DOCSLIB.ORG

Online Workflowy Browser

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Online Workflowy Browser Do way, way more in WorkFlowy, 1st Edition © 2015 Frank Degenaar Published by Frank Degenaar, -3.72541, -38.49859 All rights reserved. No part of this publication may be reproduced in any form, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, contact the publisher: [email protected] For Emma-Pearl: Each Pomodoro spent on this book meant less beach time for you. Though you don’t yet know all about lists and productivity, you’re on almost all of my lists... and hands down, the #1 beneficiary of my @Future-me tag. Contents READ ME MEET YOUR BRAIN WorkFlowy - Where have you been all my life? What I use WorkFlowy for Walter Bishop’s brain What, technically, is WorkFlowy? Show and tell - The WorkFlowy basics A NEW SKIN FOR YOUR BRAIN - STYLING A WorkFlowy facelift with Stylish Painter for WorkFlowy ORGANIZE YOUR BRAIN - SETUP Feed me Seymour! It’s a Kanban magic Nested lists Nested lists and GTD NAVIGATE YOUR BRAIN - FROM A TO B List Title Tags Workflow tags List hyperlinks Breadcrumb navigation Starred pages viewer Meet Ctrl+Shift+9 & Ctrl+Shift+0 FAST-TRACK YOUR BRAIN - KEYBOARD SHORTCUTS The Tetris Effect Navigating stuff Expanding/ collapsing stuff Selecting stuff Moving stuff Copying/ duplicating stuff Deleting, completing (& exploding) stuff Miscellaneous shortcuts SEARCH YOUR BRAIN The whole search and nothing but the search - so help me WorkFlowy Hidden search operators - WorkFlowy’s search language Saved searches Filtering tags vs. searching keywords NETWORK YOUR BRAIN - MORE ON TAGS Your positronic brain Basic tag types - Pick a tag, any tag Transfer any list anywhere Tag index basics Contexts within contexts - a no-brainer tag index Compiling a mega alphabetized tag index - the WorkFlowy blog Exploratory tags PRIORITIZE YOUR BRAIN - TASK MANAGEMENT Just do it The Eisenhower Matrix Kanban The tickler file The tickler file and recurring tasks The tickler file vs date tags Date tags and a date tag index Kanban Calendar Don’t break the chain! The Pomodoro technique A home-page workspace Delegating Tailor-made action tags TRACK YOUR BRAIN - JOURNALING Get your Doogie Howser on Accessibility and a visual cue Tag-ability Filtering - The stuff of life PUBLISH YOUR BRAIN (1) - 3RD-PARTY TOOLS Markdown - What goes down must come up Markdown syntax - From the bottom up PhraseExpress - Expand your mind PhraseExpress - Autotext PhraseExpress - Simulated keypresses PhraseExpress for Markdown PhraseExpress - A workflow toolbox Dropbox and Evernote Exporting Markdown inline images WorkFlowy to Gingko to Word Word to InDesign PUBLISH YOUR BRAIN (2) - A BOOK-WRITING WORKFLOW From start to finish Ideation and a tag index Ghost Bullets Metric tags Editing and revision tags A continuity/ error checklist Internal InDesign book links in WorkFlowy InDesign paragraph style tags in WorkFlowy Markdown elements to any InDesign style END OVER END Best of you Next year Big me Home Read me Here are a few quick pointers on getting around this PDF document… as well as some consolidated references for all shared resources scattered throughout these pages. 1. Breadcrumb navigation bar #Getting-around Each page in this book has a breadcrumb navigation bar which lets you know exactly where you are - not unlike in the WorkFlowy app itself. Also, each has 3 clickable links which take you to where you imagine they would go: • HOME: This link will take you to the table of contents. • SECTION: Follow the 2nd link to the current section’s content page. • CHAPTER: The 3rd link will land you back at the beginning of the current chapter. 2. Zoom-able bullet points #Getting-around You can click/ tap on any of the bullet points in the Table of Contents (Home) and on the Section Contents pages. They will take you to the chapters and subsections given. To go to any Section Con- tents page from the main Table of Contents, click on the section’s title text. 3. Red and blue hyperlinks #Getting-around • Red links are external hyperlinks. These will link to sites from your default web browser. • Blue links are internal hyperlinks which connect you to relevant cross-referenced content. 