Kee needs a variety of permissions to deliver it’s functionality to you.
The permissions
| Technical names | Firefox names | Chrome names | Used for |
|---|---|---|---|
| "tabs" and "activeTab" | Access browser tabs | Your tabs and browsing activity | Core functionality such as detecting web page locations, titles and working around various Firefox and Chrome bugs that would otherwise prevent Kee from functioning correctly |
| "<all_urls>" | Access your data for all websites | Your data on all the websites you visit | It’s not possible for Kee to predict which web pages you will need to sign in to so we must request access to all pages. Note that the behaviour of this permission is changing during 2018 and 2019 so that your browser will give you additional options - we recommend using the intended behaviour of "enabled on all websites" because this is the only configuration that we have tested and can support but you may have luck with enabling additional restrictions if you have a very specific use case for the Kee extension. |
| "contextMenus" | - | - | The context menu that is shown when you right click your mouse on a web page |
| "privacy" | Read and modify privacy settings | - | Prevent the built-in password manager conflicting with Kee |
| "storage" and "unlimitedStorage" | Store unlimited amount of client-side data | - | Stores information essential for connecting to KeePass and Kee options |
| "clipboardWrite" and "clipboardRead" | Input data to the clipboard and Get data from the clipboard | Data you copy and paste | Generate new passwords |
| "webNavigation" | Access browser activity during navigation | Your browsing history | Know when a tab is loading a new web page so we can search for sign-in forms on that page, etc. |
| "webRequest" and "webRequestBlocking" | - | - | Log you in to websites that send network authentication requests (also known as HTTP Auth) |
| "notifications" | Display notifications to you | - | Display temporary notifications about important events |
| "idle" | - | - | Defer automatic updates to a time when you aren’t using your browser (8 hours maximum delay) |
Please note that the technical names are the real permissions that are made available to Kee. Web browsers frequently change the name and description of these permissions (as well as displaying them in languages other than English). Some displayed permissions may cover more than one technical permission and this mapping of displayed permission to real (technical) permission may be changed by browsers at any time, potentially creating an illusion that Kee has added/removed required permissions when this is not the case. In some cases, one browser will display a permission message while another determines that the permission does not need to be explicitly presented to you. Again, this may change in each browser version and we can’t promise to keep this page up to date with every change that the various browser creators make.
Optional vs Required
As of 2019 it may be possible for some permissions to be requested during your use of Kee, rather than at the initial installation time. All new permissions we add will be made optional if it is technically feasible to do so. We have also considered the feasibility of making existing required permissions optional and found that it is not possible although in a couple of cases some future changes to Kee features may allow this to be reconsidered.
| Technical names | Can be optional? | When is it needed or why is it always required? |
|---|---|---|
| "tabs" and "activeTab" | N | Extension cannot start or function without these permissions. |
| "<all_urls>" | N | Unlikely to be practical for users to manually whitelist every web page; No technical possibility to control this permission at runtime. |
| "contextMenus" | N | No technical possibility to control this permission at runtime. |
| "privacy" | N | No technical possibility to control this permission at runtime. |
| "storage" and "unlimitedStorage" | N | Need for more than 5MB of storage space will be reached at an unpredictable time and not as a result of a user-triggerred event so requesting permission is both too late and not technically possible. |
| "clipboardWrite" and "clipboardRead" | N | Current password generation feature creates the requirement for clipboard access from non-user-triggerred events and thus can not trigger an optional permissions request. This can be reconsidered if the generation of new passwords changes in future. |
| "webNavigation" | N | Extension cannot function without this permission. |
| "webRequest" and "webRequestBlocking" | N | Extension cannot function without these permissions. |
| "notifications" | N | Notifying a user to request the display of notifications using a permission that is otherwise never mentioned to them seems counter-intuitive, even confusing. |
| "idle" | N | Interrupting a user to request their permission to delay interrupting them in future makes no sense. |
Further reading
For more information about browser extension permissions, we recommend these articles: