You are viewing a single comment's thread from:
RE: SteemPlus 2.5.2
SteemPlus also has a few features working on busy and utopian so I could reduce to those three indeed. In the meantime, the whole code is opensource so you can see for yourself that no other website is accessed.
As for the security, we do not touch your keys and use Steemconnect. We don't even use a server , your settings are kept locally.
Don't hesitate if you have more questions
Thanks @steem-plus for the reply! I agree that the open source aspect is critical to security. While I haven't personally reviewed the code, I think it's unlikely that there's malicious code as it would hopefully quickly be discovered.
So I guess my question is really what prevents someone from compromising your deployment infrastructure and quickly uploading a maliciously modified version to the Chrome store? Would this potentially automatically "upgrade" browser users with the malicious extension?
For example, many websites have had mining software injected. Presumably, these websites did not intentionally add the mining javascript but were instead compromised. Do you think this is a risk for the SteemPlus extension that users should be conscious of?
To inject malicious code they would need access to my Chrome Store account which is protected by a quite long and random password that is only stored in my brain. Also you can install in developer mode to avoid automatic updates.