4. Backtracking after following any link #Getting-around After having clicked on any link(s) in this PDF on desktop, you should be able to hit Alt+Left/ Right to navigate back and forth. On mobile device, in whatever app you’re using, you should have options to backtrack via some page link arrows. Home > Read me 5. Keyboard shortcuts on Mac #My-bad To those readers on Mac OS X: One day I hope to be have the privilege of tinkering on my very own Mac. Perhaps in the 2nd edition of this book I will include all Mac keyboard shortcuts too. However, I do think most Mac users are sufficiently savvy to figure out the equivalent of the Windows shortcuts given in this book. Also, your WorkFlowy keyboard shortcuts help menu should come in handy. 6. Shared lists #Resource I’ve shared a number of individual WorkFlowy lists throughout this book. These are public lists that you are welcome to add to your account or just view online. Each of them presents hands-on dynamics that you can tinker with and test. Just in case you lose track of where the links are in this book, I’ll share a consolidated list with you here - which has each of the shared lists nested therein. You can zoom into any of the lists there and then add them to your account. NOTE: Please be aware of your monthly list limit if you are not yet a WorkFlowy Pro member. 7. Stylish code blocks #Resource Included in the above shared WorkFlowy list, you’ll also find the Stylish templates which are blocks of CSS code that will come in handy later - if you’re up to giving WorkFlowy a face lift, that is. 8. Animated GIFs #Resource I’ve created a number of 5-second Animated GIFs to show you the moving parts of WorkFlowy in certain scenarios. In each case, I have linked to a (safe) public Evernote note… and in each case presented, all you do is click on any one of the conspicuous GIF icons in this book to take you there. 9. .pxp files #Resource Here are 2 .pxp files (PhraseExpress) in a shared Dropbox folder. These PhraseExpress files may come in handy later. 10. Complimentary future editions #Say-what? If you registered your e-mail at the time of purchasing this book, I will send you a complimentary download link when all future editions come out. I’m aiming for mid 2016 (at the very latest) for my 2nd edition, which will have the new sections I’ve hinted at in a few places… and then some. Home Meet your brain WorkFlowy - Where have you been all my life? What I use WorkFlowy for Walter Bishop’s brain What, technically, is WorkFlowy? Show and tell - The WorkFlowy basics Home > Meet your brain WorkFlowy - where have you been all my life? There are outliners... and then there are outliners When one begins to tinker with an outliner, you get the sneaky feeling that there’s more to it than meets the eye. That something “more” is really the stirring of just about every productivity method or hack you’ve ever heard of (and even those you don’t know exist yet). Quite a statement. So I wrote this book to illustrate precisely that. Now WorkFlowy goes a step further than the regular old outliner. It gives us Zoom-ability. Zoomability makes WorkFlowy what it is. Without being able to zoom in on a bullet point or list, WorkFlowy would not be WorkFlowy. Zoom gives us razor-sharp focus… zoom brings us Zen. The kind of Zen that makes you want to write and plan… and cry tears of joy. Really. It takes a bit of figuring out to finally click what one can actually do with WorkFlowy. I’m going to show you a ton of things you haven’t figured out yet - and perhaps you’ll reciprocate one of these days. That would be nice, because there are things I haven’t figured out yet. I’m sure of it. I’m going back to the start I have a private English student who’s a Rock Star here in Brazil. No kidding. Not only does he perform on stage as the lead singer of Rocca Vegas, but he also manages his own company, promoting events for some of the top bands in Brazil. He’s a family man, does Stand Up Paddle Surfing… and a bazillion other things regular people like you and I do. So… we were talking about apps that he could use to organize his life. I showed him a bunch of well-known, flashy apps that are no doubt coding wonders in themselves - beautiful to behold… then I took him for a quick spin within my WorkFlowy account, after which he enthusiastically exclaimed, “I’m convinced!” He then inquired, “Does it come set up like that?”. I responded dramatically with a few taps of the keyboard, ”No. You start like this…” and waited for his response: Home > Meet your brain > WorkFlowy - where have you been all my life? He seemed a little puzzled. So I explained further: “It’s a 100% manual setup. How you build your system depends on what you bring to the table.” I then proceeded to briefly run him through WorkFlowy’s core features… and I touched on The Pomodoro Technique, a bit of GTD, Personal Kanban, and the “Don’t break the chain!” hack.
