this post was submitted on 04 Oct 2023
79 points (98.8% liked)

Firefox

17902 readers
54 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
[email protected]
79
How to check that an add-on doesn't spy on you ? (sh.itjust.works)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
16 comments fedilink hide all child comments
 

Many add-ons have somewhat spookiy authorisation requirements, such as "access all of your activity". In many cases this is justified by it's function, and of course there isn't any problem with it as long as we're sure all this data stays on your computer and isn't shared with any remote server. How are we sure of that tho? Is there an easy way to check for each add-on ?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (1 children)

I think it's "access your data" permissions that are the ones to be wary of, due to the explanation here. Defending against this, I'm not really sure. Someone who knows more should chime in, but maybe a software firewall like Little Snitch/OpenSnitch that will let you approve/deny every connection. (This will probably get fatiguing fast.)

[–] [email protected] 9 points 1 year ago (1 children)

As a longtime Little Snitch user, it's freakin exhausting.

[–] [email protected] 3 points 1 year ago (1 children)

I thought little snitch worked per app and not for each connection one app makes

[–] [email protected] 4 points 1 year ago (1 children)

You can make rules network-wide, per-app, or per-incident. The latter is useful for getting a handle on app behavior. Like if you see it contacting 'updates.somedev.com' weekly, you can choose to allow or disallow permanently based on how benign you think the app is. But more likely, anything trying to phone home has a dozen CDNs it's trying to hit rather than an easily identifiable URL. Block one, it tries to hit the other. Maybe today, maybe next week. It gets overwhelming (which IMO is a feature for the dev, not a bug).

[–] [email protected] 1 points 1 year ago

Thats cool