Wilson Mar bio photo

Wilson Mar

Hello!

Calendar YouTube Github

LinkedIn

Browsers (and their Extensions on macOS)

Configure for security and productivity. Alter how websites look and what they do. But heed warnings here.

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean

Overview

Internet browsers are the most-used software apps on computers today.

Different Browsers

“Browsers” today refer to internet browsers:

  • Google Chrome = https://developer.chrome.com/extensions/overview
  • Edge (from Microsoft) accepts extensions from other browsers
  • Firefox from Mozilla
  • Safari from Apple
  • Brave (into crypto currencies)
  • Tor (The Onion Browser) to “Protect yourself against tracking, surveillance, and censorship.”

Contrast that with “Finder” used to find files and folders locally on your Apple macOS computer.

NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.

The value of this tutorial is the painstaking arrangement of a learning sequence that is both thorough yet logical.

Install browsers

The browsers themselves are installed by mac-setup.zsh script.

To enable invocation of the browser GUI from the CLI (command line Terminal), they are defined in aliases.zsh.

PROTIP: Install Tor on a cloud instance. The Tor browser was created by US intelligence. But they found out that adversaries were able to trace users’ IP addresses, even when using VPNs by Tor and others. So Tor was open-sourced.

Safe browsing

One click on a phishing email link is all it takes to get “pwned” (owned by hackers). Many websites have been setup by malicious people to steal your identity, money, and secrets.

  • Here’s how to protect yourself:

    See what you’re up against ++

  1. See if your email address appears on the “dark web” selling data extracted from a website you gave your email to.

    Hackers use leaked email accounts to send annoying and phishing emails that attempt to infect computer to extract secrets you use to access your bank account and sites that have your credit card, points, etc. ++

    With so many breaches, it’s inevitable that your email address will also eventually appear on the dark web. So do what’s on this page to protect yourself.

  2. See if your (and your family members’) age, address, and other personal information appear on a data broker website:

    Don’t give them your email and credit card number. Data Brokers make money by luring visitors into signing up for on-going subscriptions that are difficult to remove.

    There are dozens of “data brokers” offering information for sale: spokeo, beenverified, ancestry, etc. Some will remove your information if you ask. However, new brokers crop up frequently.

  3. Get a subscription for a service to continually identify and request removals for you, automatically. I have not evaluated them, but here are some:

  4. Protect your search history. Google and other search sites sell to others the search terms you type in. Instead of using Google.com directly, get search results from Google on a “anonymizing proxy website” at: ++

    ## You don’t have to do what they ask

  5. Resist giving out your phone number. That’s the number you use to authenticate and reset your passwords. When required on a web form, give them a variation of Jenny’s “867-5309” since 1981. This passive-aggressive approach tells the requester that you consider being disturbed with spam calls and texts from that requestor to be a nuisance.

  6. Install a call blocker app on your phone to block calls from known spammers: ++

    Don’t answer calls from numbers you don’t recognize. If it’s important, they’ll leave a message. ++

    Spammers are known to use these “US” area codes (among the 300+ area codes):++

    • 216: Cleveland, Ohio

    • 218: Northern Minnesota

    • 232: Sierra Leone
    • 268: Antigua and Barbuda

    • 284: British Virgin Islands

    • 332: New York City
    • 347: New York City

    • 469: Dallas, Texas

    • 473: Grenada, Carriacou and Petite Martinique
    • 649: Turks and Caicos Islands
    • 646: Manhattan (New York City)

    • 657: La Palma, California

    • 664: Montserrat
    • 712: Western Iowa
    • 767: Commonwealth of Dominica
    • 809: Dominican Republic
    • 829: Dominican Republic
    • 849: Dominican Republic
    • 876: Jamaica

  7. Get a VOIP (Voice Over Internet Protocol) phone number to give out to people. Such services enable you to automatically transfer calls to ring one or more on actual phone numbers (from a mobile carrier) of your choice.

  8. To follow-up with people you meet, lookup the other person’s LinkedIn.com profile. That way, you can block them later if needed. More importantly, LinkedIn has a way to prove that they are who they say they are, through their verification of work email addresses and government IDs, such as on my profile:

    Before connecting on LinkedIn, click on “More”, then “About this profile” to see how long ago that person joined LinkedIn. My example:

    • browsers-linkedin-more-526x243.png

    Connection requests can come from recently-created fake profiles from people who just want to sell you something.

