little-rat
under-new-management
little-rat | under-new-management | |
---|---|---|
8 | 2 | |
2,001 | 587 | |
- | 5.6% | |
6.9 | 7.9 | |
7 months ago | about 1 month ago | |
JavaScript | TypeScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
little-rat
-
Detect when your installed Chrome extensions have changed owners
Great idea! We need a lot more visibility into what extensions are doing. I made little-rat [1] last year, to detect network calls coming from other extensions. Love to see more tools like yours!
[1] https://github.com/dnakov/little-rat
-
Browser extensions spy on you, even if its developers don't
It says 1.0 in the extensions manager, but it was downloaded fresh this evening by clicking on the 'ZIP' link in your readme.md on here:
https://github.com/dnakov/little-rat/tree/main
-
uBlock Origin Lite now available on Firefox
2: https://github.com/dnakov/little-rat
-
Little Rat Chrome extension works Caught Midnight Lizard monitoring my browsing
I recently installed the Little Rat chrome extension, which I found here on HackerNews.
https://github.com/dnakov/little-rat
And what I found is that the Midnight Lizard chrome extension is monitoring my browsing-- sending home screenshots.
You can see examples here: https://ibb.co/JQvgt3p
Apparently my browsing data is being ingested by a company called "Mark Monitor Inc." (based on WhoIs search for the domain the data is sent to -- https://www.whois.com/whois/ytimg.com )
-
Show HN: Little Rat – Chrome extension monitors network calls of all extensions
Nifty - but please do this more carefully:
https://github.com/dnakov/little-rat/blob/main/popup.js#L36
I do not want to have to worry about whether another extension can inject xss into yours with a crafted request/id/name.
under-new-management
-
Detect when your installed Chrome extensions have changed owners
This is a cool idea!
However, I have a number of reservations:
1. Firstly, the JavaScript code in the release version of the extension is 12MiB. This is a lot of code, with much of it in a bundled form, making it very difficult (if not almost impossible) to verify them against the originals in the case of React, lodash, etc.
2. It seems like the code uses an external API[0] to find the current owners of the installed extensions. While I appreciate that this may be one of the only ways to do it (since I imagine Google themselves would not appreciate an extension programmatically accessing the Chrome Web Store to find new developers) - and as far as I can see from the published code, it doesn't send any identifying data beyond what a normal Web request does, hence why I'm not identifying the site by name here - I would still urge caution as it might still cause alarm to someone examining their Web traffic and seeing a suspicious domain name, as the sort of person who would be interested in this extension is probably also the sort of person who would do that.
[0] https://github.com/classvsoftware/under-new-management/blob/...
What are some alternatives?
uBOL-home - uBO Lite home (MV3)
webextensions - Charter and administrivia for the WebExtensions Community Group (WECG)
youtube-chapters-in-player - Web extension that shows YouTube chapters right in the player.
murder - Large scale server deploys using BitTorrent and the BitTornado library
uBlock-Safari - uBlock Origin - An efficient blocker for Chromium, Firefox, and Safari. Fast and lean.
hosts - 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
example-chrome-extension - Example Chrome Extension - open source examples for Chrome extension APIs
AdGuardSDNSFilter - AdGuard DNS filter
AdGuardHome - Network-wide ads & trackers blocking DNS server
hoverzoom - Google Chrome extension for zooming images on mouse hover
AdGuardDNS - Public DNS resolver that protects you from ad trackers
cname-trackers - This repository contains a list of popular CNAME trackers