Chrome TTV LOL PRO v2 extension permissions.

younesaassila / ttv-lol-pro

TTV LOL PRO removes most livestream ads from Twitch. This is free, don't expect it to be perfect.

GNU General Public License v3.0

1.45k stars 29 forks source link

Chrome TTV LOL PRO v2 extension permissions. #189

Closed Divzed closed 1 year ago

Divzed commented 1 year ago

Is there reason why Chrome TTV LOL PRO v2 has permissions to "Read and change all your data on all websites"? It looks sketchy and basically allows extension to do anything what it wants on every visited website and is enabled all the time. Why?

Meanwhile FFZ extension for example is only allowed on twitch domain/subdomains and is disabled automatically on any other visited website & doesn't require permissions to "Read and change all your data on all websites". So can I get explanation, please?

younesaassila commented 1 year ago

This is caused by the chrome.proxy API the extension uses. As usual, Chrome always uses the worst sounding permission descriptions possible. If you check the PAC file at src/common/ts/updateProxySettings.ts, you'll see the extension only proxies Twitch related requests. Even then, because of HTTPS, the proxy server can only see the domain name. The traffic in itself is encrypted.