  9. Do not post your email address and zip code on profiles on LinkedIn, GitHub, etc. to be “harvested” by hackers.

    I heard that almost anyone in the US can be uniquely identified with just an age and zip code.

  10. Don’t trust reviews on the company’s own website. Research companies on known-good websites:++

    Public reviews:

    • yelp.com of reviews by customers (and competitors)
    • twitter.com/x.com rants by trolls
    • Courthouse of lawsuits against the company

  11. Stranger Danger! Be wary of communicating with people you don’t know, especially if it’s coming from an email you’re not familiar with. Gmail now does not put an entry on your calendar unless it’s from an email address saved among your Google Contacts. ++

    Don’t scan QR codes unless it’s on a website you know you can trust. Don’t scan QR codes on a sticker. That code may take you to a website that installs bad stuff. ++

  12. Don’t be lured by greed and vanity. Be wary of prize offers. Be especially wary if urgency is expressed, meant to make you not take the time to verify their identity. ++

    Setup accounts safely

  13. Set your email to not display images unless you click. Spammers use image URLs to tell whether an email address is valid. If you click on an image or link, they know it’s valid. Malware can be installed when you click on a link or an image.

  14. Setup a different email only for banking, insurance, credit cards, and other financial transactions. That way, if your regular email is compromised, hackers won’t be able to reset your bank account password.

    This is what security pros call “segmentation” to block “lateral movement” by hackers. ++

  15. Apply for credit cards and phone plans using a different zip code than your home address because your zip code is an item of verification, such as when you use your credit card at gas stations.

    BONUS TIP: Apply for a credit card (with a low limit such as $1,500) that you use in case your wallet is lost or stolen. That way, you won’t have to wait for a replacement card to arrive in the mail. So keep that card in your suitcase zipper within an RFID-safe sleeve. Charge something on that card occasionally so it doesn’t get canceled. ++

  16. Provide fake answers used as secrets to reset your password. Generate a different answer for each website and save it on your password vault. Scammers have been known to use a pet’s name, where you were married, etc. to scam your friends and relatives. This is like having a decoy wallet to robbers. ++

    Keep your cash in a wallet under your shirt. ++

  17. Gmail has a feature to add a “+” and a word to your email address. For example, if your email address is “johndoe@gmail.com”, you can provide “johndoe+341@gmail.com” to a website. That way, you can tell if they sold your email address to spammers. Keep track of your aliases in your password manager. ++

    Gmail also has strong spam filtering. But Gmail does sell your email address and content to advertisers. So use a different email address for websites that you don’t trust. ++

  18. Install a password manager app that stores your passwords and other secrets in an encrypted vault. That way, it can tell you which password was used more than once. That way, if one of your passwords is compromised, hackers won’t be able to use it to log into your other accounts.

    It also generates new unique (“strong”) passwords for each website. That way, you won’t be tempted to use the same password for multiple websites, which is one of the most common ways people get hacked.

  19. Use your password manager to generate strong passwords for you. That way, you don’t have to remember them. And you won’t be tempted to use the same password for multiple websites, which is one of the most common ways people get hacked.

    • 1Password 7 which can store secrets locally. The “1” in “1Password” is because you only need to remember one password to unlock it. It’s available for Mac, Windows, iOS, and Android. Note that 1Password also assigns another code used to recover your vault if you forget your password.
    • Keybase.com
    • Keepass

  20. Store in your password manager the unique passphrase you give the vendor to ask of anyone who calls about your account. This is like children who ask for a passphrase to authorize anyone who picks them up. This is especially important to do with credit card and phone companies (T-mobile, Verizon, ATT, etc.). ++

  21. Provide 1Password credentials to your “digital executor” – someone you trust (such as a lawyer) to take care of your digital assets when you die or are incapacitated. That way, your family won’t have to deal with the hassle of figuring out how to get access to your accounts when needed.

  22. Make a list (and photo) of everything you take out of your home (in your purse or backpack). An inventory enables you to tell quickly whether something was stolen. In case of loss, you can more confidently and quickly file insurance claims. ++

  23. In your suitcase and in your backpack, keep a list of phone numbers and companies to call when you lose your wallet. Don’t put account numbers and expiration dates on that card. At home, keep a list of accounts automatically charging to each card so that you can switch a credit card easily. ++

  24. Install the Authy app (from Twillio) on your mobile phone to generate one-time codes for MFA (Multi-Factor Authentication). It’s also available as a Chrome extension. It works like Google Authenticator. One unique feature is its data can be backed up so you can use it on multiple devices. ++

  25. Enable MFA on all your important accounts, such as email, banking, insurance, credit cards, etc. It does take an extra bit of time, like opening doors for people who visit instead of leaving doors open for anyone to walk in.

