Little Rat - a browser extension for monitoring other extensions
Little Rat - a browser extension for monitoring other extensions
"Little Rat is an open-source extension designed for network traffic monitoring. Easily view, monitor, and block traffic from other Chrome extensions on a per-extension basis."
I use it myself and I think it's a very useful extension for everyone who uses more than just few extensions for different purposes and don't fully trust them that they send no data as the developer promises, this extension can monitor the network and act as a firewall per-extension basis.
Yes but it could just lie and hide it's own traces.
Portmaster is fine, but you won't be able to make a difference between requests made by an addon (and know which one) or by a website, abd there will be a lot, so it's not relevant here I think.
Isn't piling on browser extensions generally considered bad practice as it increases your attack surface (bad for security) and makes you more easy to fingerprint (bad for privacy)? This seems like a useful tool to use and then uninstall, but if you don't fully trust something then you shouldn't really be installing it at all!
Isn't piling on browser extensions generally considered bad practice as it increases your attack surface (bad for security) and makes you more easy to fingerprint (bad for privacy)?
I read this very often, but I'm not really sure if it's strictly true.
An addon only increases your attack surface if it processes data sent by the website, and it only makes you easier to fingerprint if it does something to the website or it's observable environment.
A few examples:
Simple Tab Groups does not change anything a website could see, and other than title and favicon does not really process other parts of the website
Bitwarden: might be affected on both fronts because of autofill, and it reads the webpage to see if it contains a login form (to offer to save your new password or new account)
disable page visibility api, disable console clear: I think these are invisible to the website
firefox multi account containers: only adds fearures to the browser
libredirect: unless redirection of embeds is enabled, should not be visible
generic QR code maker addon: does not do anything with the website. Does a context menu entry for selected text, but that shouldn't be visible by websites
redirect amp to html: invisible, redirection happens before loading the new page
tab session manager: same as STG above
new tab page addons
temporary containers
undo close tab
web archives
So my point is that there's a plenty of addons that don't need to do anything with the website itself to be useful, and even if it does something with it, it does not necessarily make you more fingerprintable.
That being said, it's also important to mention that an addon could do something you don't know about, so without asking others or yourself reading it's code (it's human readable, download the XPI file from the addon store and unzip it (it is a zip file actually)).
@smeg It seems like you miss the technical knowledge. Let me explain. Bad for security; this extension is so simply made there is basically nothing you could rly exploit and the only thing this extension is able to manage ur other extensions not more. Bad for privacy; it's not since not every extension can be fingerprinting, only extensions which modify or do things related to the site you access. Websites don't have by default access to the extensions you have installed.
Nothing is completely secure, I'd just rather not install an extension at all if I think it's dodgy rather than trust another third party to monitor it.
Websites don't have by default access to the extensions you have installed
This article implies otherwise, apparently there are multiple different ways to detect installed extensions.