Secure Your Browser Extensions

in brave •  10 days ago 

I recently switched to the browser Brave. While I've been using it sporadically for a few years now, my primary browser has always been Chrome.


image.png


However, Brave is clearly a much more secure & feature-rich version of Chrome, thus it makes no sense not to use it. (Especially as a crypto-enthusiast, eh?)

With that, it also came the time to install the extensions I had on Chrome, onto Brave. This also meant adopting security best practices, which includes scoping the potential reach for extensions.

Scoping Extensions? What?

As you might or might not know, every extensions has some kind of allowed scope by default that it is able to do.

For example, some extensions can read your browser history, some can change/read things on every site you visit. And while this is often important and required for extensions to function, it can also very easily get out of hand.

For example: does Steem Keychain need to be able to read anything on every site you visit and even edit the HTML on top of it, on sites that have nothing to do with Steem?

The answer is: no.

Even if the people who created this extension are trustworthy, the principle of least privilege is an important part of security, which means: only give scoped access, never global admin rights.

Hands-on: Make Your Browser More Secure

Okay. Now that we've got the theoretic stuff out of the way, let's get practical!

These instructions are for Brave & Chrome-based browser, but will most def. also work for others (Firefox, Safari, etc).

  • 1.) Click on Settings (3 vertical lines top right of the browser) > More Tools > Extensions
  • 2.) Choose an extension and click on details. I'll use Steem Keychain as an example.
  • 3.) Scroll down until you see "Site access"

Now, there are two options you can choose. You can either select On click, which means you will have to always click on the extension icon before you can use it.

Or, you can choose On specific sites, which means you will be able to use it automatically on all sites in the list below and every other site, you will first have to click on the icon.

image.png

As you can see in the image above, I chose the 2nd option. With it, I'm able to use Steem Keychain on every website inside the list.

If I need to access it on another one site, I can do three things:

  • 1.) Left-Click on it everytime I visit that page
  • 2.) Right-Click on it and choose the option as seen in the image below. (This adds it to the list)

save.png

  • 3.) Go back into Extensions settings and add it there

If you haven't done these steps already, I highly encourage you to do it.

It might not look like much, but security is an important topic and you should take it serious.

If you haven't installed Brave yet: https://brave.com

All the best,
Wolf


Do you believe that my work is valuable for Steem? Then please vote for me as witness.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

I switched to Brave a while ago, it wasn’t until recent versions it was even possible. Pre-Chromium version wasn’t nearly as good

Extension permissions are tough because you don’t have the granularity your need.

For example my Chrome extension needs permissions to see all sites even though all it does is look at the url and applies a regex if it is one of any of the known front ends.

I switched over a while back and am really enjoying it, even made a bit of BAT along the way.

I've used Brave exclusively for the past couple years. With the refinements and features they've added since then, it's not just as good, it's superior to Chrome, IMO.

What I'd really like to see though is some competition for Google with a whole suit of products with one account. Librem is trying, and has come out with some interesting stuff, but right now, it's not really user friendly and lacks the polish it needs to get going. I'd like to see Brave or something on Steem really take a shot at it.

Best browser around. Add duck duck go as your search engine and you have one bad ass experience.

Thank you. I have been using Brave for several months now and never knew this. Earning BAT while you use it most definitely helps.

Wow, great lesson here. I've had issues with using brave especially as it slows down my PC. What's the way out?

Posted via Steemleo

I'm not entirely sure, but it shouldn't really slow down your PC. Keep in mind though, that these security steps can be made on nearly every browser AFAIK, so don't worry if you're not able to run Brave smoothly :)

Thanks though. I would consider re-installing the app or try it out on another PC

Posted via Steemleo

i enjoy using the brave browser because of its security features and also for the fact that i can earn money with it too..

Posted via Steemleo

Thank you @therealwolf this is a good way to secure us from potentially losing our money.

I have been using Brave browser for over 6 months now but I haven't thought about doing anything like this for my extensions. Thanks for the heads-up man.

By the way, you can enable brave rewards for all your websites and YouTube channel to get some additional income.

You are late to adopt the Brave browser but is a good option. ;)

You know the drill: never change a running system ;)

I use brave for the last year. Excellent experience so far!

I went to use it a while ago, but it said Brave wasn't available in Australia. Going to see if it works now and migrate into it over time.

It's most likely available

It is now. I have it installed and was able to use it.

I wish they will cooperate with other than Uphold wallet who will not ask for personal information my local bank never thought of asking, like sharing a selfie with them holding my ID so their system can be hacked or their db can be leaked somehow in time.

We're using crypto because it's more convenient, not because we want to do harm, that is mainly and by far large done using fiat currencies especially the dollar, and in billions of it.

I already earned some BAT through my site and couldn't withdraw it because I told Uphold in order for me to share this info with people I don't know online, who might end up hacked, leaked, or one of their board members sell it to the Saudis through a 3rd party while on a trip to India then issue a fake death certificate... We all saw that, I want tm to send me selfies of their board members carrying their IDs and copy of their trade license.. Imagine they blocked me!!

So back to Brave, I still have the browser and still experimenting with it, it has potential though, and after reading your post I might start moving things to it for the security reason only without the pay.

Posted using Partiko Android

Interesting, Firefox is my go to browser, and only have brave for my metamask wallet app

Thanks, just downloaded.
Don't understand how the earning something works though

Hi, @therealwolf!

You just got a 0.3% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.

Great advice! I'm using Brave for over a half year now.

Congratulations @therealwolf!
Your post was mentioned in the Steem Hit Parade in the following category:

  • Pending payout - Ranked 9 with $ 29,92

Chorme can save my credentials. Is Bravo can sync my credentials? If Bravo can save then I am also switch to Bravo.

using Brave here as well...
...feels quite good and gives some BAT on top.

Congratulations @therealwolf! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You distributed more than 41000 upvotes. Your next target is to reach 42000 upvotes.

You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

To support your work, I also upvoted your post!

Do not miss the last post from @steemitboard:

SteemitBoard Ranking update - A better rich list comparator
Vote for @Steemitboard as a witness to get one more award and increased upvotes!

I have been using Brave for quite over a year maybe and at first I came in for the sake of 'ads that respect your privacy' but later stayed due to the 'earn on ads your view' bait (not the best word thou). Thanks for sharing the above, should check my few extensions in some time.