I see quite a few comments on various scripts when the permissions require access to “all websites”. Some of these comments are quite vocal in complaining about the permissions being requested. There are two things I would like to say about this:
1. The script developers know about this issue.
Our script developers aren’t idiots. Many of them are professional developers who are well aware of security implications. They are also, all of them, volunteers; providing us with the benefits of their experience, free of charge, in their own time.
The latest WME update came out unexpectedly and was not (as frequently happens with Waze :evil: ) the same code as was being tested in Beta. As the script authors hurried to fix things for us, at least a couple of script releases accidentally failed to restrict access permissions as well as they normally do.
2. You don’t have to use these scripts.
Every script is produced either by an editor who wants something to help themselves and then kindly shares it with us; or in response to a request from others who want a feature but can’t script it themselves. There is no obligation for any user to use any script - and the failure of any script does not prevent you editing the map.
So if you see a script asking for permissions that you think are too broad, don’t shout about it! Don’t complain that the author doesn’t understand security, or is being careless, or is invading your privacy.
- Point out politely that, in your opinion, the script is requesting access to more than it needs to. You don’t need to provide a list of reasons why it shouldn’t - the script authors are well aware of this.
- If you’re not sure why broad permissions have been requested, ask. You will often get a clear answer.
- If you have a suggestion, make it. Script authors don’t like to be told “you’re doing it wrong and invading my privacy”. They do like to hear "I think there may be a problem and this might be a way to resolve it.