Concerns about browser extensions.

  • 1
  • Question
  • Updated 6 years ago
Hi there. Worried about your browser extensions in the latest versions of software. As far as I can tell they allow you to read what's on a webpage. Not just URL's. So theoretically you can read on the other side of SSL sessions. I.e. if I'm on my internet banking website you could theoretically read my credit card numbers, account balances etc.. Can you please provide some reassurance of what these extensions actually do and what security measures are in place. As far as I can tell they can be easily exploited.. I won't be updating from 2.4 until I know more.
Photo of Jason Huxley

Jason Huxley

  • 2 Posts
  • 0 Reply Likes

Posted 6 years ago

  • 1
Photo of Jake

Jake, Employee

  • 140 Posts
  • 11 Reply Likes
Hey Jason,
The purpose of the extension is to help determine how a URL has been accessed. You can read up on how and why we use these extensions in the following links.

Report Changes

Info about our extensions

What's the difference between Visited, Supporting, and Unconfirmed URLs?

I hope this addresses your concern adequately.
Photo of Jason Huxley

Jason Huxley

  • 2 Posts
  • 0 Reply Likes
Thanks for the information. It doesn't  really answer my questions. My main concern is what is Covenant Eyes doing to make sure that the data on that can be accessed by the extensions is not accessed. Is it encrypted? Does any of the page information (non URL) get sent back to your servers? How does that process happen? Is it encrypted. How's it stored on your servers. etc. and so forth. Is there anyone who can answer this specifically? Jason.
Photo of Patrick Smith

Patrick Smith, Alum

  • 147 Posts
  • 21 Reply Likes
Good morning, Jason. Good questions, because theoretically browser extensions can be used to grab all kinds of scary info. Our browser extensions for Chrome, Firefox, and IE are built in such a way that they're only capable of grabbing the URL--not a page's content. They capture the URL, match it to what the client sees in the comm stack, and then send them to our servers over an encrypted connection. To keep things more secure, every one of our extensions is digitally signed to ensure that the extension installed with the client is from us.

Subsequently, our spiders will crawl only publicly visible pages to scan and score content. E.g. facebook.com/fillintheblankwithcelebritysname not wellsfargo.com/jasonsonlinebanking. The first is publicly visible; the second is not. Our spiders crawl the first (after your browsing session is complete); not the second.

Does that cover it? What else are you wondering?
Patrick
(Edited)