Pages:
Author

Topic: Autofill - extension that will simplify your hunting (Read 321 times)

copper member
Activity: 114
Merit: 0
Asure - Social Security Network
It is a pity that there were no people who really would benefit from such an extension for the browser, the whole discussion came down to data protection and more. Embarrassed
legendary
Activity: 3052
Merit: 1273
Modern smartphones prevent applications from interacting with each other and each other’s data. When permission is granted for example to allow an app to access and write to ‘photos’ this access is limited to the specific directory the photos are stored in, and there are safeguards that prevent a malicious app from doing something that apple or google (depending on the OP you are using) doesn’t want the app doing.

Ok, I've got a question here again:

What IF:
- Let's say for eg.; I give Google Photos the permission to receive all my images in my smartphone (and I don't believe it's limited to a specific folder but all the images in my smartphone). Does Google save all the images in its Drive feature and shows through photos? Will my privkeys also be on stake if I use Google drive if I've saved my privkeys in Json format and it gets exposed to Drive which, if hacked, can be in the hands of that hacker with all other data that's saved there?
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
--snip--

I disagree, smartphone these days generally more secure than desktop because sandboxing feature where an application can't access system, other application or user's files without user's permission.

Most of those hacks usually happen because outdated OS or user simply allow all permission request.

Trust me, when I said that, I knew it was all about permitting requests but many apps won't work without those permissions being given to them (or at least won't work properly. For eg.; Camera app needs your storage permission to view files and show them to you as well as store newly clicked images in your system only after permitted. This includes all the attributes set here for it to perform all these tasks - Read, Write and Execute. By saying outdated OS, do you point it towards the older versions of Android or anything similar? You meant that Android is also vulnerable to bugs which can help hackers steal our data just because it is old? For latest versions of Android nowadays, we need to spend at least $200 - 300  and more to get them in a smartphone. We don't need sandboxing because at the end of the day, you're sure to give those permissions to an application that needs it to do its job better.
Modern smartphones prevent applications from interacting with each other and each other’s data. When permission is granted for example to allow an app to access and write to ‘photos’ this access is limited to the specific directory the photos are stored in, and there are safeguards that prevent a malicious app from doing something that apple or google (depending on the OP you are using) doesn’t want the app doing.

There are obviously bugs and zero day attacks, however a smartphone will generally be more safe than an internet connected computer. It will be less safe than a ‘cold storage’ computer that has never and will never be connected to the internet.

Internet connected computers for example will often automatically download files and will only earn you about opening a program downloaded from the internet.
legendary
Activity: 3052
Merit: 1273
--snip--

I disagree, smartphone these days generally more secure than desktop because sandboxing feature where an application can't access system, other application or user's files without user's permission.

Most of those hacks usually happen because outdated OS or user simply allow all permission request.

Trust me, when I said that, I knew it was all about permitting requests but many apps won't work without those permissions being given to them (or at least won't work properly. For eg.; Camera app needs your storage permission to view files and show them to you as well as store newly clicked images in your system only after permitted. This includes all the attributes set here for it to perform all these tasks - Read, Write and Execute. By saying outdated OS, do you point it towards the older versions of Android or anything similar? You meant that Android is also vulnerable to bugs which can help hackers steal our data just because it is old? For latest versions of Android nowadays, we need to spend at least $200 - 300  and more to get them in a smartphone. We don't need sandboxing because at the end of the day, you're sure to give those permissions to an application that needs it to do its job better.
copper member
Activity: 114
Merit: 0
Asure - Social Security Network
Save your private wallet in that extension i think very risk.
I do not think that there is some kind of a fool who will store his private keys in such extensions  Grin It is used to fill out forms with public information.
sr. member
Activity: 554
Merit: 271
I think filling form is not difficult and it only take a few minutes.
Better i use Notepad in computer or ColorNote in my Smartphone.



Save your private wallet in that extension i think very risk.
member
Activity: 406
Merit: 10
Filling forms for bounties and airdrops is something that shouldn't take more than 3 minutes so using a 3rd party extension is just being lazy and taking a serious risk.

Additionally different forms have different format at which they where made which may lead the extension filling the wrong info in the wrong place.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Agreed with you about third-party extensions, but personally Chrome is not a safe one to, because it is a sort of G products, and you know Google will use user data for whichever purposes that we never know.

They can collect user data from their browser, connect users' dots and over time they have significant data; then someday sell them to get profits at acceptable deal, only Google knows. It is a serious potential threat by using Chrome. I would prefer to use FireFox or Brave browers, instead of Google Chrome.

