đ After watching MegaLag's Video about the PayPal Honey browser extension, I had a wake-up call.
And as it turns out, this is exactly the motivation I needed to create something that solves this and empowers everyday users to take back control of their data privacy.
đĄ It was eye-openingâand infuriating.
As someone who cares about đĄď¸ user privacy and security, I couldnât ignore the risks that browser extensions like Honey can pose.
đ So, I built... Introducing: Extension Auditor
@ishangirdhar Just checked my Chrome extensions with it. Very interesting (and scary). The functionality of this tool should surely be built into browsers.
(I wonder if there is any ad blocker without critical permissions, would that be possible technically?)
But I didn't get the advanced interface shown in your video, is this hidden somewhere or only available for other browsers?
Also, I didn't see reports from a "Code Pattern Detection" or "Privacy Impact Assessment".
Suggestions:
* The duplications of the permissions in the details windows are a bit confusing, I'd suggest making separate tabs with permissions sorted by risk and sorted systematically
* A light color theme
And of course it would be great if it was open source (I mean nicely formatted and commented on GitHub or so).
@konrad_sx
Thanks for taking the time to try the extension and for all the feedback and suggestions.
Some of these have been fixed in the latest version, which is screenshots and videos showing.
The latest version, 0.0.0.3, is under review by the Google Chrome Web Store Team and will be published as soon as they approve it.
For others, I have taken note of and will ship them soon.
@konrad_sx Hi Conrad, Latest version 0.0.0.3 is approved and live on chrome store, if you update your extension, you should see the UI with Visual Insights.
Super useful to see all the extensions in one place and get rid of the ones I am not using anymore.
Saved me a good amount of time.
Not sure if it has context though. As I will definitely continue using my password manager etc.
Thank you @akash_kloudle for taking the time to try out our extension and sharing your feedback! đ
Youâve raised a great point about contextâlet me clarify how Extension Auditor works:
1ď¸âŁ Privacy-First Approach: The tool operates entirely offline and on-device, ensuring your data stays private.
2ď¸âŁ Risk Analysis Explained: The risk ratings are based on a static analysis of an extension's permissions and capabilities. This means:
High-risk doesnât equal maliciousâit highlights the potential for misuse if the extension is compromised, changes ownership, or becomes malicious. Taking a recent example for reference: https://www.cyberhaven.com/blog/...
Itâs a way to empower users to make informed decisions about their security.
3ď¸âŁ Best Practices: Regularly auditing your extensions and reviewing their permissions is essential, as extension behavior can change over time.
We recommend using your discretion and aligning decisions with your unique security needsâespecially for critical tools like password managers!
Thanks again for the valuable feedback and for giving Extension Auditor a spin. đ Let us know if you have more thoughts or suggestions!
App Finder
App Finder