    MFA is important because when your password is compromised, MFA blocks hackers from logging into your account.

    PROTIP: When creating a new password with 2FA/MFA, copy the backup passwords to your clipboard and save it in your password vault so that your credentials can be recovered if your phone is lost or stolen. Such storage would also enable your “digital executor” to recover your accounts without your biometrics used by “passwordless” Passkeys with Google/Chrome, Apple/Safari, Microsoft/Edge, etc. See: https://wilsonmar.github.io/passkeys

    Regular Habits for security

  26. Outside your home, swipe your phone or watch to pay with Apple Pay or Google Pay. This is to avoid clerks writing down your numbers and RFID readers that steal cards without you knowing. Since you don’t have to reach into your wallet, you can put the cards you do carry in a RFID-blocking wallet that’s more difficult to access, to make it more difficult for pickpockets. such as inside your shirt or worn around your waist: ++

  27. Make it a habit to cover your phone while you type in secrets. In public (in bars, trains, etc.), avoid people behind you. Once a criminal knows your PIN, they can grab or steal your phone and obtain your banking info for making withdrawals before you have time to change your password on a friend’s phone. ++

    Ask a friend to watch your back. Sit/stand with your back to a wall. If someone is behind you, move. Hold your purse and backpack in front of you can see when others reach in them. ++

  28. Along with something you do every day, such as taking medicines, making coffee, brushing your teeth, etc. add safety activities: ++

    • Check important accounts (email, banking, insurance, credit cards, etc.) for unusual activity. If your account is compromised, you’ll be able to promptly take action.
    • Update your software to the latest version. If you’re a mac developer: brew upgrade all
    • Shut down and Restart your phone and computer to clear out memory and processes that may have been compromised. That way, if your computer is compromised, hackers won’t be able to use it for long.

  29. Make changing passwords on important websites part of your monthly routine. That way, if your password is compromised, hackers will have less time to use it.

  30. To make it easier to get everything back when you lose your laptop, buy an external USB hard drive to backup a full copy of your laptop and phone. Frequent backups allow you to “Time Travel” to any time in the past (perhaps before particular files were “corrupted”).

    If you’re using a Mac, use Apple’s Time Machine app to backup your computer to an external hard drive.
    If you’re using Windows, use “File History” to backup.

    PROTIP: Write down each step to recreate your phone and laptop. Such a document (what security pros call a “Playbook”) can be the basis for automation. To be sure to remove any malware that may have been installed, rebuild your entire device from scratch. I created a shell script that invokes on one command on my new mac laptop: ++

    • https://wilsonmar.github.io/mac-setup explains my code at
    • https://github.com/wilsonmar/mac-setup

  31. Setup your computer to ALSO backup automatically to the cloud. That way, if your computer and external hard drive are stolen, you’ll still have a backup. ++

  32. While scheduling appointments to leave your home, also schedule time before you leave to take a backup. That way, if your computer is stolen, you won’t miss any gaps in changes made. ++

  33. Resist clicking links, buttons, and images in emails and SMS texts. They may take you to a fake website. Even if it’s a business you know, instead of action on the email or text, go to the website directly, using the web address you know is correct because you saved a bookmark to each website you frequent.

    Browser extensions for security

  34. Instead of clicking on links in emails, right-click to copy the URL (web address) to see what various investigators say about it on Google’s website stored among your browser bookmarks:

    The free service (from Google) aggregates various reports of viruses, worms, trojans, etc. found in websites and files. It also scans files.

  35. To have URLs checked automatically when you click, install Google’s Safe Browsing extension for Chrome. ++

    It warns you if a website you’re trying to visit is suspected of phishing or malware.

  36. Install a VPN (Virtual Private Network) app to encrypt your internet traffic. That way, when you’re using a public WiFi network (such as at Starbucks, airports, etc.), hackers can’t intercept your traffic and steal your secrets.

    Popular VPN services available for Mac, Windows, iOS, and Android include NordVPN and ExpressVPN. Beware that some VPN services are scams that capture everything you type and do, so research before choosing one.

  37. Install a browser extension that blocks ads and trackers (which can be malicious): ++

    • Ghostery is available for Chrome, Firefox, Safari, Opera, and Edge. ++

    PROTIP: CAUTION: Even popular browser extensions have been known to become malicious. So instead of installing extensions, find the same functionality in a website and go it it from a browser bookmark ++

  38. If you are a US citizen traveling internationally, check the U.S. State Department’s Country Information Pages for the latest information on COVID-19 restrictions and requirements. Research the rules of each city regarding visas, transportation, etc. ++

    If you are not a US citizen, check your country’s State Department website.

  39. In your calendar, plan out your route and keep it updated (but private). Plan your path through a city sp upi cam avoid walking alone (especially at night) through known bad neighborhoods and through large crowds (such as among protesters). View walking tours on the internet before visiting. My example of a tourist route: ++

    Write down your plan so that others know how to come looking for you if needed. ++

The above are just some of the tactics.

If you think of more, please let me know so I can add it here.

This article was first also published on https://www.linkedin.com/pulse/how-safeguard-your-personal-data-wilson-mar-

Resources:

  • Visit the test website to see if Google detects malicious downloads:

  • https://warrenaverett.com/insights/what-happens-if-you-click-on-a-phishing-link/

  • FTC’s guide to phishing scams to learn how to spot phishing emails and websites.

  • Test your browser’s security settings at browserleaks.com, which provides a range of test tools that evaluate the security and privacy of your web browser.

  • Install the free Malwarebytes app to scan your computer for malware. It also removes malware.

Are extensions safe?

Browser extensions are wonderful because of their ability to inject JavaScript automation code within internet browsers that modify web content users see and interact with – changing and extending the behavior of the browser itself.

That can include malicious actions such as theft of your login credentials and other secrets.

PROTIP: Use Browser Profiles

Websites (including Azure) stores your browser history, what account you logged in, etc. in “cookies” associated with your browser account.

That’s how you get returned to the last account used when you go back to a website.

PROTIP: Setup different browser profiles on the same browser, associated with different profile avatars and colors: one for each account (email).

  1. Click your browser’s avatar picture at the upper-right corner:

    • The Learn account using your personal email (such as at gmail.com).
    • The account associated with your Visual Studio benefit (using your work email)
    • Each of your work accounts (to do your job as an Administrator).

  2. Do the above for each browser (Google Chrome, Microsoft Edge, Firefox, etc.).

Can the browser:

  • detect and block access to suspicious websites, downloads and extensions
  • block access to known malicious websites (identified by virustotal.com)
  • control access to specific company web pages and applications
  • block website access to the user’s camera and microphone
  • recognize websites that offer multi-factor user authentication, then enforce its use

An administrator can:

  • view browser settings, versions and installed extensions
  • manage browsers on mobile devices
  • restrict end-user control of settings
  • force-install browser extensions
  • control which extensions browser users install
  • audit user activity logs

Such administration controls (such as JAMF) can be centralized via policies that:

  • are administered from a cloud interface
  • are integrated with other security tools
  • are applied to the browser across operating systems
  • are administered using an on-premises framework

Some extensions

  1. In Chrome, click the three vertical dots at the upper-right corner, select “More Tools”, then “Extensions”.

    Alternately, type in or click:

    chrome://extensions/

    In Firefox, click the “sandwich” icon at the upper-right corner and
    select “Add-ons”.

    PROTIP: Security-conscious companies manage browsers of their people to add extension such as “DigiCert Authentication Client Extension”.

  2. In another Chrome tab, search for Chrome Extensions at:

    https://chrome.google.com/webstore/category/extensions?hl=en

    On that website, click “Install” for one you like.

    Here are the most useful and highly-rated by a large number of people:

    • “The Great Suspender” saves memory and bandwidth by suspending tabs sleeping, because Google Chrome is a memory hog.
    • “Noscript” blocks images, javascript, fonts from loading and allow only sites you specify you trust
    • Tab Resize splits a large screens into several panes of tabs on the same page (like TMUX)

    • “Silent site sound blocker” mutes sites such as CNet which blasts sound on entry

    • “Chrome Connectivity Diagnostics” (app from Google) tests connection speeds
    • “Free Download Manager” to resume downloads that otherwise time out
    • TrafficLight (from Bitdefender) blocks malicious websites and highlights tracking cookies

    • HTTPS Everywhere (from EFF.org) ensures that you’re using HTTPS rather than HTTP protocol, to avoid man-in-the-middle attacks.

    • Picture-in-Picture Extension (by Google)
    • “Dark Reader” or “Dark Night Mode” presents any web page with a dark theme
    • Wikiwand puts a modern UI to Wikipedia pages
    • “Turn off the Lights” darkens and blurs other sections of the screen when watching a video

    • Behind the overlay enables you to view text behind pop-ups

    • 1Password, LastPass, or NordPass password manager
    • “I don’t care about cookies” removes cookie warnings
    • Google Keep to keep notes
    • Evernote web clipper
    • Asana for coordination of team tasks

    • Cisco WebEx Extension (for companies that haven’t already switched to Zoom)

    • “Noisli” plays soothing background sounds to help you focus

    • Dayboard to block websites you don’t have the discipline to avoid. It also displays your top tasks whenever you open a browser tab. So it’s better than “Citrus”.

    • Selenium IDE for automating human actions

    • Honey to find and apply discount codes for shopping
    • “The Camelizer” shows price history on Amazon, BestBuy

    • “Hunter” hunts for emails to company name you type in (registration required)

    • Grammerly spell checker (it won’t autocorrect, though)
    • “Typio Form Recovery” auto-saves form entries (may cause data leak)
    • “Print Friendly” removes text and images before printing

    • “Fireshot” captures entire page (not just what appears on your monitor)

    • NewsGuard rates websites
    • “TinEye” reverse image search to find original author
    • “AgoraPulse” (from RazorSocial) to easily share content in social media
    • “Pullbullet” transfers images & web urls among devices
    • “Chrome User Agent Switcher” to post on Instagram from a laptop rather than mobile phone
    • GoogleGIFs

    • Imagus

    • Bit.ly to shorten URLs for social sharing
    • Unshorten.Link shows where shortened links will send you

    YouTube videos about extensions:

    TODO: For other browsers

    Install Chrome Extension locally

  3. The sample code associated with Google’s tutorial at
    https://developer.chrome.com/extensions/getstarted is at
    https://developer.chrome.com/extensions/examples/tutorials/get_started_complete.zip.

    PROTIP: Google loads extensions from its website by loading zip files.

    “Browser actions” icons to the right of the star icon add functionality on most/all websites.

    Files from Google contain “Copyright 2018 The Chromium Authors” and “Use of this source code is governed by a BSD-style license” which is one of the oldest and broadly used license family in the FOSS ecosystem”.

    So those who change it code can use the “3-clause BSD License 2.0”, which Wikipedia says is compatible with almost all FOSS licenses (and as well proprietary licenses).

  4. Unzip get_started_complete.zip into folder get_started_complete.

  5. I renamed the folder and moved its files to a Git-enabled folder so I can version control changes and load it up to GitHub.com for archival and sharing.

    Remove Extension

  6. In the Extensions page, click the “Remove” associated with the extension to remove it (and reclaim disk space).

Install extension locally

Code to other examples include:

  1. View Harley Brody’s blog “So You Want to Build a Chrome Extension?” from June 5, 2013, but still relevant today.

    He wrote the “BuzzKill” Chrome Extension that automatically removes all Buzz Feed content from the browsing experience on Facebook.com.

  2. Navigate to facebook.com and login.

  3. On a new Chrome tab, On https://github.com/hartleybrody/buzzkill, click Fork to your own account, click the green “Code” and Download or clone.

  4. cd buzzkill

  5. In Chrome URL chrome://extensions/

  6. Click the slider to turn on Developer Mode at the top right to expose a menu:

    Load unpacked | Pack extension | Update

  7. Click “Load unpacked”, then select your extension’s folder.

    If you selected Google’s example, you should now see:

    browser-addon-chrome-getting-started

    PROTIP: Stay on this page. When code is changed, Chrome knows to reload your extension. You won’t need to press command+R.

    Notice “Inspect views background” in some of the extensions. See below.

  8. Click Load unpacked and navigate to buzzkill. “Make Facebook Great Again” should appear.

    NOTE: Extensions are automatically turned On upon load.

  9. Switch to Facebook tab.

    NOTE: “Page actions” icons to the left of the star icon in the address bar are for specific pages (URLs).

    Examine code for sample extension

  10. Click the url below to download file get_started_complete.zip:

    PROTIP: Google obtains extensions by loading zip files.

