Nope has some unsettling webpage permissions #24
Comments
|
I was going to post that very issue, but it doesn't only apply to Sierra. I just installed Nope and was VERY CONCERNED when I saw its ability to read confidential data.
As I was looking at the options, I thought maybe the Mega Nope box was for sites I wanted to block Nope from spying on, but unfortunately that isn't the case. Looks to me like Nope should come bundled with another extension that blocks Nope from transmitting personal data while Nope is preventing trackers from gathering personal data. I expect proxy filters like GlimmerBlocker to convey some data, but there's no indication in the Apple Extension Gallery, the Nope download page or even here on GitHub that this extension is anything more than a local blocker. If user data ends up on the dev's server, there's little defense against hackers getting it. OS X 10.11.6 |
|
Thank you for bringing this up. I will look into removing whatever permissions are not needed, but if someone gets to that before me and opens a PR I'd highly appreciate it. |
|
Any news on this? |
|
I can't give any ETAs because I am hardly working on Nope. The permissions are used for the toolbar button and the code was written before Apple updated the SDK and introduced the new APIs. |
In macOS Sierra on Safari 10, Nope has much more access to webpages than other content blockers, and it's a little unsettling. Here is what Safari says that this extension has permission to do:
This is a lot more than other content blockers, and it's very scary that it can possibly read my passwords and credit card info. In fact it is the only one on my computer with such permissions. Other extensions have no permissions to modify webpages, see Ka-Block! here:
Can the permissions be lowered to the same standard as all the others? I'm assuming Nope works the same way as the rest of them
The text was updated successfully, but these errors were encountered: