New
#1
How secure are extensions in browsers?
I'm sure we all use a few (I know I do - BitDefender Traffic Light and Windows Defender Browser Protection), but given the recent news about Avast and AVG hoovering up and on-selling user data without permission, I want to start a discussion about whether, in order to make browsers more usable via extensions, we have no choice but to increase our attack surface exposure.
We know it's good practice to use as few extensions as possible, but even so, a single rogue extension (or a good extension that is hijacked or goes rogue) could make for a bad experience. We are often told to carefully examine the permissions required by extensions in order to use them, but lets be honest, almost every extension (depending on it's purpose) requires your permission to:
- View your browsing history
- Read and modify data you copy and paste (password managers for example)
- Read and change all your data on the websites you visit (adblockers for example)
Judging whether to install extensions based on the above is quite difficult.
So, how do we go about better evaluating whether to use a particular browser extension or not? Do you have any tips or tricks you can share about mitigating the risk?
How can we mitigate against browser AV extensions, that are supposed to provide some security, going rogue?
Given all the work going into browser development to make them more secure, and the ability to use more secure DNS (e.g. quad9), do we even need them?
Lets hear it.
WarningNOTE : the purpose of this thread is NOT to discuss or advocate for AdBlocking - this site is funded by adverts, which enables you to participate here for free. Discussions on adblocking is against the terms of use of this forum
Last edited by Golden; 04 Feb 2020 at 22:33.