Tampermonkey®
by Jan Biniok
Table of Contents Previous entry (Q209) Next entry (Q301)
A300 ...like any other chrome extension that has https and http access! This includes extensions like AdBlock, ScriptSafe, Avast Online Security and due to the fact that it is not displayed explicitly when they are downloaded, any userscript that is installed as native Chrome extension.
If you're interested in this, you can find the access information a the right column of every extension at the Chrome store by searching for "This extension can access". Tampermonkey needs to be able to run at every page, because it doesn't know at what pages your userscripts will run and therefore needs to be able to inject them into every page.
But you're right, userscripts and extensions can harm your privacy and your computer. Nevertheless I think more evil is that Chrome does not display at what pages a userscript wants to run on when install it is installed as native extension. From this point of view Tampermonkey even can bring you some security back, at least if you believe me, that I'm not interested in any of your data. If not, you can open the console (Ctrl-Shift-J) and choose the network tab to investigate what network communication is done. :)