Why does this extension need "Access your data for all websites"?

[improwise]

Have tried to find the answer to this by searching but not been able to find it. How come this extension needs access to "Access your data for all websites"? This including usernames and passwords AFAIK makes this a quite sensitive setting.

I also do not see that permission being mentioned here:

Permissions

Mullvad Browser Extension requires the following permissions:

    management to be able to recommend third party extensions
    privacy to disable webRTC and check HTTPS-Only status
    storage to save preferences
    search to recommend other search engines
    *://*.mullvad.net/* to get proxy servers list and display your connection information (See Network requests for details)

The following permissions are optional, but are needed to use the proxy feature:

    proxy to configure and use Mullvad proxy servers
    tabs to show proxy settings from active tab
    <all_urls> to have granular proxy settings

[ruihildt]

I tried to convey this with <all_urls> to have granular proxy settings, but it seems it was not clear.

I can probably do better with the one line explanation. What do you think about the following?

<all_urls> to intercept all requests, in order to be able to specify a proxy configuration per domain

[ruihildt]

In the previous proxy implementation, we set the proxy for the whole browser. (the equivalent of setting the proxy manually through Menu > Settings > General > Network settings)

With the newest implementation (from 0.9.0), we intercept every request and then decide whether to proxy it based on the domain.

Intercepting every request requires the <all_urls> permission.

[improwise]

I tried to convey this with <all_urls> to have granular proxy settings, but it seems it was not clear.

I can probably do better with the one line explanation. What do you think about the following?

<all_urls> to intercept all requests, in order to be able to specify a proxy configuration per domain

Must admit that I am not up to date with permissions these days but is "Access your data for all websites" really needed to access URLs or is there a more limited way of getting that without getting all the rest?

If the "Access your data for all websites" permission is really required, I think it needs to be mentioned a bit more clearly why and perhaps also in layman terms what it means. That said, I can also see how that could perhaps trigger concern that isn't warranted due to the fact that I assume that nothing more than accessing the URLs is actually used in the extension. Then of course we have people like me more concerned about finding that that permission was needed without it being clearly mentioned or me understanding why (to begin with).

Thanks.

[ruihildt]

Must admit that I am not up to date with permissions these days but is "Access your data for all websites" really needed to access URLs or is there a more limited way of getting that without getting all the rest?

Yes it is needed. Permissions can be sometimes too broad for the use case, but nothing we can do about it.