Check all Firefox extension permissions with Project Insight
Project Insight is a new extension for the Firefox web browser to check permissions of all extensions installed in the browser.
Mozilla Firefox displays permissions that an extension requests when you hit the install button; interested users may check the manifest file prior to doing so or find out about permissions on the add-ons page on the Mozilla website.
Firefox does not display the permissions in the add-ons manager, however. One option that Firefox users have to check permissions of installed extensions is to load about:debugging in the browser's address bar to list all installed and included extensions.
A click on Manifest URL next o an extension -- it is only available for user-installed add-ons -- displays the requested permissions of the add-on.
Project Insight
Project Insight improves the managing of extension permissions in several ways. The extension displays all installed extensions and the requested permissions when you click on its icon after installation.
Shows you what permissions your installed add-ons have and what domains they have permission to access.
Note that disabled extensions don't request permissions and that permissions are displayed only for user-installed extensions for Firefox and not system add-ons that Mozilla added.
Each installed extension is listed with its name and version. Extensions that come with their own option pages have that page linked to as well so that you can start configuring it right away.
Permissions are listed with icons and names, e.g. Context Menus, Tabs, or Web Requests. You can click on any of those to display short descriptions to better understand what permissions do. The descriptions are basic but sufficient to understand what each permission does.
You find URLs that extensions requested permissions for (and you allowed) listed there as well. If an extension requested permissions to access individual URLs, those are listed there; otherwise you find the wildcard *://* listed which includes permissions to access all URLs in the browser.
Closing Words
Project Insight is a useful extension for Firefox that lists all installed extensions, their permissions, and the URLs they may access, on a single page in the browser.
The extension could be improved in several meaningful ways. The author could link to resources that provide deeper explanations for individual permissions or highlight critical permissions such as permissions to access any URL or web requests, and even add filtering options to display all extensions that match certain criteria such as access to any URL.
Now You: Do you verify permissions and extensions before installing them?
The support link on AMO goes to this article. If the author comes here, please put your innovative project on a site like GitHub.
Perhaps I do something wrong, but the extension apparently doesn’t do what it should: the displayed permissions of an extension aren’t the same as specified on its Firefox Add-on page.
For example:
– for Project Insight on the Add-on page is written: “This add-on can:
Monitor extension usage and manage themes”,
but Project Insight shows:
” 🛂 Add-ons Management Permission to find, disable and uninstall your add-ons.”
– for Ghostery – Privacy Ad Blocker on the Add-on page: “This add-on can:
Access your data for all websites
Access browser tabs
Access browser activity during navigation”
but Project Insight shows:
“Web Navigation Permission to listen to high-level navigation events such as visiting a website.
📡 Web Requests Permission to listen to low-level navigation events such as loading images and CSS.
🚧 Web Requests Blocking Permission to block and redirect low-level navigation events.
🪠Cookies Permission to read and write to your cookies.
ðŸ—‚ï¸ Tabs Permission to get the URL and title of all your tabs.
📠Add-ons Storage Permission to read and write data to a storage area specific to this add-on.”
In the second example Project Insight doesn’t suggest anything comparable to the explanation of “Access your data for all websites” meaning on https://support.mozilla.org/en-US/kb/permission-request-messages-firefox-extensions:
“The extension can read the content of any web page you visit as well as data you enter into those web pages, such as usernames and passwords.
Extensions requesting this permission might:
Read product and price information from a page to help find you the best price on items you’re shopping for
Offer a password manager that reads and writes details of your username and password
Provide an ad blocker by reading the content of each web page you open to find and remove ad code”
Another strange thing is that Support Site link redirects to… this article.
Martin,
Your article is currently the top post on reddit.
@Tom Hawack
I couldn’t agree more
Hobbes:
Human Nature = Bad
Civilization = Good
Rousseau:
Human Nature = Good
Civilization = Bad
Sartre and Locke:
Human Nature: Tabula Rasa
Civilization: Relative
Despite one’s environment, there is the assumption of a free, self-authored mind which directs all activity. “Existence therefore precedes essence.” The pillars of society, then, such as Education, Religion, or Courts of Justice, may or may not contribute to the pure essence of good.
Back to the high school classic: “Lord of the Flies.” What enables Ralph to maintain his essential state of “goodness” when Jack and the other boys have all fallen victim to a chaotic, blood thirsty group. Freewill.
The irony, of course, is the Captain who finds Ralph on shore–behind him are the markings of Civilization, the same tools that Jack is using to hunt Ralph although in a modern context: missiles, bullets versus sharpened sticks and stones.
The de-evolution of the extensions found in FF and Chrome is what disappoints–many are thieving data, and many simply don’t work. No entity of developers is vetting the extensions except through mechanical means and through user input.
In an ideal extension network, all developers would acknowledge the “social contract” of the scheme and put forth the best interests of users first; developers would benefit from the use of their extensions and positive reviews along with potential income.
Even the need for an extension like Project Insight indicates a moral degradation of the once trusted system of extensions.
