"Read and change all your data on all websites" on Chrome?

Question

"Read and change all your data on all websites" on Chrome?

krivard opened this issue 2 years ago · 3 comments

Hi, I went to install this for chrome and was confronted with the following:

I expected global read access, but global write seems unnecessary. What's going on there?

Answer 1 · 2023-04-24T15:00:26.000Z

Hi Katie

unfortunately this permission is the only level of granularity that browsers allow. I need this because I inject JavaScript into every page you’re on to try to find rel=me links. You can see the source code here https://github.com/tvler/streetpass/blob/main/extension/src/content-script.ts

technically there would be nothing stopping me from “writing” arbitrary html to the web pages you’re on, but as you can see this script is just reading. If you’re not comfortable with these permissions, I have instructions for how to run the extension from a local build so that you can be sure that the code getting executed is safe and secure.

Answer 2 · 2023-04-24T15:03:16.000Z

Also just to be clear, I don’t collect any data or analytics, and all data is stored locally with no way for me or anyone besides yourself to see

Answer 3 · 2023-04-24T17:27:52.000Z

oh that makes sense! Thanks for taking the time to explain 🙌