Most people who join "hunting" give their personal information (with/without KYC) on daily basis, so i doubt they care about privacy concern or possibility of misuse of their information when using google product.

We shouldn't use even smartphones if you ask me because it's one of the most vulnerable things to malicious viruses in general and most people don't even have anything like AV installed in their smartphones because either they are not aware or they are too over-smart. Most of the hacks nowadays take place through these Android applications and if such extension is installed in your chrome browser and you've allowed some permissions to your browser, I guess your coins are at stake because this extension will have some sort of code or patch injected in it that'll come with it after installation and it'll fetch all the data from your mobile and send it to hacker. So not only are your coins and privkeys, but your data also isn't so safe if you blindly download anything.

I disagree, smartphone these days generally more secure than desktop because sandboxing feature where an application can't access system, other application or user's files without user's permission.

Most of those hacks usually happen because outdated OS or user simply allow all permission request.
legendary
Activity: 1624
Merit: 2481
Auto-fill is highly risky.

A fake site could be set up where the login fields are basically 'the same' as on an original site, and the chrome auto-fill (not extension, but built-in auto-fill) will enter your username and password.
This is a known attack vector and one reason why auto-fill should never be used.

I don't know how this extension behaves, but rather be safe than sorry.

IMO this extension is definitely not worth the risk.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
We shouldn't use even smartphones if you ask me because it's one of the most vulnerable things to malicious viruses in general and most people don't even have anything like AV installed in their smartphones because either they are not aware or they are too over-smart. Most of the hacks nowadays take place through these Android applications and if such extension is installed in your chrome browser and you've allowed some permissions to your browser, I guess your coins are at stake because this extension will have some sort of code or patch injected in it that'll come with it after installation and it'll fetch all the data from your mobile and send it to hacker. So not only are your coins and privkeys, but your data also isn't so safe if you blindly download anything.
People are safely use their smartphones if they don't store any crypto on their phones, don't log in exchange accounts, don't log in their important emails. Unfortunately, people tend to use their phones for important things (like above ones), and don't install AV softwares.
Even I don't log in my main emails or my exchange accounts on phones or other mobile devices (like tablets), I still feel unsafe. For apps, that need to use for daily expenses, I only store very limited funds. I am careful to make sure that just in case when worst things happen, I won't lose too much money.

With or without AV softwares, mobile devices (smartphones, tablets) or desktop computers/ laptops, having good and healthy web-surfing habit is the most important thing to protect our devices, identities and funds.
legendary
Activity: 3052
Merit: 1273
Additionally, don't use computers in which crypto currencies stored to install and use extensions from third-parties.

If people don't use cold storage, computers in which they store crypto wallets should be used only for wallet upgrades (from official websites). Keeping those special computers as safely as possible will keep their crypto safely from threats. Only opening those computers to download wallet upgrades, and installing new versions of wallets. Then, when upgrades finished, shut down computers to avoid distractive interests (like web surfing, and others unsafe things).

We shouldn't use even smartphones if you ask me because it's one of the most vulnerable things to malicious viruses in general and most people don't even have anything like AV installed in their smartphones because either they are not aware or they are too over-smart. Most of the hacks nowadays take place through these Android applications and if such extension is installed in your chrome browser and you've allowed some permissions to your browser, I guess your coins are at stake because this extension will have some sort of code or patch injected in it that'll come with it after installation and it'll fetch all the data from your mobile and send it to hacker. So not only are your coins and privkeys, but your data also isn't so safe if you blindly download anything.
full member
Activity: 756
Merit: 133
- hello doctor who box
Delirium of persecution - a disorder of the thinking process, the delusional conviction of a person that a certain person or group of persons pursues him: spies, torments, scoffs, plans to do harm, rob, kill, etc.
You are in a place where you have never seen, meet, no identity, have no idea of shape, race (human or alien) what I am meaning is that no clue about the other person. Every day you are seeing scam accusations where one has stole others money or failed attempt to steal, trashing each others is the regular practice. This is the reality of an anonymous forum. How would you not expect anything harmful from someone who never made any presences here but asking to install a piece of program that can alter the input system of the users device. What if there is a piece of code that will convert a string to something else without my knowledge and send out something else that I was not originally meant to send?

I do not blame you nor them. Let's say your initiative is a legit one but considering the environment of this forum, your work is a collateral damage for a group of people but fact is both you and them are not wrong from their own ground.

Peace!
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
If anybody decides to use this extension, just make sure you only use it on your personal computer. Don't log in to your Chrome on other devices as it would synchronize and possibly make your private data left in public.

