tophf
commented
6 years ago Permissions alone don't mean much. Even that article says so. And it's perfectly possible to write a permissionless extension that will easily trick users into installing malware or leaking their sensitive data.
Permissions for accessing data on all sites doesn't mean your private data is accessed. As you can see in, say, uBlock's wiki, those are necessary to simply be able to modify the page - for Tampermonkey it's to run your userscripts. The scripts can't run in an abstract space, they need to be injected into the web page and the only way to do it always produces an installation permission dialog like that.
Same for reading your browsing history - it's just the only way to know when to run your userscripts because there's no cross-browser API to register userscripts and be done about it. Firefox will add it in the future, though. Currently Tampermonkey needs to install a hook that's invoked on any navigation and then it runs applicable userscripts for this URL.
derjanb
[/edit]
You don't have to be worried. I created Tampermonkey first of all for me. My friends and colleagues are using it. That's why it's unlikely that I'll add something immoral. Furthermore I'm located in Germany where GDPR applies (not sure if you heard of it). GDPR is one of the most strict privacy protection laws.
snowman
inon-13
So recently it has come to light that Stylish has been recording every user's browsing histories and possibly using them for malicious means.
https://www.howtogeek.com/fyi/browser-extension-stylish-knows-what-porn-you-watch-and-all-of-your-web-history/
It's not really that big of a deal for me, since I don't really use Stylish anymore, and the only reason I did was rendered null with WebExtensions.
I do, however, use Tampermonkey actively, and for Tampermonkey to work it needs the same permissions Stylish does. I am here asking you if I should be worried about that.