Load more

Recommended publications
  • Detecting Conflicts Among Declarative UI Extensions
    Detecting Conflicts Among Declarative UI Extensions Benjamin S. Lerner Dan Grossman Brown University University of Washington [email protected] [email protected] Abstract shows a “Hello world” example written in XUL, a simple overlay We examine overlays, a flexible aspect-like mechanism for third- targeting it, and its composition with the base document. Appli- cations like Firefox use this ability heavily to modularize their UI party declarative extensions of declarative UIs. Overlays can be de- fined for any markup language and permit extensions to define new definitions into many smaller documents. Mozilla applications expose the overlay mechanism to third par- content that is dynamically woven into a base UI document. While powerful, overlays are inherently non-modular and may conflict ties and thereby enable a uniquely powerful extension mechanism. Such third party extensions can enhance or modify the program’s with each other, by defining duplicate or contradictory UI compo- nents. We construct an abstract language to capture core overlay se- base functionality in arbitrary ways; overlays are used to integrate mantics, and design an automatic analysis to detect inter-extension the extension’s UI into the existing UI. Moreover, end users can conflicts. We apply the analysis to a case study of Firefox exten- freely install extensions to customize their browser however they sions, finding several real-world bugs. Our analysis provides low- wish. This expressiveness has led to the widespread popularity level feedback to extension developers and high-level reports to end of Firefox extensions—hundreds of millions of users have down- users. Finally, we show how variants of overlays more expressive loaded extensions billions of times [13].
    [Show full text]
  • Security Analysis of Browser Extension Concepts
    Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science Bachelor's thesis Security Analysis of Browser Extension Concepts A comparison of Internet Explorer 9, Safari 5, Firefox 8, and Chrome 14 submitted by Karsten Knuth submitted January 14, 2012 Supervisor Prof. Dr. Michael Backes Advisors Raphael Reischuk Sebastian Gerling Reviewers Prof. Dr. Michael Backes Dr. Matteo Maffei Statement in Lieu of an Oath I hereby confirm that I have written this thesis on my own and that I have not used any other media or materials than the ones referred to in this thesis. Saarbr¨ucken, January 14, 2012 Karsten Knuth Declaration of Consent I agree to make both versions of my thesis (with a passing grade) accessible to the public by having them added to the library of the Computer Science Department. Saarbr¨ucken, January 14, 2012 Karsten Knuth Acknowledgments First of all, I thank Professor Dr. Michael Backes for giving me the chance to write my bachelor's thesis at the Information Security & Cryptography chair. During the making of this thesis I have gotten a deeper look in a topic which I hope to be given the chance to follow up in my upcoming academic career. Furthermore, I thank my advisors Raphael Reischuk, Sebastian Gerling, and Philipp von Styp-Rekowsky for supporting me with words and deeds during the making of this thesis. In particular, I thank the first two for bearing with me since the release of my topic. My thanks also go to Lara Schneider and Michael Zeidler for offering me helpful advice.
    [Show full text]
  • Firefox Hacks Is Ideal for Power Users Who Want to Maximize The
    Firefox Hacks By Nigel McFarlane Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00928-3 Pages: 398 Table of • Contents • Index • Reviews Reader Firefox Hacks is ideal for power users who want to maximize the • Reviews effectiveness of Firefox, the next-generation web browser that is quickly • Errata gaining in popularity. This highly-focused book offers all the valuable tips • Academic and tools you need to enjoy a superior and safer browsing experience. Learn how to customize its deployment, appearance, features, and functionality. Firefox Hacks By Nigel McFarlane Publisher: O'Reilly Pub Date: March 2005 ISBN: 0-596-00928-3 Pages: 398 Table of • Contents • Index • Reviews Reader • Reviews • Errata • Academic Copyright Credits About the Author Contributors Acknowledgments Preface Why Firefox Hacks? How to Use This Book How This Book Is Organized Conventions Used in This Book Using Code Examples Safari® Enabled How to Contact Us Got a Hack? Chapter 1. Firefox Basics Section 1.1. Hacks 1-10 Section 1.2. Get Oriented Hack 1. Ten Ways to Display a Web Page Hack 2. Ten Ways to Navigate to a Web Page Hack 3. Find Stuff Hack 4. Identify and Use Toolbar Icons Hack 5. Use Keyboard Shortcuts Hack 6. Make Firefox Look Different Hack 7. Stop Once-Only Dialogs Safely Hack 8. Flush and Clear Absolutely Everything Hack 9. Make Firefox Go Fast Hack 10. Start Up from the Command Line Chapter 2. Security Section 2.1. Hacks 11-21 Hack 11. Drop Miscellaneous Security Blocks Hack 12. Raise Security to Protect Dummies Hack 13. Stop All Secret Network Activity Hack 14.
    [Show full text]
  • Syndicate Framework 55 Table of Contents Ix
    Individual Service Composition in the Web-age Inauguraldissertation zur Erlangung der Wurde¨ eines Doktors der Philosophie vorgelegt der Philosophisch-Naturwissenschaftlichen Fakultat¨ der Universitat¨ Basel von Sven Rizzotti aus Basel Basel, 2008 Genehmigt von der Philosophisch-Naturwissenschaftlichen Fakult¨atauf Antrag von Herrn Prof. Dr. Helmar Burkhart, Universit¨atBasel und Herrn Prof. Dr. Gustavo Alonso, ETH Z¨urich, Korreferent. Basel, den 11.12.2007 Prof. Dr. Hans-Peter Hauri, Dekan To my parents, Heide and Fritz Rizzotti and my brother J¨org. On the Internet, nobody knows you're a dog. Peter Steiner cartoon in The New Yorker (5 July 1993) page 61 Abstract Nowadays, for a web site to reach peak popularity it must present the latest information, combined from various sources, to give an interactive, customizable impression. Embedded content and functionality from a range of specialist fields has led to a significant improvement in web site quality. However, until now the capacity of a web site has been defined at the time of creation; extension of this capacity has only been possible with considerable additional effort. The aim of this thesis is to present a software architecture that allows users to personalize a web site themselves, with capabilities taken from the immense resources of the World Wide Web. Recent web sites are analyzed and categorized according to their customization potential. The results of this analysis are then related to patterns in the field of software engineering and from these results, a general conclusion is drawn about the requirements of an application architecture to support these patterns. A theoretical concept of such an architecture is proposed and described in detail.
    [Show full text]
  • Defeat Information Leakage from Browser Extensions Via Data Obfuscation
    Defeat information leakage from browser extensions via data obfuscation Wentao Chang, Songqing Chen Department of Computer Science, George Mason University, Fairfax, VA 22030 U.S.A {wchang7, sqchen}@gmu.edu Abstract. Today web browsers have become the de facto platform for Internet users. This makes browsers the target of a lot of attacks. With the security con- siderations from the very beginning, Chrome offers more protection against ex- ploits via benign-but-buggy extensions. However, more and more attacks have been launched via malicious extensions while there is no effective solution to defeat such malicious extensions. As user’s sensitive information is often the target of such attacks, in this paper, we aim to proactively defeat information leakage with our iObfus framework. With iObfus, sensitive information is al- ways classified and labeled automatically. Then sensitive information is obfus- cated before any IO operation is conducted. In this way, the users’ sensitive in- formation is always protected even information leakage occurs. The obfuscated information is properly restored for legitimate browser transactions. A proto- type has been implemented and iObfus works seamlessly with the Chromium 25. Evaluation against malicious extensions shows the effectiveness of iObfus, while it only introduces trivial overhead to benign extensions. Keywords: Browser Extension, Chrome, Data Obfuscation, Information Leak- age Threats. 1 Introduction The web browser has become the de facto platform for everyday Internet users, and unarguably the driving force of the recent years’ Internet revolution. Modern web browsers, such as Chrome, Firefox, and IE, are no longer simple static data renderers but complex networked operating systems that manage multiple facets of user online experiences[1][3].
    [Show full text]
  • Interdependent Components for the Development of Accessible XUL Applications for Screen Reader Users
    Interdependent Components for the Development of Accessible XUL Applications for Screen Reader Users Xabier Valencia1, Myriam Arrue1, Halena Rojas-Valduciel2 and Lourdes Moreno2 1EGOKITUZ: Laboratory of HCI for Special Needs, University of the Basque Country (UPV/EHU), Informatika Fakultatea 20018, Donostia, Spain 2Computer Science deparment, Universidad Carlos III de Madrid, 28911, Leganés, Spain Keywords: Accessibility, User Testing, Expert Review, XUL, Mozilla Firefox Browser, Screen Reader. Abstract: Web applications based on XUL technology have reached great development. This technology enables developers to easily create extensions and add-ons of Mozilla Firefox browser. It is essential to keep in mind accessibility in the development of such applications in order to not discriminate user groups. In this sense, standards and good practices have to be considered. Furthermore, User-Centred Design and Inclusive Design approaches should be followed as they involve users with disabilities in the development process. This paper presents an analysis of XUL accessibility guidelines created by Mozilla Foundation. An accessible XUL application has been designed and developed based on the guidelines. User testing has been conducted by two blind users revealing several important accessibility barriers. In addition, an expert review process was carried on by a blind accessibility consultant. They all used JAWS screen reader. The results obtained show that the existing guidelines conformance is not enough for ensuring accessibility of the application. There are other factors dependent on assistive technologies and user agent that have to be considered in the development of accessible XUL applications. 1 INTRODUCTION comprehensive inclusive design paradigm for augmented browser functionalities should integrate The use of Internet has experienced a vertiginous User-Centred Design (UCD) methods and Inclusive growth in the last few years.
    [Show full text]
  • Designing for Extensibility and Planning for Conflict
    Designing for Extensibility and Planning for Conflict: Experiments in Web-Browser Design Benjamin S. Lerner A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy University of Washington 2011 Program Authorized to Offer Degree: UW Computer Science & Engineering University of Washington Graduate School This is to certify that I have examined this copy of a doctoral dissertation by Benjamin S. Lerner and have found that it is complete and satisfactory in all respects, and that any and all revisions required by the final examining committee have been made. Chair of the Supervisory Committee: Daniel Grossman Reading Committee: Daniel Grossman Steven Gribble John Zahorjan Date: In presenting this dissertation in partial fulfillment of the requirements for the doctoral degree at the University of Washington, I agree that the Library shall make its copies freely available for inspection. I further agree that extensive copying of this dissertation is allowable only for scholarly purposes, consistent with “fair use” as prescribed in the U.S. Copyright Law. Requests for copying or reproduction of this dissertation may be referred to Proquest Information and Learning, 300 North Zeeb Road, Ann Arbor, MI 48106-1346, 1-800-521-0600, to whom the author has granted “the right to reproduce and sell (a) copies of the manuscript in microform and/or (b) printed copies of the manuscript made from microform.” Signature Date University of Washington Abstract Designing for Extensibility and Planning for Conflict: Experiments in Web-Browser Design Benjamin S. Lerner Chair of the Supervisory Committee: Associate Professor Daniel Grossman UW Computer Science & Engineering The past few years have seen a growing trend in application development toward “web ap- plications”, a fuzzy category of programs that currently (but not necessarily) run within web browsers, that rely heavily on network servers for data storage, and that are developed and de- ployed differently from traditional desktop applications.
    [Show full text]
  • Delve Into Malware on Browsers Finding Related Web Content Alterations Between Browser Ex- Tensions
    Delve into Malware on Browsers Finding related web content alterations between browser ex- tensions Master’s thesis in Algorithms, Languages and Logic JOEL MORIANA BECERRA Department of Computer Science and Engineering CHALMERS UNIVERSITY OF TECHNOLOGY UNIVERSITY OF GOTHENBURG Gothenburg, Sweden 2017 Master’s thesis 2017 Delve into Malware on Browsers Finding related web content alterations between browser extensions JOEL MORIANA BECERRA Department of Computer Science and Engineering Chalmers University of Technology University of Gothenburg Gothenburg, Sweden 2017 Delve into Malware on Browsers Finding related web content alterations between browser extensions JOEL MORIANA BECERRA © JOEL MORIANA BECERRA, 2017. Supervisor: Pablo Picazo-Sanchez Examiner: Andreas Abel Master’s Thesis 2017 Department of Computer Science and Engineering Chalmers University of Technology and University of Gothenburg SE-412 96 Gothenburg Telephone +46 31 772 1000 Typeset in LATEX Gothenburg, Sweden 2017 iv Delve into Malware on Browsers Finding related web content alterations between browser extensions JOEL MORIANA BECERRA Department of Computer Science and Engineering Chalmers University of Technology and University of Gothenburg Abstract Providing the possibility of installing extensions has become a must-have feature for all major browsers. Extensions allow users to enhance and customise the browser functionalities by, for example, modifying the appearance of the web pages, providing security suites or blocking ads. In this work, we make a first step towards monitoring web content alterations coming from extensions. In particular, we focus on the identification of relations between the mutations performed by different extensions. The study is motivated by the sequential and event-driven execution model running on web pages. That model entails that browser extensions can react to web content alterations performed by other extensions; hence, extensions have access to the data introduced by other extensions.
    [Show full text]
  • Tristan Nitot Paul Rouget Olivier Gambier Agenda
    Innovation & ‘hackability’ of the Open Web Tristan Nitot Paul Rouget Olivier Gambier Agenda • The Web is a wonderful accident • 1.2 billion citizens or 1.2 billion customers? • Tools shape society, vendors shape tools • Open Source for Open Standards Standards? Phone system • which has been improved and built-upon over time (fax machines then aDSL, VoIP and mobile) • No need to know what brand of phone you use, nor the network you subscribed to. Just dial the number! Another example: e-mail • You can use Windows, Mac OS X, Linux, *BSD, Blackberry, Gmail, Yahoo Mail, Hotmail... • ... and send messages to anyone you know who has an account, without taking care of what system he/she uses. Counter Examples • Instant Messaging (IM) • ICQ, AIM, MSN, Y!M and dozens of other local providers. • Rarely interoperable • Battle between users and networks for interoperability. • Office documents, .DOC/OOXML vs ODF Phone & IM vs Web • Phone systems are built by industrials • Users are just consumers • Same for Instant Messaging • The Web and e-mail were built by the users using Open Standards In a connected world, standards empower users and enable participation A few key concepts • The Web Server has the Web pages you want • The Network carries data between the two • Your computer has a Web browser. It’s a piece of software that displays Web pages • Search engine: A Web server that helps you find the pages you want. The Web and its original standards • HTML: how to structure a document (just a Web page) • HTTP: how to send a document over the network
    [Show full text]
  • Fingerprinting in Style: Detecting Browser Extensions Via Injected Style Sheets Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, Nick Nikiforakis
    Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, Nick Nikiforakis To cite this version: Pierre Laperdrix, Oleksii Starov, Quan Chen, Alexandros Kapravelos, Nick Nikiforakis. Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets. 30th USENIX Security Symposium, Aug 2021, Virtual, France. hal-03152176 HAL Id: hal-03152176 https://hal.archives-ouvertes.fr/hal-03152176 Submitted on 25 Feb 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Fingerprinting in Style: Detecting Browser Extensions via Injected Style Sheets Pierre Laperdrix Oleksii Starov Quan Chen Univ. Lille, CNRS, Inria Palo Alto Networks North Carolina State University Alexandros Kapravelos Nick Nikiforakis North Carolina State University Stony Brook University Abstract and a browser’s private mode) stateless tracking techniques arose that enable third parties to track users across sessions, Browser extensions enhance the web experience and have without relying
