My browser, the spy :: Do not trust browser extensions
by Volker Weber
DataSpii begins with browser extensions—available mostly for Chrome but in more limited cases for Firefox as well—that, by Google's account, had as many as 4.1 million users. These extensions collected the URLs, webpage titles, and in some cases the embedded hyperlinks of every page that the browser user visited. Most of these collected Web histories were then published by a fee-based service called Nacho Analytics, which markets itself as “God mode for the Internet” and uses the tag line “See Anyone’s Analytics Account.”
I have zero extensions in my browser. Why? Because they can read everything that I can see. And a whole lot more.
Comments
So you don't use an Ad-Blocker? And don't say Pi-hole :-)
Correct. I have zero plugins.
As there is a security management behind the extension system (at least of Firefox), there are many different rights extensions could have (see https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions). There are extensions that even have no specific rights and can simply "see" nothing.
But anyway, to aim for less (better no) extensions is always a great achievement.
I see your point, but honestly, wouldn't you even trust something like 1Password?
I do not use 1Password because it is a high value target.
Volker, so do you use a different password manager, instead of 1Password, or how do you keep track of your secure passwords?
A few dozen passwords in my brain, the important ones on paper. The rest I reset as necessary.