extension and security

malev

Hi,
I'd like to know how safe it is to add extension to Zotero. Could an extension hide any "malware"?

dstillman

A Zotero extension has full, unrestricted access to your computer. You shouldn't install it unless you trust the author.

That said, most extensions are by known community members. If there's a specific extension you're curious about, you can ask about it here.

malev

These are extensions from the plugins page so I guess everything is allright.
Zotero OCR, by Philipp Zumstein
Zotero QuickLook, by Mikko Rönkkö
PDF Translate, by windingwind

adamsmith

Zotero OCR is definitely fine, developed at the University of Mannheim as part of a federally funded research project (developer is zuphilip here on the forums).

QuickLook is also definitely fine, but doesn't work in Zotero 6, so that one is moot (maintainer is bwiernik here on the forums).

PDF Translate is newer and the developer (hsiangyu_wong here) hasn't been around the Zotero community for as long, but the code is pretty transparent (see https://github.com/windingwind/zotero-pdf-translate/blob/main/chrome/content/scripts/zoteropdftranslate.js for the main functionality). It does, by the nature of its functionality, send the specified sections of text to the translation service you select, exposing your IP address to third parties, so you'd have to be OK with that.

malev

Thanks !