Thanks @steem-plus. I'm excited to try this extension. When I go to add it in the Chrome store, it requires permission to:
Read and change all your data on the websites you visit
This makes me a little nervous. Is it possible to reduce this permission footprint to only be able to access specific pre-specified websites, like https://steemit.com?
Also what protection is there from someone hijacking the codebase and installing malicious functionality, perhaps while you're asleep? I'm no security expert, but I just like to know that an extension will be safe before installing.
SteemPlus also has a few features working on busy and utopian so I could reduce to those three indeed. In the meantime, the whole code is opensource so you can see for yourself that no other website is accessed.
As for the security, we do not touch your keys and use Steemconnect. We don't even use a server , your settings are kept locally.
Don't hesitate if you have more questions
Thanks @steem-plus for the reply! I agree that the open source aspect is critical to security. While I haven't personally reviewed the code, I think it's unlikely that there's malicious code as it would hopefully quickly be discovered.
So I guess my question is really what prevents someone from compromising your deployment infrastructure and quickly uploading a maliciously modified version to the Chrome store? Would this potentially automatically "upgrade" browser users with the malicious extension?
For example, many websites have had mining software injected. Presumably, these websites did not intentionally add the mining javascript but were instead compromised. Do you think this is a risk for the SteemPlus extension that users should be conscious of?
To inject malicious code they would need access to my Chrome Store account which is protected by a quite long and random password that is only stored in my brain. Also you can install in developer mode to avoid automatic updates.