mgabdev
commented
5 years ago Hi @y4my4my4m the permissions can be viewed here: https://github.com/gab-ai-inc/gab-dissenter-extension/blob/master/config/manifest.js#L33 for content_scripts.
These "content scripts" are used to place custom "Dissent" buttons on sites (reddit, twitter, youtube). These scripts can be viewed within the src/scripts/content directory (https://github.com/gab-ai-inc/gab-dissenter-extension/tree/master/src/scripts/content).
There is no "reading" or "changing" of any data as you can infer from the scripts from within that directory. There is no "reading", "changing" or "modifying" of any data on any of those web pages. The only action we take on these listed web pages is injecting a "Dissent" button in these pages.
Additionally, if you wish to turn off this functionality. Using Chrome, please find the "Options" page for this extension by right-clicking on the extension's icon then selecting "Options. There, you can toggle on/off these scripts.
y4my4my4m
I had security concerns regarding the dissenter extension.
I've installed it and everything was fine, then Chrome updated and dissenter needed new permissions.
It needs to "Read and Change your data on youtube.com sites, all reddit.com sites, all twitter.com sites"
I understand sometimes in dev those things are necessary, but shouldn't dissenter be a read-only extension?
Why does it need permissions to modify my data?