Secure Your Browser Extensions
I recently switched to the browser Brave. While I've been using it sporadically for a few years now, my primary browser has always been Chrome.
However, Brave is clearly a much more secure & feature-rich version of Chrome, thus it makes no sense not to use it. (Especially as a crypto-enthusiast, eh?)
With that, it also came the time to install the extensions I had on Chrome, onto Brave. This also meant adopting security best practices, which includes scoping the potential reach for extensions.
Scoping Extensions? What?
As you might or might not know, every extensions has some kind of allowed scope by default that it is able to do.
For example, some extensions can read your browser history, some can change/read things on every site you visit. And while this is often important and required for extensions to function, it can also very easily get out of hand.
For example: does Steem Keychain need to be able to read anything on every site you visit and even edit the HTML on top of it, on sites that have nothing to do with Steem?
The answer is: no.
Even if the people who created this extension are trustworthy, the principle of least privilege is an important part of security, which means: only give scoped access, never global admin rights.
Hands-on: Make Your Browser More Secure
Okay. Now that we've got the theoretic stuff out of the way, let's get practical!
These instructions are for Brave & Chrome-based browser, but will most def. also work for others (Firefox, Safari, etc).
- 1.) Click on Settings (3 vertical lines top right of the browser) > More Tools > Extensions
- 2.) Choose an extension and click on details. I'll use Steem Keychain as an example.
- 3.) Scroll down until you see "Site access"
Now, there are two options you can choose. You can either select On click, which means you will have to always click on the extension icon before you can use it.
Or, you can choose On specific sites, which means you will be able to use it automatically on all sites in the list below and every other site, you will first have to click on the icon.
As you can see in the image above, I chose the 2nd option. With it, I'm able to use Steem Keychain on every website inside the list.
If I need to access it on another one site, I can do three things:
- 1.) Left-Click on it everytime I visit that page
- 2.) Right-Click on it and choose the option as seen in the image below. (This adds it to the list)
- 3.) Go back into Extensions settings and add it there
If you haven't done these steps already, I highly encourage you to do it.
It might not look like much, but security is an important topic and you should take it serious.
If you haven't installed Brave yet: https://brave.com
All the best,
Wolf
Do you believe that my work is valuable for Steem? Then please vote for me as witness.
I switched to Brave a while ago, it wasn’t until recent versions it was even possible. Pre-Chromium version wasn’t nearly as good
Extension permissions are tough because you don’t have the granularity your need.
For example my Chrome extension needs permissions to see all sites even though all it does is look at the url and applies a regex if it is one of any of the known front ends.
I switched over a while back and am really enjoying it, even made a bit of BAT along the way.
I've used Brave exclusively for the past couple years. With the refinements and features they've added since then, it's not just as good, it's superior to Chrome, IMO.
What I'd really like to see though is some competition for Google with a whole suit of products with one account. Librem is trying, and has come out with some interesting stuff, but right now, it's not really user friendly and lacks the polish it needs to get going. I'd like to see Brave or something on Steem really take a shot at it.
Best browser around. Add duck duck go as your search engine and you have one bad ass experience.
Thank you. I have been using Brave for several months now and never knew this. Earning BAT while you use it most definitely helps.
Wow, great lesson here. I've had issues with using brave especially as it slows down my PC. What's the way out?
Posted via Steemleo
I'm not entirely sure, but it shouldn't really slow down your PC. Keep in mind though, that these security steps can be made on nearly every browser AFAIK, so don't worry if you're not able to run Brave smoothly :)
Thanks though. I would consider re-installing the app or try it out on another PC
Posted via Steemleo
i enjoy using the brave browser because of its security features and also for the fact that i can earn money with it too..
Posted via Steemleo
Thank you @therealwolf this is a good way to secure us from potentially losing our money.
I have been using Brave browser for over 6 months now but I haven't thought about doing anything like this for my extensions. Thanks for the heads-up man.
By the way, you can enable brave rewards for all your websites and YouTube channel to get some additional income.
You are late to adopt the Brave browser but is a good option. ;)
You know the drill: never change a running system ;)