Permissions are way too wide
t-nil opened this issue · 2 comments
When you install the add-on, it requests permission to 'view and edit data on any websites you visit'. I admit I have no experience in developing browser extensions, but could a developer atleast comment on why this extreme level of permissions was required. It kinda turns me off the whole thing.
I have posted a user-side half-fix on https://peakd.com/misc/@t-nil/permissions-of-chrome-hive-keychain-add-on .
Thank you for your time!
Sure, no problem!
To function, Hive Keychain needs to inject code into dApps so that these dApps can make requests back to Keychain.
That s what make it possible to login, vote, transfer etc. via Keychain.
Since new dApps are popping up all the time, we can't maintain a list of whitelisted dApps and are instead injecting this code in every page.
I was afraid of something like that. If I stumble upon a solution, I'll let you know.
Thank you for your time!