Security FAQ
Where InFormEnter+ stores my data?
InFormEnter+ uses WebExtension API to store all profiles data in chrome.storage.sync object. This object is stored locally on computer and is synchronized between different browsers within one account.
Is it secure to transfer my data using public networks to sync my profiles?
Extension`s data is transferred by nets encrypted as well as browser bookmarks or passwords.
Can suspicious websites access my current profile?
No. WebExtension content security policy does not allow sites' harmful scripts to access extension content script data. We conducted experiments to check this. But there is always the possibility of zero day vulnerability.
Can suspicious extensions access my current profile?
Unfortunately yes. Be careful with new extensions.
Can you explain extension permissions shown before installation?
Yes, of course.
- Access your data for all websites
InFormEnter+ needs this permission to analyze every page you visit to find textboxes to prepare marker (small blue arrow) for InFormEnter+ menu. InFormEnter+ does not change your data on websites. - Download files and read and modify the browser’s download history
InFormEnter+ can export all profiles into one text file. In order to do it, addon uses downloads API. InFormEnter+ does not view your download history or downloaded files. - Get data from the clipboard
It is need for $ClipboardText$ macro. - Input data to the clipboard
It is need for $GeneratePassword$ macro with "C" option.
Ok, last question. Where do you secretly transmit my data?
Your data does not leave the boundaries of your browsers and is not secretly transmitted anywhere. Because InFormEnter+ has open source code you can easily conduct an independent audit of the code and verify this. If any fragments of the code are incomprehensible — write us, we will help to understand.
If you have other questions or notes about InFormEnter+ security — write us.