How safe is Greasemonkey?

Nathan H picture Nathan H · Nov 25, 2008 · Viewed 19.1k times · Source

I've never actually used greasemonkey, but I was considering using it. Considering that GreaseMonkey allows you to let random people on the Internet change the behavior of your favorite websites, how safe can it be? Can they steal my passwords? Look at my private data? Do things I didn't want to do? How safe is Greasemonkey?

Thanks

Answer

Adam Davis picture Adam Davis · Nov 25, 2008

Considering that GreaseMonkey allows you to let random people on the Internet change the behavior of your favorite websites, how safe can it be?

It's as safe as you allow it to be - but you aren't very clear, so let's look at it from a few perspectives:

Web Developer

Greasemonkey can't do anything to your website that a person with telnet can't already do to your website. It automates things a bit, but other than that if greasemonkey is a security hole, then your website design is flawed - not greasemonkey.

Internet user with Greasemonkey loaded

Like anything else you load on your system, greasemonkey can be used against you. Don't load scripts onto your system unless you trust the source (in both meanings of the term 'source'). It's fairly limited and sandboxed, but that doesn't mean it's safe, merely that it's harder for someone to do something nefarious.

Internet user without Greasemonkey

If you do not load greasemonkey or any of its scripts, it cannot affect you in any way. Greasemonkey does not alter the websites you visit unless you've loaded it on your system.

Greasemonkey developer

There's not much you can do beyond what can already be done with XUL and javascript, but it is possible to trash your mozilla and/or firefox profile, and possibly other parts of your system. Unlikely, difficult to do on purpose or maliciously, but it's not a bulletproof utility. Develop responsibly.

-Adam