@jasray, I have the feeling of reading geometry with furthermore a questionable conclusion. The authors you mention are interesting and pertinent in the context of individuality and society, but there are many more philosophers and intellectuals whose works could be grabbed and summarized, even if summarizing with algebra frightens me a bit.
More importantly, in the process of argumentation there are two extremes, 1- navel-gazing, 2- academicism. But to choose I believe the former is preferable. Having one’s own arguments, words, seems to me essential provided one doesn’t build theories on the basis of his belly-button; proposing references is excellent academically speaking if those references illustrate one’s comment and aren’t used in place of them.
Finally, the main problem with intellectualism is that anything and its opposite may appear to have been demonstrated. It’s all in the rhetoric. There are so many intellectuals who hardly understand themselves and so many so-called philosophers who are but intellectuals they presume to surpass given the notoriety of philosophy but remain basically as far from philosophy (its dialectic) than cricket from golf.
Lastly, I’m still trying to find out what Mozilla has to do in your brilliant equations :=)
@b, when I write about mankind “fundamentally good” I do take into consideration what you express as “both good and not so good”. Of course gullibility is a danger and being aware is essential, cautious that is rather than suspicious. We have examples of the best, of the worst but my conviction is that the worst is always linked to a mistake : virtue, IMO, is as much an intelligence dimension than a moral one and mistakes never last forever even if they happen to endure.
I often mention Max Ehrmann’s ‘Desiderata’ (http://www.fleurdelis.com/desiderata.htm) because it seems so complete in the humanist registry (faith and religion are far too personal and I personally dislike proselytism). Hereafter an extract which maybe fits in our interval of virtue versus wisdom:
“Exercise caution in your business affairs,
for the world is full of trickery.
But let this not blind you to what virtue there is;
many persons strive for high ideals,
and everywhere life is full of heroism.
Be yourself. Especially do not feign affection.
Neither be cynical about love,
for in the face of all aridity and disenchantment,
it is as perennial as the grass.”
We can grab and participate to the best of mankind yet remain cautious as for its worst. It’s not always easy because a tightrope’s walker position is not the most comfortable : “the softness of the dove and the prudence of the snake” is maybe what it’s all about.
@Emily@Tom Hawack
mankind is both good and not so good. a lot caused by naivity as well. However; you always have the option to act politely but still look on society with guards on. I read this article a few hours ago about the british parliament:
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/07/findings-recommendations-and-actions-from-ico-investigation-into-data-analytics-in-political-campaigns/
Too bad Firefox is designed in a way that lets extensions be so opaque by default, including in terms of what kind of network access they can do. It seems that things have gone backward, too, since extensions can’t block other extensions’ network activities anymore. Firefox is far too opaque and convoluted.
It has been updated. The issues I pointed out above and on the addon page have been resolved.
Well one cannot change any permissions, just view it. But anyhow its nice to have a overlook.
You can always unzip the *.xpi yourself and look at the Manifest.
I do not always very the permission whenever I install Extensions, which is why I am interested in this, so that I can better regulate exactly what permissions I want the Extension to have access to
conspiracy enthusiasts are going to lose their minds over the WebExtension’s icon
A medical doctor characterized human competence as being Machiavellian, when comparing competent people with people who have Williams Syndrome. In fact, he used the word sociopathic. Given that we venerate people who exploit others drastically it’s a fitting analysis.
Many doctors as many scientists still believe that each and every component of matter and life may be fit into equations. I don’t subscribe to this point of view and to illustrate an antagonism I’d say that alchemy is maybe far more suitable for understanding life than chemistry is.
The thing about conspiracy theorists is that they’re more often right than Pollyannas. This is because business is a conspiracy to make profit. Law is a conspiracy to maintain elite privilege. The corporation is a conspiracy to do both. Welcome to life.
A big part of disinfo has always been to drown out rational voices of concern with hyperbole. So, the innumerable examples of conspiracy get whitewashed. Russian fake news on Facebook got more hits than the real thing. That’s an interesting example of conspiracy, like a nesting doll.
Welcome to capitalism, you mean.
… and religion people’s opium? I think we shouldn’t mistake institutions and the way they are interpreted by some of us whilst not by others. There has always been a trend for a better world challenged by a quest of individual profit to the detriment of our neighbors (profit otherwise is not an unhealthy quest IMO, when the deal is fair), in which case manipulation, disinformation of people together with biased interpretation of institutions to achieve the worst are the tools. Society is not a separate entity : we all contribute and compose it. Problems are not the fact of a paranoid defined society but the result of individual behaviors. Progress is on its way on the long term because mankind is fundamentally good.
Same here, “No API permissions”. Clicking on ‘Options’ opens a new tab, exactly identical …
If an image may illustrate better than words : http://funkyimg.com/i/2JrsB.jpg
I click the toolbar icon and all I see is “No API permissions”. I restarted FF and get the same result.
FF is up to date.
BTW, I reported the issue on the addon’s page. Another person has reported the same issue.