![]() ![]() If you don't, there's absolutely no reason to be anymore worried.įrom what people are saying, the access to .uk is just to insert an affiliate code anytime you shop on the site, so definitely shady, but harmless to you if that's all that changed. And this is all assuming you even use the UK version of Amazon. With access to .uk, it can now do the same thing for that site, reading passwords as you type them in, see what you're shopping for, etc. An extension with permission for can in theory read whatever you're typing, mess with chat messages you send, read your password as you type it in, see how much Amouranth you watch, etc. Like all open source software, they just have to be checked by people that know what they're looking for to make sure they're safe.Īs with any extension, someone would have to comb through it to be sure there isn't anything nefarious, but if you already trusted it to not fuck with you on sites, you shouldn't be much more concerned with allowing it to see .uk sites. ![]() If this extension wanted to be malware, spyware, etc., it would have no problem doing so with the 600k+ people that have given it access to every Twitch site page they ever visit. You're literally agreeing to code injection just by installing it. Google does ask when you make an extension if you load code from elsewhere, and you have to explain why, but I don't know if that entails any extra review or closer inspection by Google.Įxtensions that send your data off to somewhere else for whatever reason (you don't know what they do with that information, but you can see what is being sent, so still just another layer of obfuscation that can be looked into with due diligence)Įxtensions are security risks, always have been, always will be. My measly little extensions sometimes take hours to approve, but I've had one approved in a matter of minutes with access to pages that make HTTPRequests, which could be sending YouTube users' data off to wherever I want. Maybe they have some heuristic that automatically finds suspect snippets to be inspected closely. There's no way it's all checked by humans. ![]() I don't even know what that review entails anyways. This code that is loaded from somewhere else isn't reviewed by Google, as is done with all extensions hosted on the webstore. If this extension hadn't changed its permissions, you wouldn't even have noticed it updated.Įxtensions that load additional javascript from some place online at runtime (which can also still be read locally, it's just another layer of obfuscation). ![]() Like checking and modifying anything you do on Twitch. People could have checked the original extension and been satisfied with its safety, but then it gets updated and can now do god knows what with all the permissions you agreed to when installing it. Posting an extension on github is just removing a trivial layer of obfuscation, assuming it's even the full code and the same code on the extension store.Įxtensions that get updated like this. In the case of this extension, the files would be in AppData\Local\Google\Chrome\User Data\Default\Extensions\kgeglempfkhalebjlogemlmeakondflc. (assuming it wasn't intentionally made to be difficult to read) You can just go to the extension stored locally in your files and read the code to your heart's content. JavaScript isn't like compiled languages where the source is human readable and then gets jumbled up into machine code executables. It could be the creator's doing, or as has happened before, someone buys the extension from the original creator and does whatever they want with it, which will of course be something like this update to make money.Īs for people saying that it is now closed source, it isn't. Please click here to read our rules in full detail before jumping into the subreddit. No moderators of this subreddit work for Twitch.įilter by Flair How does this work? Meta FlairsĪustinShow TrainwrecksTV How to exclude flairs Rules Below is a brief overview of our rules. Please read our rules here before joining in on the discussion. Welcome to /r/LivestreamFail: the place for almost anything livestream related. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |