Hiya all.
I'm the author of Reddit Enhancement Suite. I realize a lot of you already know about the permissions confusion, but I've just recently noticed that I got a ton of [negative and slanderous reviews](https://chrome.google.com/webstore/detail/reddit-enhancement-suite/kbmfpngjjgdllneeigpgjifpgocmfgmb/reviews) because of confusion about the permissions, so I'd like to re-explain them again.
Tens of thousands of RES users uninstalled due to those reviews. I'm not too upset about the # of installed copies, but those reviews are all top-rated due to people clicking "yes" that they're helpful - which reflects very poorly (and falsely) on me to newcomers to the addon who read the reviews page.
**TL;DR**: RES does not collect or harvest your data AT ALL. The messaging from Chrome is confusing at best, misleading at worst. I'll explain each permission below...
- **history** - the history permission is required in order to add URLs that you expand using the inline image viewer to your history (e.g. "make them purple")
- **cookies** - the cookies permission is required for Account Switcher to work. RES needs to be able to reset your logged-in cookie before attempting to log you into another account.
- **tabs** - the tabs permission allows RES to communicate between open tabs of reddit so that a change you make to settings, data, etc in one tab is propagated to other reddit tabs you have open.
- **flickr, imgur, other sites**: - this is the one where google really upsets me... they say "RES has access to **your data** on ... sites" -- this is NOT THE CASE. RES needs permission to call out to imgur, flickr etc in order to get the direct URL to each image in an album, for example -- or to flickr to get the direct URL to the one image that is linked. This is what allows you to expand it without leaving the homepage.
Unfortunately, because Chrome's permissions dialog is confusing, the following happened:
1) the dialog doesn't talk about which permissions are new vs. old - so people who *ignored* the history/tabs/cookies permission the first time though "wow, the new RES update is asking me for all this stuff?! what the HELL!?" - I can't really blame them... but many of them have slandered me in the reviews saying I'm "collecting their data and selling it to marketers" - which is 100% untrue.
2) Not only is the dialog not very clear, but it's also worded pretty scarily - it tells users that I may be doing all sorts of sketchy stuff. Technically, those permissions allow me to, but [RES is open source](http://github.com/honestbleeps/Reddit-Enhancement-Suite) and you can check for yourself that I'm not. Further, if you're concerned that what's on github isn't what's in the Chrome extension - chrome extensions are just zip files! You can decompress it and compare if you don't trust me.
So, having seen the slanderous reviews and taking it a little bit personally (it's upsetting. I've worked very hard to build a reputation of trustworthiness and generosity by being honest/forthright, and not being in your face about donations, etc) - I wanted to set the record straight with Chrome users who are confused or upset by these permissions dialogs.
Thanks for reading...
honestbleeps
> flickr, imgur, other sites: – this is the one where google really upsets me… they say “RES has access to your data on … sites” — this is NOT THE CASE. RES needs permission to call out to imgur, flickr etc in order to get the direct URL to each image in an album, for example — or to flickr to get the direct URL to the one image that is linked. This is what allows you to expand it without leaving the homepage
They generalize it. These permissions remove the cross-origin restrictions, meaning that you actually could abuse it and access personal information. Have you looked at this [stackoverflow answer](http://stackoverflow.com/questions/15167738/xmlhttprequest-succeeds-without-manifest-permissions-maybe-cors)? I haven’t tried it, but if you don’t specify a permission for e.g. imgur and api.imgur.com has the headers that allow you to make cross origin requests, it should still work, or am I wrong? Maybe I am going to clone the repo and check if I can get it to work with a few less permissions. I completely understand why you are upset though, many users with no idea destroying your reputation is a very bad thing.
> Not only is the dialog not very clear, but it’s also worded pretty scarily – it tells users that I may be doing all sorts of sketchy stuff.
Yeah, I never really liked that characteristic of the permissions dialog, but I understand why they do it. “Better safe than sorry”, etc.
Just using this thread as a way to say THANK YOU for RES. It’s an amazing tool and my internet (i.e. reddit) experience is not the same with out it.
Sad to hear others are so quick to be ignorant, but the media spotlight on internet privacy issues certainly isn’t helping your cause. Hope you are successful in changing opinions of the less informed.
It sounds like Google needs to provide developers the opportunity to further explain exactly why each permission is required, as you have spelled out above.
Goodluck!
i was going to complain about just ‘taking your word on it’ but since it’s open source i guess you are being semi-transparent.
Don’t take it too personally, ignorant people say ignorant things. Keep up the great work! I gave you a 5 star review, and I never review extensions.
I marked the dumb ones as “unhelpful” and the good ones as “helpful” just now. And just want to say thanks for RES. Someone else said it in the reviews, if RES was suddenly not an option for me anymore I would straight up stop using reddit. Such a great add-on.
Thank you for this, I myself was one of the idiots who uninstalled, I thought you were collecting our internet history. Sorry
> * history – the history permission is required in order to add URLs that you expand using the inline image viewer to your history (e.g. “make them purple”)
> * cookies – the cookies permission is required for Account Switcher to work. RES needs to be able to reset your logged-in cookie before attempting to log you into another account.
> * tabs – the tabs permission allows RES to communicate between open tabs of reddit so that a change you make to settings, data, etc in one tab is propagated to other reddit tabs you have open.
> * flickr, imgur, other sites: – this is the one where google really upsets me… they say “RES has access to your data on … sites” — this is NOT THE CASE. RES needs permission to call out to imgur, flickr etc in order to get the direct URL to each image in an album, for example — or to flickr to get the direct URL to the one image that is linked. This is what allows you to expand it without leaving the homepage.
You should copy/paste this into your full description.