{"id":8376,"date":"2018-02-01T11:10:21","date_gmt":"2018-02-01T19:10:21","guid":{"rendered":"http:\/\/blog.mozilla.org\/addons\/?p=8376"},"modified":"2018-02-14T12:52:11","modified_gmt":"2018-02-14T20:52:11","slug":"understanding-extension-permission-requests","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/","title":{"rendered":"Understanding Extension Permission Requests"},"content":{"rendered":"<p>An extension is software developed by a third party that modifies how you experience the web in Firefox. Since they work by tapping into the inner workings of Firefox, but are not built by Mozilla, it\u2019s good practice to <a href=\"https:\/\/support.mozilla.org\/kb\/permission-request-messages-explained\">understand the permissions<\/a> they ask for and <a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/tips-assessing-safety-extension\">how to make decisions<\/a> about what to install. While rare, a malicious extension can do things like steal your data or track your browsing across the web without you realizing it.<\/p>\n<p>We have been taking steps to reduce the risk of extensions, the most significant of which was moving to a WebExtensions architecture with the <a href=\"https:\/\/blog.mozilla.org\/blog\/2017\/11\/14\/introducing-firefox-quantum\/\">release<\/a> of Firefox 57 last fall. The new APIs limit an extension\u2019s ability to access certain parts of the browser and the information they process. We also have a variety of security measures in place, such as a <a href=\"https:\/\/wiki.mozilla.org\/Add-ons\/Reviewers\">review<\/a> process that is designed to make it difficult for malicious developers to publish extensions. Nevertheless, these systems cannot guarantee that extensions will be 100% safe.<\/p>\n<h2>Here\u2019s where you come in<\/h2>\n<p>We want to make it easier for you to make informed decisions about the extensions you install, by providing transparency about what individual extensions can do. Since transitioning to the WebExtensions API, we have been displaying a permissions message corresponding to the extension you are installing.<\/p>\n<p><a href=\"https:\/\/addons.mozilla.org\/firefox\/addon\/gesturefy\/\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-8378 size-full\" src=\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screenshot-2018-01-30-14.23.02.png\" alt=\"\" width=\"369\" height=\"282\" srcset=\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screenshot-2018-01-30-14.23.02.png 369w, https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screenshot-2018-01-30-14.23.02-252x193.png 252w\" sizes=\"(max-width: 369px) 100vw, 369px\" \/><\/a><\/p>\n<p>Extensions have always had access to this type of information, but by showing you what they are (and telling you <a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/permission-request-messages-firefox-extensions?redirectlocale=en-US&amp;redirectslug=permission-request-messages-explained\">what they mean<\/a>), we hope to help you become more savvy about choosing safe extensions.<\/p>\n<h2>How about the scary-sounding one?<\/h2>\n<p>There is one permission in particular, \u201cAccess your data for all websites\u201d, that we\u2019ve gotten many questions about since the feature launched. The reason why it\u2019s worded this way is because a web page can contain virtually anything, and some extensions need to read everything on it in order to perform an action based on what the page contains.<\/p>\n<p>For example, an ad blocker needs to read all web page content to identify and remove ad code. A password manager needs to detect and write to username and password fields. A shopping extension might need to read details of the products you&#8217;re searching for.<\/p>\n<p>Since these types of extensions wouldn\u2019t know whether any particular web page contains the bit it needs to modify until it\u2019s loaded, and neither does Firefox, it needs access to everything on a page so it can look for and modify the appropriate parts. This means that in theory, while rare, a malicious developer could tell you their extension does one thing while it actually does something else.<\/p>\n<h2>How do I stay safe?<\/h2>\n<p>While there is an element of risk to installing any third-party software, there are a few simple best practices you can follow to reduce it. Is the extension made by a reputable developer? Are the user ratings high? Are the permission requests consistent with the features of the extension?<\/p>\n<p>We\u2019ve compiled a short checklist of <a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/tips-assessing-safety-extension\">questions to consider<\/a> in our support forum. These best practices can help you evaluate any potential software you install, and feel safer and better informed wherever you are on the web.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An extension is software developed by a third party that modifies how you experience the web in Firefox. Since they work by tapping into the inner workings of Firefox, but &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/\">Read more<\/a><\/p>\n","protected":false},"author":377,"featured_media":8358,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[581],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding Extension Permission Requests - Mozilla Add-ons Community Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amy Tsay\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/\",\"url\":\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/\",\"name\":\"Understanding Extension Permission Requests - Mozilla Add-ons Community Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screen-Shot-2018-01-03-at-5.18.17-PM.png\",\"datePublished\":\"2018-02-01T19:10:21+00:00\",\"dateModified\":\"2018-02-14T20:52:11+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/becbc6e5c1f9ed8217c36233bc1a7bec\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screen-Shot-2018-01-03-at-5.18.17-PM.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screen-Shot-2018-01-03-at-5.18.17-PM.png\",\"width\":535,\"height\":552},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/addons\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Understanding Extension Permission Requests\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/addons\/\",\"name\":\"Mozilla Add-ons Community Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/addons\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/becbc6e5c1f9ed8217c36233bc1a7bec\",\"name\":\"Amy Tsay\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/db8d681801f2c6406fb3e53d48db2909?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/db8d681801f2c6406fb3e53d48db2909?s=96&d=mm&r=g\",\"caption\":\"Amy Tsay\"},\"description\":\"Lead for Firefox Add-ons at Mozilla.\",\"sameAs\":[\"https:\/\/x.com\/catchingamy\"],\"url\":\"https:\/\/blog.mozilla.org\/addons\/author\/atsaymozilla-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Understanding Extension Permission Requests - Mozilla Add-ons Community Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/","twitter_misc":{"Written by":"Amy Tsay","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/","url":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/","name":"Understanding Extension Permission Requests - Mozilla Add-ons Community Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/addons\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screen-Shot-2018-01-03-at-5.18.17-PM.png","datePublished":"2018-02-01T19:10:21+00:00","dateModified":"2018-02-14T20:52:11+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/becbc6e5c1f9ed8217c36233bc1a7bec"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#primaryimage","url":"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screen-Shot-2018-01-03-at-5.18.17-PM.png","contentUrl":"https:\/\/blog.mozilla.org\/addons\/files\/2018\/01\/Screen-Shot-2018-01-03-at-5.18.17-PM.png","width":535,"height":552},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/addons\/2018\/02\/01\/understanding-extension-permission-requests\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/addons\/"},{"@type":"ListItem","position":2,"name":"Understanding Extension Permission Requests"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/addons\/#website","url":"https:\/\/blog.mozilla.org\/addons\/","name":"Mozilla Add-ons Community Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/addons\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/becbc6e5c1f9ed8217c36233bc1a7bec","name":"Amy Tsay","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/addons\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/db8d681801f2c6406fb3e53d48db2909?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/db8d681801f2c6406fb3e53d48db2909?s=96&d=mm&r=g","caption":"Amy Tsay"},"description":"Lead for Firefox Add-ons at Mozilla.","sameAs":["https:\/\/x.com\/catchingamy"],"url":"https:\/\/blog.mozilla.org\/addons\/author\/atsaymozilla-com\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/posts\/8376"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/users\/377"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/comments?post=8376"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/posts\/8376\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/media\/8358"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/media?parent=8376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/categories?post=8376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/addons\/wp-json\/wp\/v2\/tags?post=8376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}