search

minj / foxtrick

FoxTrick is a browser extension for the Hattrick online football manager game, currently available for Firefox, Google Chrome, as well as for Opera.
https://www.foxtrick.org
GNU General Public License v3.0
71 stars 49 forks source link

Foxtrick on Chrome tries to gain immoderate privileges #699

Closed minj closed 9 years ago

minj commented 9 years ago

Original issue 699 created by jgeorg on 2011-02-26T22:37:46.000Z:

Minutes ago a message popped up saying that Foxtrick tries to gain access to all my personal data on every website I have visited during the whole browsing history.

Attached is a screenshot of the message, although in Estonian.

Google Chrome 9.0.597.98 (74359) FoxTrick: 0.5.9.6088 (disabled)

minj commented 9 years ago

Comment #1 originally posted by ryanlimigrate on 2011-02-27T01:47:26.000Z:

Hello,

I just tried and it says this in English:

Your data on all websites Your browsing history

So let me explain this: 1) Your data on all websites: We used to only include hattrick.org and some domains like interia.pl which are Hattrick's partners. But it turns out that some people are navigating from some other sites like hattrick.uol.com.br. Some might even access from an online proxy. Therefore FoxTrick will now run on all pages that it thinks is a Hattrick page, regardless of its URL (location). Generally it's working and it won't do you any harm on other websites, no even read a single word.

2) FoxTrick doesn't try to access your browsing history, I think this is a defect of Chrome. I remember this message being displayed when installing an older version We declare what we want to access in the permission properties in manifest.json (http://code.google.com/p/foxtrick/source/browse/trunk/manifest.json), and as the code shows, we only want to access tabs and permissions. For explanation of the permissions, check here: http://code.google.com/chrome/extensions/manifest.html#permissions. tabs is essential to make Hattrick pages communicate with FoxTrick, and doesn't involve your personal data, notifications is used to pop up notifications like FoxtrickAlert and LiveAlert. We don't include the history permission there. As shown in the link above, we need to include the history permission to access your history data, but we didn't, as we don't need to.

I hope this explanation could solve your issue. FoxTrick is a free software with its source code available to everyone and I can say that it's very safe a product for your privacy. If you still have any concerns, just reply here. I'm marking this issue as invalid now.

Status: Invalid Cc: [ryan](mailto:ryan@ryanium.com)

minj commented 9 years ago

Comment #2 originally posted by ryanlimigrate on 2011-02-27T12:53:09.000Z:

I just found that the "browsing history" stuff has some explanations by Google here: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=186213

This item could look at your browsing history. This warning is often a by-product of an item needing to open new tabs or windows.

And yes, FoxTrick needs to open new tabs.

minj commented 9 years ago

Comment #3 originally posted by ryanlimigrate on 2011-02-27T13:23:22.000Z:

Well, I made a quick check and found that opening new tabs doesn't require the "tabs" permission to be granted, and I changed the manifest file. So Chrome won't tell you that FoxTrick attempts access your browsing history any more.