    [Show full text]
  • An Evaluation of the Google Chrome Extension Security Architecture
    An Evaluation of the Google Chrome Extension Security Architecture Nicholas Carlini, Adrienne Porter Felt, and David Wagner University of California, Berkeley [email protected], [email protected], [email protected] Abstract developers need to build extensions that are robust to at- tacks originating from malicious websites and the net- Vulnerabilities in browser extensions put users at risk by work. Extensions can read and manipulate content from providing a way for website and network attackers to websites, make unfettered network requests, and access gain access to users’ private data and credentials. Exten- browser userdata like bookmarks and geolocation. In the sions can also introduce vulnerabilities into the websites hands of a web or network attacker, these privileges can that they modify. In 2009, Google Chrome introduced be abused to collect users’ private information and au- a new extension platform with several features intended thentication credentials. to prevent and mitigate extension vulnerabilities: strong Google Chrome employs three mechanisms to prevent isolation between websites and extensions, privilege sep- and mitigate extension vulnerabilities: aration within an extension, and an extension permission system. We performed a security review of 100 Chrome extensions and found 70 vulnerabilities across 40 exten- • Privilege separation. Chrome extensions adhere to sions. Given these vulnerabilities, we evaluate how well a privilege-separated architecture [23]. Extensions each of the security mechanisms defends against exten- are built from two types of components, which are sion vulnerabilities. We find that the mechanisms mostly isolated from each other: content scripts and core succeed at preventing direct web attacks on extensions, extensions. Content scripts interact with websites but new security mechanisms are needed to protect users and execute with no privileges.
    [Show full text]
  • Towards Comprehensible and Effective Permission Systems
    Towards Comprehensible and Effective Permission Systems by Adrienne Porter Felt A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the GRADUATE DIVISION of the UNIVERSITY OF CALIFORNIA, BERKELEY Committee in charge: Professor David Wagner, Chair Professor Vern Paxson Professor Tapan Parikh Fall 2012 Towards Comprehensible and Effective Permission Systems Copyright c 2012 by Adrienne Porter Felt Abstract Towards Comprehensible and Effective Permission Systems by Adrienne Porter Felt Doctor of Philosophy in Computer Science University of California, Berkeley Professor David Wagner, Chair How can we, as platform designers, protect computer users from the threats associated with ma- licious, privacy-invasive, and vulnerable applications? Modern platforms have turned away from the traditional user-based permission model and begun adopting application permission systems in an attempt to shield users from these threats. This dissertation evaluates modern permission systems with the goal of improving the security of future platforms. In platforms with application permission systems, applications are unprivileged by default and must request permissions in order to access sensitive API calls. Developers specify the permis- sions that their applications need, and users approve the granting of permissions. Permissions are intended to provide defense in depth by restricting the scope of vulnerabilities and user consent by allowing users to control whether third parties have access to their resources. In this dissertation we investigate whether permission systems are effective at providing de- fense in depth and user consent. First, we perform two studies to evaluate whether permissions provide defense in depth: we analyze applications to determine whether developers request mini- mal sets of permissions, and we quantify the impact of permissions on real-world vulnerabilities.
    [Show full text]