Don't forget to not input any sensitive data there, such as a password.
Additionally, don't use computers in which crypto currencies stored to install and use extensions from third-parties.

If people don't use cold storage, computers in which they store crypto wallets should be used only for wallet upgrades (from official websites). Keeping those special computers as safely as possible will keep their crypto safely from threats. Only opening those computers to download wallet upgrades, and installing new versions of wallets. Then, when upgrades finished, shut down computers to avoid distractive interests (like web surfing, and others unsafe things).
sr. member
Activity: 910
Merit: 351
If anybody decides to use this extension, just make sure you only use it on your personal computer. Don't log in to your Chrome on other devices as it would synchronize and possibly make your private data left in public.

Don't forget to not input any sensitive data there, such as a password.
copper member
Activity: 114
Merit: 0
Asure - Social Security Network
Delirium of persecution - a disorder of the thinking process, the delusional conviction of a person that a certain person or group of persons pursues him: spies, torments, scoffs, plans to do harm, rob, kill, etc.

what is stolen from you? Do they recognize your forum nickname? telegram name? your public wallet number? this is already in full view in the spreadsheets of any bounty campaign.
No need to scare users and come up with conspiracy theories and attempts to steal data. Whoever needs it, they will steal data from the Binance, and not from some unfortunate bounty hunter. All input information is publicly available.

It is everyone’s business to use some auxiliary extensions or not.
If you think that this is not safe for your data, then do not install, I do not insist, I just described a way to configure and use. Knowing some people, they will begin to attribute to me an attempt to steal user data from this forum.  Grin
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Most browsers have this functionality already built in. There is no reason to use a potentially unsafe extension built by a third party.

As Velkro said, the extension could possibly change displayed addresses. It could also submit a different address than what is input into a form, and it could transmit your 'saved' address to the creator of the extension so he can generate a 'vanity' address that looks similar to what you saved, making it difficult to detect the change.
hero member
Activity: 2366
Merit: 838

Both of you are right but it still safe if we don't use any 3rd party extension in chrome browser if you use the browser mostly for Crypto(safety is our priority). I'm sure this extension are stealing personal information so for me this is not recommended to use.

Also, I noticed someone telling that this extension is a scam they have many bad reviews about this extension so I don't recommend to install this on your chrome.
Agreed with you about third-party extensions, but personally Chrome is not a safe one to, because it is a sort of G products, and you know Google will use user data for whichever purposes that we never know.

They can collect user data from their browser, connect users' dots and over time they have significant data; then someday sell them to get profits at acceptable deal, only Google knows. It is a serious potential threat by using Chrome. I would prefer to use FireFox or Brave browers, instead of Google Chrome.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook

Both of you are right but it still safe if we don't use any 3rd party extension in chrome browser if you use the browser mostly for Crypto(safety is our priority). I'm sure this extension are stealing personal information so for me this is not recommended to use.

Also, I noticed someone telling that this extension is a scam they have many bad reviews about this extension so I don't recommend to install this on your chrome.
copper member
Activity: 114
Merit: 0
Asure - Social Security Network
Install this extension. https://chrome.google.com/webstore/detail/autofill/nlmmgnhgdeffjkdckmikfpnddkbbfkkk, after installing it, it's lightning bolt icon will appear in the upper right, right-click on it and select "Settings".
When new member of forum asking you to install something Cheesy take a step back.
There are malicious extensions that will steal your data/keys or replace copied bitcoin address to hacker address.

Always consider installing anything on your computer as very high risk often not worth taking.
#1 security advice out there
I completely agree with you, but I did not notice the suspicious actions of this extension and many use it on this forum, in addition, Google checks the extensions in its store for hacker activity.
I just described how to use this extension, I am not its author and I am not trying to steal any information.  Smiley

There are malicious extensions that will steal your data/keys or replace copied bitcoin address to hacker address. - you need to check the data before submitting the form  Wink
legendary
Activity: 2296
Merit: 1014
Install this extension. https://chrome.google.com/webstore/detail/autofill/nlmmgnhgdeffjkdckmikfpnddkbbfkkk, after installing it, it's lightning bolt icon will appear in the upper right, right-click on it and select "Settings".
When new member of forum asking you to install something Cheesy take a step back.
There are malicious extensions that will steal your data/keys or replace copied bitcoin address to hacker address.

Always consider installing anything on your computer as very high risk often not worth taking.
#1 security advice out there
Pages:
Jump to: