I’ve seen this question asked, https://discuss.privacyguides.net/t/password-manager-safer-with-browser-extension-or-copy-drag-auto-type/11466?u=seek.veritas, and it is relevant to me as well. I’m new to the privacy and security space and am curious as to if I should be using a password manager extensions (along with other types of extensions (email aliasing, etc.) for the convenience sake. I’ve been doing this method for awhile as I value the convenience but wanted to make sure that this wasn’t a huge privacy and security risk. What other options are there? Would I either have to use the web or desktop versions and copy/paste? Seems monotonous.
1 Like
I’ve been wondering this as well, but I can’t find much discussion.
Extension should be safer, it won’t auto-fill fishing site, while you can. And keeping passwords in clipboard is not good practice either.
4 Likes
Autofilling websites with your personal data is only one thing that web browser extensions can do. If you look at the most popular extensions you’ll see that it’s unbelievable how many things extensions can do now.
In one way I think they’re safer than installing 3rd party Apps to Windows because they’re vetted by the Firefox community:
https://addons.mozilla.org/en-US/firefox/search/?promoted=recommended&sort=users&type=extension
It’s a compromise of security vs privacy.
Extensions pros
- super simple to install
- sandboxed to the browser
- great usability on websites
Extensions Cons
- increases fingerprint uniqueness reducing privacy
Desktop Pros
- does not increase fingerprint
- does not interface with the browser
Desktop Cons
- copy/paste is not as seamless
- if closed source means unable to audit
- threat to os instead of just browser (but browser can still hold a lot of info).
Generally, I try to install open source software, preferably GPL licensed. For example let’s take a password manager like Bitwarden. They have an extension and a desktop app. Extension makes the fingerprint more unique but way easier to use.
Desktop app is open source, so I don’t have massive privacy or security concerns with that. I like the extension usability so I use that a lot.
2 Likes
There is one valid case of this: for the desktop app, only the Windows version supports FIDO2 WebAuthn.
IMO, login creation is much more streamlined with the extension than with the desktop app.
No extensions, I want.
Be careful of extensions, you need.
I put all the extensions that I don’t trust in a separated browser profile. It’s a pointless idea for some extension types, though, a password manager, for example.
1 Like
I would like to understand why. I get it for content blocking / changing extensions because you could theoretically check what content has been blocked or changed. I think that’s why PG just recommends to use the default filter lists on uBlock Origin rather than enabling all of them. Other extensions like Dark Reader, Bypass Paywalls, or Greasemonkey might also be fingerprintable, at least in theory (not sure if anyone really bothers). Or extensions that change the user agent string or accept headers (e.g. the “Don’t Accept image/webp” extension).
But an extension that doesn’t change how the content of the website? How would the website owner even find out about it? I mean stuff like Bitwarden, History Cleaner, Treestyletabs?
1 Like
Check this if you use chromium based browser Extension Detector
And this about password extensions Password Managers.
1 Like
You’re really limiting yourself if you just swear off extensions altogether.
I just installed Firefox Developer Edition as a way to test out installing some extensions for saving files from websites without creating any problems with Firefox as Firefox is my main web browser.
Wow, what a shock these extensions were… I installed about 6 of them and none of them worked. They all require you to install a separate companion app to Windows…
This is a perfect example of needing to install a “companion app” for this extension to have any functionality at all: Video DownloadHelper – Get this Extension for 🦊 Firefox (en-GB)
What’s the point in using extensions if you ALSO need to install an app to your Windows PC??? 
What’s scary is that extension I posted is recommended by Firefox staff… 
Heads up - You don’t need FireFox Developer Edition to install extensions unless you want to side load unverified extension or want to test preview changes not yet in the stable branch.
1 Like
I appreciate your reply!
I just installed the Firefox Developer Edition so that I could test out extensions.
My main web browser is the regular Firefox for desktop but I didn’t want to risk installing bad extensions to this.
Extensions recommended by Firefox staff undergo a rigorous review period before they publish an update to the Firefox Addons store, and this happens for every update. I wouldn’t fret too much, even uBlock Origin once had an update blocked by the team because something in the code was not clear (that issue was later fixed, but yes they do take extension security seriously).
1 Like
I appreciate your reply!
I feel like by 100% avoiding browser extensions people in this community are really missing out on some great functionality!
Some extensions are incredible.
Which ones do you mean?
I did a search and these came up as the best Firefox extensions I can recommend.
There are so many extensions for Firefox that you need to be cautious of which ones are secure and which ones are not.
This list gives you the best of the best because they’re officially recommended by Mozilla, which means he extensions have been thoroughly vetted and this list also displays the most popular extensions:
It’s truly remarkable how good extensions are and how popular some of them are. UBlock Origin for example has over 7.3 million users…
https://addons.mozilla.org/en-GB/firefox/search/?promoted=recommended&sort=users&type=extension
Let me know if you need any help!