Secure Your Browser Extensions

I recently switched to the browser Brave. While I've been using it sporadically for a few years now, my primary browser has always been Chrome.


image.png


However, Brave is clearly a much more secure & feature-rich version of Chrome, thus it makes no sense not to use it. (Especially as a crypto-enthusiast, eh?)

With that, it also came the time to install the extensions I had on Chrome, onto Brave. This also meant adopting security best practices, which includes scoping the potential reach for extensions.

Scoping Extensions? What?

As you might or might not know, every extensions has some kind of allowed scope by default that it is able to do.

For example, some extensions can read your browser history, some can change/read things on every site you visit. And while this is often important and required for extensions to function, it can also very easily get out of hand.

For example: does Steem Keychain need to be able to read anything on every site you visit and even edit the HTML on top of it, on sites that have nothing to do with Steem?

The answer is: no.

Even if the people who created this extension are trustworthy, the principle of least privilege is an important part of security, which means: only give scoped access, never global admin rights.

Hands-on: Make Your Browser More Secure

Okay. Now that we've got the theoretic stuff out of the way, let's get practical!

These instructions are for Brave & Chrome-based browser, but will most def. also work for others (Firefox, Safari, etc).

  • 1.) Click on Settings (3 vertical lines top right of the browser) > More Tools > Extensions
  • 2.) Choose an extension and click on details. I'll use Steem Keychain as an example.
  • 3.) Scroll down until you see "Site access"

Now, there are two options you can choose. You can either select On click, which means you will have to always click on the extension icon before you can use it.

Or, you can choose On specific sites, which means you will be able to use it automatically on all sites in the list below and every other site, you will first have to click on the icon.

image.png

As you can see in the image above, I chose the 2nd option. With it, I'm able to use Steem Keychain on every website inside the list.

If I need to access it on another one site, I can do three things:

  • 1.) Left-Click on it everytime I visit that page
  • 2.) Right-Click on it and choose the option as seen in the image below. (This adds it to the list)

save.png

  • 3.) Go back into Extensions settings and add it there

If you haven't done these steps already, I highly encourage you to do it.

It might not look like much, but security is an important topic and you should take it serious.

If you haven't installed Brave yet: https://brave.com

All the best, Wolf


Do you believe that my work is valuable for Steem? Then please vote for me as witness.


Comments
Steemie currently dosen't allow you to make comments. If you want to write something, write it using another frontend (like Steemit)
Click there to view this post on Steemit.com
  • @church-of-god

    According to the Bible, In Matthew 17: 1-5, was Matthew in the mountain with Jesus?

    (Sorry for sending this comment. We are not looking for our self profit, our intentions is to preach the words of God in any means possible.) https://youtu.be/NjhaK5Z7Sm8 https://i.postimg.cc/SxmKZFY2/image.jpg Comment what you understand of our Youtube Video to receive our full votes. We have 30,000 #SteemPower. It's our little way to Thank you, our beloved friend.
    Check our Discord Chat Join our Official Community: https://beta.steemit.com/trending/hive-182074

  • @ranso

    i enjoy using the brave browser because of its security features and also for the fact that i can earn money with it too..

    Posted via Steemleo

  • @liondani

    I use brave for the last year. Excellent experience so far!

  • @cryptopie

    Thank you @therealwolf this is a good way to secure us from potentially losing our money.

  • @thegoliath

    I went to use it a while ago, but it said Brave wasn't available in Australia. Going to see if it works now and migrate into it over time.

  • @bala41288

    I have been using Brave browser for over 6 months now but I haven't thought about doing anything like this for my extensions. Thanks for the heads-up man.

    By the way, you can enable brave rewards for all your websites and YouTube channel to get some additional income.

  • @felander

    I switched over a while back and am really enjoying it, even made a bit of BAT along the way.

  • @themarkymark

    I switched to Brave a while ago, it wasn’t until recent versions it was even possible. Pre-Chromium version wasn’t nearly as good

    Extension permissions are tough because you don’t have the granularity your need.

    For example my Chrome extension needs permissions to see all sites even though all it does is look at the url and applies a regex if it is one of any of the known front ends.

  • @chesatochi

    You are late to adopt the Brave browser but is a good option. ;)

  • @cryptictruth

    Best browser around. Add duck duck go as your search engine and you have one bad ass experience.

  • @appalachain

    I've used Brave exclusively for the past couple years. With the refinements and features they've added since then, it's not just as good, it's superior to Chrome, IMO.

    What I'd really like to see though is some competition for Google with a whole suit of products with one account. Librem is trying, and has come out with some interesting stuff, but right now, it's not really user friendly and lacks the polish it needs to get going. I'd like to see Brave or something on Steem really take a shot at it.

  • @rberni

    Thank you. I have been using Brave for several months now and never knew this. Earning BAT while you use it most definitely helps.

  • @uyobong

    Wow, great lesson here. I've had issues with using brave especially as it slows down my PC. What's the way out?

    Posted via Steemleo

  • @tudors

    Thanks, just downloaded. Don't understand how the earning something works though

  • @donate50fortrees

    Great advice! I'm using Brave for over a half year now.

  • @brianoflondon

    Thanks for this.. shared on Twitter. https://twitter.com/brianoflondon/status/1226463215867092992?s=20

  • @nnippuzz

    Chorme can save my credentials. Is Bravo can sync my credentials? If Bravo can save then I am also switch to Bravo.

  • @coolsurfer

    using Brave here as well... ...feels quite good and gives some BAT on top.

  • @arabisouri

    I wish they will cooperate with other than Uphold wallet who will not ask for personal information my local bank never thought of asking, like sharing a selfie with them holding my ID so their system can be hacked or their db can be leaked somehow in time.

    We're using crypto because it's more convenient, not because we want to do harm, that is mainly and by far large done using fiat currencies especially the dollar, and in billions of it.

    I already earned some BAT through my site and couldn't withdraw it because I told Uphold in order for me to share this info with people I don't know online, who might end up hacked, leaked, or one of their board members sell it to the Saudis through a 3rd party while on a trip to India then issue a fake death certificate... We all saw that, I want tm to send me selfies of their board members carrying their IDs and copy of their trade license.. Imagine they blocked me!!

    So back to Brave, I still have the browser and still experimenting with it, it has potential though, and after reading your post I might start moving things to it for the security reason only without the pay.

    Posted using Partiko Android

  • @murathe

    I have been using Brave for quite over a year maybe and at first I came in for the sake of 'ads that respect your privacy' but later stayed due to the 'earn on ads your view' bait (not the best word thou). Thanks for sharing the above, should check my few extensions in some time.

  • @ctrpch

    Interesting, Firefox is my go to browser, and only have brave for my metamask wallet app