Browser Extension Security – Turn Off vs Uninstall

Discussion in 'other software & services' started by WinterKnight, May 6, 2018.

  1. WinterKnight

    WinterKnight Registered Member

    Joined:
    Oct 30, 2017
    Posts:
    70
    Location:
    USA
    Is turning off a browser extension just as secure as uninstalling it? I’m specifically thinking about ad blockers because they can read and change anything. As a result, I prefer to turn off my ad blocker when doing something sensitive like entering passwords. So, does off really mean completely off? Does it vary by browser?
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,789
    Location:
    Nicaragua
    If you are using Firefox, you could create a separate profile for sensitive browsing and dont install the adblocker in that profile. Do sensitive browsing using that profile in a fresh browsing session, closing the browser immediately after you finish. I use only one profile for all my browsing but I dont mix regular and sensitive browsing. Whenever I do sensitive browsing, I open a fresh browsing session of Firefox, go straight to the site where I am going to write password, etc, and immediately after I finish, I close the browser. I do it sandboxed so everything deletes and I trust 100% the 2 extensions I use. If I didn't completely trust an extension. I wouldn't use it.

    Bo
     
  3. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,588
    This.
     
  4. WinterKnight

    WinterKnight Registered Member

    Joined:
    Oct 30, 2017
    Posts:
    70
    Location:
    USA
    Thanks. I do trust the extensions that I use. But things happen. No software is perfect. That’s why I thought I would lock things down if possible. So, returning to my original question. Does off really mean completely off when an extension is disabled? Suppose, for the sake of discussion, that an extension was somehow compromised through no fault of the author, could it do something if it was turned off?
     
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,540
    it is!
    this is mandatory to work!
    rubbish when speaking about trusted solutions like uBlock (origin) Adblock Plus, Adguard and some more.
    the source code is open, extensions can be analysed.

    in fact you should watch about the current site where you enter your personal data.
    again: no!

    what you dont have in mind - web sites could be compromised, some ad+script blocker could prevent such abuse. either https or not.
    disabling a blocker is lowering security concerning bad content in no good way.

    if you disable blockers because site wont work - you'd better ask for a valid configuration.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Some extensions provide their own on/off switch and voluntarily stop performing their actions when asked to do so. That, obviously, couldn't be trusted in a rogue extension scenario.

    Some browsers provide their own mechanism to disable individual extensions that have been installed. Such a feature *should* fully, immediately, reliably, disable the extension so that none of its functionality will be operable until it is enabled again. Given that specific browser versions may have quirks or bugs, it would be wise to run some tests of your own. You could also review the related source code if you are up to it.

    Warnings. One, a proper "ad-blocker" is a security/privacy protection tool. Running without one installed and enabled, even for a brief period, can put you at risk. Two, temporarily disabling an extension during the password entry and submission phase *might* be of some benefit in a rogue extension scenario. However, there are likely to be a number of other ways/times such an extension could do you harm.

    Rather than assume you will encounter a harmful extension and try to reduce your exposure to that through temporary disabling or uninstalling, have you considered what you might do to reduce the chances of encountering such an extension in the first place?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.