I recently switched to the browser Brave. While I've been using it sporadically for a few years now, my primary browser has always been Chrome.
However, Brave is clearly a much more secure & feature-rich version of Chrome, thus it makes no sense not to use it. (Especially as a crypto-enthusiast, eh?)
With that, it also came the time to install the extensions I had on Chrome, onto Brave. This also meant adopting security best practices, which includes scoping the potential reach for extensions.
Scoping Extensions? What?
As you might or might not know, every extensions has some kind of allowed scope by default that it is able to do.
For example, some extensions can read your browser history, some can change/read things on every site you visit. And while this is often important and required for extensions to function, it can also very easily get out of hand.
For example: does Steem Keychain need to be able to read anything on every site you visit and even edit the HTML on top of it, on sites that have nothing to do with Steem?
The answer is: no.
Even if the people who created this extension are trustworthy, the principle of least privilege is an important part of security, which means: only give scoped access, never global admin rights.
Hands-on: Make Your Browser More Secure
Okay. Now that we've got the theoretic stuff out of the way, let's get practical!
These instructions are for Brave & Chrome-based browser, but will most def. also work for others (Firefox, Safari, etc).
- 1.) Click on Settings (3 vertical lines top right of the browser) > More Tools > Extensions
- 2.) Choose an extension and click on details. I'll use Steem Keychain as an example.
- 3.) Scroll down until you see "Site access"
Now, there are two options you can choose. You can either select
On click, which means you will have to always click on the extension icon before you can use it.
Or, you can choose
On specific sites, which means you will be able to use it automatically on all sites in the list below and every other site, you will first have to click on the icon.
As you can see in the image above, I chose the 2nd option. With it, I'm able to use Steem Keychain on every website inside the list.
If I need to access it on another one site, I can do three things:
- 1.) Left-Click on it everytime I visit that page
- 2.) Right-Click on it and choose the option as seen in the image below. (This adds it to the list)
- 3.) Go back into Extensions settings and add it there
If you haven't done these steps already, I highly encourage you to do it.
It might not look like much, but security is an important topic and you should take it serious.
If you haven't installed Brave yet: https://brave.com
All the best,
Do you believe that my work is valuable for Steem? Then please vote for me as witness.