    Load your own extension

  11. To activate the add-on, click the extension icon at the upper-right

    browser-add-on-sample-access

  12. Click “Details” for its “Manage Extensions” page.

  13. In the add-on menu, click the three-dot icon to the right of your extension to select Pin so its icon appears on all Chrome tabs.

  14. Click on the new icon to see its menu. The default code just shows a color.

  15. Right-click on your add-on to select Options.

    The look and feel of the option UI is defined in the add-in’s options.html file invoked by the options.js file.

  16. Click on a different color.

  17. Click on the tab to a page displaying its content.

    As with other extensions, the extension applies to whatever web page your are on.

    The “Getting Started Example” default paints the background green.

  18. Click on the add-on’s icon for the add-in’s popup page_action.

  19. In the option pop-up, select the color to change the background of the current page.

    We’ll next talk about fixing the code producing this awful UI.

Files

Extensions are zipped bundles of HTML, CSS, JavaScript, images, and other files used in the web platform. Google’s “Getting Started Example” contains these default files:

In Google’s folder:

.
├── LICENSE
├── README.md
├── background.js
├── images
│   ├── get_started128.png
│   ├── get_started16.png
│   ├── get_started32.png
│   └── get_started48.png
├── manifest.json
├── options.html
├── options.js
├── popup.html
└── popup.js

In the BuzzKill folder:

├── README.md
├── bootstrap.js
├── clean.js
├── images
│   └── icon.png
├── libs
│   └── underscore.min.js
├── manifest.json
├── popup.html
└── settings.js

The manifest.json file Google reads as the “entry point”.

The BuzzKill extension, because it has permissions to work only on Facebook, is a page_action

In the manifest.json file, specify the URL Google should check every few hours to see if there is an update:

    "update_url": "https://mysite.com/myextension.xml"

JavaScript (.js) files Google calls “content scripts”.

Icons

The “icon.png” should be like the “get_started” image files – the same image in 4 different sizes 16, 32, 48, 128 pixels square. Note that the icon files are specified twice:

  "icons": {
    "16": "images/get_started16.png",
    "32": "images/get_started32.png",
    "48": "images/get_started48.png",
    "128": "images/get_started128.png"
  },

  "page_action": {
    "default_title": "Getting Started Example",
    "default_popup": "popup.html",
    "default_icon": {
      "16": "images/get_started16.png",
      "32": "images/get_started32.png",
      "48": "images/get_started48.png",
      "128": "images/get_started128.png"
    }

1. Load your extension into Chrome

Chrome injects content scripts after the DOM is complete.

Pop-up menu

Background

Code to the background listener in “Getting Started Example”

chrome.runtime.onInstalled.addListener(function() {
  chrome.storage.sync.set({color: '#3aa757'}, function() {
    console.log('The color is green.');
  });
  chrome.declarativeContent.onPageChanged.removeRules(undefined, function() {
    chrome.declarativeContent.onPageChanged.addRules([{
      conditions: [new chrome.declarativeContent.PageStateMatcher({
        pageUrl: {hostEquals: 'developer.chrome.com'},
      })],
      actions: [new chrome.declarativeContent.ShowPageAction()]
    }]);
  });
});

Change URL

  • https://thoughtbot.com/blog/how-to-make-a-chrome-extension

To listen for clicks on the browser action, pass a message (URL) to a background script.

"background": {
  "scripts": ["background.js"]
}

background.js has access to every Chrome API but cannot access the current page. As Google puts it:

// background.js
 
// Called when the user clicks on the browser action.
chrome.browserAction.onClicked.addListener(function(tab) {
  // Send a message to the active tab
  chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
    var activeTab = tabs[0];
    chrome.tabs.sendMessage(activeTab.id, {"message": "clicked_browser_action"});
  });
});

References

Tutorials referenced include:

  • https://thoughtbot.com/blog/how-to-make-a-chrome-extension

  • https://www.youtube.com/watch?v=9Tl3OmwrSaM video

  • https://www.youtube.com/watch?v=8q1_NkDbfzE&list=PLC3y8-rFHvwg2-q6Kvw3Tl_4xhxtIaNlY from codevolution

  • https://www.youtube.com/watch?v=bmxr75CV36A Google Chrome Extensions: Extension API Design Dec 7, 2009 by Google Developer Rafael Weinstein

The playlist of Google videos about Extensions from 2009

https://www.youtube.com/watch?v=e3McMaHvlBY

https://youtu.be/uh84Asy2W4s Fullstack Academy

Browsers (and their Extensions on macOS) was published on .