The Tampermonkey site notes that the scriptmanager can "access your data for all websites". That means it could access my private Steemit keys, doesn't it? That's a mighty big security risk.
The Tampermonkey site notes that the scriptmanager can "access your data for all websites". That means it could access my private Steemit keys, doesn't it? That's a mighty big security risk.
That is correct.
I think it depends on which key was used to login, so if you login with the posting key it shouldn't be possible to access a "higher level" key.
That's just my speculation seeing that you need to extra login to see some private keys...
But yes nonetheless, every script or addon you install to modify the steemit site (there are a few of them) could possibly steal your keys.
That's why you should never install a closed source skript/addon!
I'm inviting everybody to check my script for any malicious intent, it's open source and I have nothing to hide :)
And I'm not sure, but I think the utopian moderators would also check for such things^^
Greetings,
Martin