Pattern for redirection. You could copy them from the source code or mail me. (Look for address in Profile) |
thanks for trying to figure out how to ask for it when we want to enable that feature, i saw an blog post today and it remembered me that once extensions get popular devs get multiple offers per year to sell their extensions to shady people who just want to siphon data and to do all kind of malicious activities, so for now it is safe but what if at one point the dev is offered few thousands to sell out and all bookmarks get siphoned (i do not mind the Access your data for all websites permission because i use the extension in a separate profile where i don't log in to sites so the only personal data in that profile is the bookmarks), it happen to many extensions |
This is a Community based project actually. But only 2 people maintaining as far as we can. Development might be stale. But we are sure, we won't sell. |
The web browser auto disabled the extension because the extension was updated and requires extra permissions to function,
How to check these permissions are safe to accept?
The text was updated successfully, but these errors were encountered: