26
  • The Orion FAQ claims that other browsers offer only an illusion of privacy, but Orion itself (alongside Firefox, Chrome, Brave, so on...) offer no tangible protection against rogue/malicious extensions.
    • Widely used and trusted (at the time) extensions have gone rogue before, Stylish for example, started data collecting for every page accessed, to then sell that data to advertisers and "public data" collectors. Others like Nano Defender, used the data for themselves to hijack logins.

Read "Why Johnny can't tell if he is compromised" by Thomas Dullien, the points it makes gets across quick and easy; this is the rationale these suggestions revolve around. The underlying purpose of these suggestions: to lessen the issue of an inherent lack of trust within extensions, by shifting some of the trust to the user of the Orion browser.

The suggestions:

  • 1. The permission system for extensions
    • Prompting the same way macOS does for sensitive permissions is likely easiest for users, beyond that I don't know what to suggest.
  • 2. Have a rogue extension blacklist as a supplement to the extension permission system; all extensions must be verified by this in order to install, with the option to override this being intentionally cumbersome (macOS's Gatekeeper does this for unknown Applications). By cumbersome, I'm thinking of replicating how macOS has you open Security & Privacy to allow a system extension; Orion would tell you where this is, maybe even open to it.
    • If an internet connection cannot be established to verify the extension signatures, Orion would state this situation and not allow installation of that extension.
    • Idea being to not entirely trust Orion's extension permission system, as it being bypassed is a possibility.
    • This also prevents some user error that the less tech literate would be susceptible to committing, given they attempt installing a blacklisted (rogue) extension.
  • 3. Provide the tools to tell if an extension is rogue.
    • Log as much as possible that's important, with each event timestamped. Domains and IPs (alongside ASNs if it helps) would be a good start, as that's what I've seen rogue extensions require (when they actually don't need this). Hopefully the logging can also catch a rogue extension escaping to the internet through hijacking a different installed extension.
    • This should be an easy to learn (and use) feature by default, but not restricted enough to be security theatre.
  • Vlad replied to this.

    Some of these features are already done when you first install an extension.

      6 days later

      nermur

      The Orion FAQ claims that other browsers offer only an illusion of privacy, but Orion itself (alongside Firefox, Chrome, Brave, so on...)

      Hmm that sounds pretty aggressive, where does the FAQ claim that?

      offer no tangible protection against rogue/malicious extensions.

      Orion actually allows you to sandbox extension to certain sites only, and have extension permissions on a per-site setting. This is a very powerful security feature that both Chrome and Firefox lack.

      Would appreciate everyone else upvoting this chiming in.

          Point number 1 is kinda implemented, as you are prompted when you first install an extension.

          Point 2 is nice to have, but very difficult in reality. It would be pretty much unable to monitor every single extension, and self-made extensions, or extensions installed from files would automatically be exempt.

          Point 3 is definitely a feature that should be added, as logging what an extension is doing makes sure that the user can know exactly what data is collected and where its being sent to.

            So logging means log of requests that an extension is making.

            I can see us easily making it an option for extension icon ("View Security Log") which would show timestampped log of extension made requests.

            This would be indeed very powerful !

              10 months later

              Upvoted for the logging request. As for request #2, who is going to maintain the extension blacklist? Why should I trust that their idea of an extension "going rogue"?

                2 months later

                +1 for logging extensions requests

                Later in the future it could be expanded to log the frequency of some privacy sensitive APIs

                E.g.: you just install a Weather pop up extension but later when reviewing extension activity you find out it’s making tons of calls to tabs api and monitoring your internet traffic in the past week. Or using web request blocking/replacement.

                Of course you accept permission when you install but you might overlook some items or in a rush.

                That’s why making it possible to occasionally “audit” with an overview of what extensions are doing (privacy wise) is useful!

                  a year later

                  Vlad

                  Hmm that sounds pretty aggressive, where does the FAQ claim that?

                  I don't think it's what was meant, but I can see how one could interpret it that way. Here's the question, emphasis my own:

                  How does Orion respect my online privacy?

                  Orion has no built-in telemetry, so it can never "phone home" and risk exposing your data. Orion is truly and verifiably a privacy-respecting browserunlike those that only offer the illusion of privacy.

                  • Vlad replied to this.
                      No one is typing