this post was submitted on 24 Nov 2023
224 points (96.7% liked)

Firefox

17885 readers
46 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

This is a plugin I found recently and really enjoy. It gives you the opportunity to redirect several webpages to alternatives. For example Youtube to FreeTube or Piped. If I search for youtube in Firefox, FreeTube automatically opens and shows me my feed. I like it, I use it, I can recommend it.

you are viewing a single comment's thread
view the rest of the comments
[–] azdle@news.idlestate.org 26 points 11 months ago (3 children)

I keep thinking about installing this, but the required permissions seem a bit excessive:

This add-on needs to:

  • Input data to the clipboard
  • Access your data for all websites

Anyone know if the 'All Access' permission is really required for what this is doing? It just feels wrong. There isn't some sort of "Control Navigation for These Domains" that it could request for each enabled site or something is there?

[–] loobkoob@kbin.social 15 points 11 months ago (2 children)

"Access your data for all websites" is important because otherwise it doesn't know what domain you're on in the first place.

[–] Aatube@kbin.social 16 points 11 months ago (1 children)

Access browser tabs
Access browser activity during navigation

are enough to do that.

[–] ReversalHatchery@beehaw.org 2 points 11 months ago (1 children)

Maybe the devs don't know that. Could you open an issue on this?
Asking you because you may know more about these permissions than me.

I've been using the addon for some time, and while it's good now, there were some silly mistakes in the past. What I'm trying to say is that maybe they're just relatively a beginner, and it haven't yet occurred to them to revisit the permissions.

[–] Aatube@kbin.social 1 points 11 months ago

I went through the issues. Indeed what I said was all you need for redirecting from YouTube et al, but now it also checks every single libre instance you go to and goes to somewhere else if the instance is down.

[–] shaolin_shrimp@lemmy.ml 6 points 11 months ago (2 children)

Shouldn’t it just require access to i.e. YouTube.com and not a blanket everything? This is what other extensions do.

[–] ReversalHatchery@beehaw.org 4 points 11 months ago (1 children)

It can redirect a dozen other services too

[–] Aatube@kbin.social 3 points 11 months ago

Just add them to the list. They have to code separate rules anyway.

[–] UprisingVoltage@feddit.it 8 points 11 months ago (1 children)

It's open source, you can ask the author and other users about it too (if you can't read the code yourself)

[–] azdle@news.idlestate.org 9 points 11 months ago* (last edited 11 months ago) (3 children)

Oh, I'm confident(-ish) in my ability to review the code, but as I understand it I have no way to guarantee that the code that's on github is the code that AMO installs. Plus updates are automatic, so I have no way to ensure that something malicious won't be added anyway.

[–] Sheik@lemmy.world 5 points 11 months ago (1 children)

You can build it yourself from source then.

[–] azdle@news.idlestate.org 5 points 11 months ago (1 children)

You can only do that with Firefox Developer, can't you? And IIRC, they self uninstall after a week or something, don't they?

[–] Sheik@lemmy.world 2 points 11 months ago* (last edited 11 months ago)

You can either install it unsigned with Firefox Developer Edition and it will be permanent. Or you can sign it yourself (you don’t need to publish it on AMO): https://extensionworkshop.com/documentation/publish/signing-and-distribution-overview/ and it will work on regular Firefox.

[–] ReversalHatchery@beehaw.org 2 points 11 months ago

Addon files (.xpi files) are zip packages of the addons. They should contain the script files without obfuscation (I think this is an AMO policy), besides any resources and the addon manifest file.
The only thing that would be harder to inspect I think is webassembly files.

[–] UprisingVoltage@feddit.it 2 points 11 months ago

I think you can still build the extension package and upload it yourself

[–] netchami@sh.itjust.works -1 points 11 months ago

It's open-source so you don't need to worry