(no title)
posobin | 4 years ago
You can see the actual permissions that ampie needs here: https://github.com/posobin/ampie/blob/master/build/manifest....
webNavigation together with tabs is needed to detect page URL changes correctly and update the sidebar (I don't remember exactly, but I think the main problem were pages that use history api to update the URL), storage is for localStorage to store extension settings, cookies to read/change cookies (limited to "https://ampie.s3.amazonaws.com/", "https://hacker-news.firebaseio.com/", "https://*.ampie.app/", to be able to get your auth token for ampie not to log in twice), unlimitedStorage was used previously because the caches of links stored were much more than the 5mb that is the default indexedDB limit. The caches are not used anymore, but I kept the permission so far because I am thinking of adding functionality for storing and visualizing your browsing history.
I am not sure what you would want to disable here.
If an extension includes content script that runs on all websites, then it can't avoid having the "read and change all your data on all websites": content script is JS code from an extension that runs on web pages, it can access the DOM and send requests. Ampie needs to run the content script on all pages to be able to add the sidebar. The other option is to run the content script on clicking the extension icon: as I mentioned elsewhere, while this approach might sound appealing in theory, the extension turns out to be much less useful this way as you simply forget/don't bother to click it and miss out on some interesting discussions.
sillysaurusx|4 years ago
But to play the pesky devil's advocate: you can make the extension consist entirely of a button on your Chrome bar, which you click on to see a popup containing the content that would normally be injected into the page itself. Thus, it wouldn't need any page permissions.
You can even show the number of tweets by displaying the number on the icon.