extension and security

I'd like to know how safe it is to add extension to Zotero. Could an extension hide any "malware"?
  • A Zotero extension has full, unrestricted access to your computer. You shouldn't install it unless you trust the author.

    That said, most extensions are by known community members. If there's a specific extension you're curious about, you can ask about it here.
  • These are extensions from the plugins page so I guess everything is allright.
    Zotero OCR, by Philipp Zumstein
    Zotero QuickLook, by Mikko Rönkkö
    PDF Translate, by windingwind
  • Zotero OCR is definitely fine, developed at the University of Mannheim as part of a federally funded research project (developer is zuphilip here on the forums).

    QuickLook is also definitely fine, but doesn't work in Zotero 6, so that one is moot (maintainer is bwiernik here on the forums).

    PDF Translate is newer and the developer (hsiangyu_wong here) hasn't been around the Zotero community for as long, but the code is pretty transparent (see https://github.com/windingwind/zotero-pdf-translate/blob/main/chrome/content/scripts/zoteropdftranslate.js for the main functionality). It does, by the nature of its functionality, send the specified sections of text to the translation service you select, exposing your IP address to third parties, so you'd have to be OK with that.
  • Hi Any thoughts about zotero-pdf-preview, by windingwind? The functionality is important, but I haven't installed it because I don't have enough information on whether or not it is secure.
  • windingwind has developed an extensive set of add-ons over the last year and a half, the code is all public and the add-ons are widely used.
    Many of their add-ons do use third party services (similar to what I describe above), so you should be aware of and OK with that, but there's nothing insecure about that.
  • What do you think about the plugin "ZoteroStyle" https://github.com/MuiseDestiny/zotero-style. It seems to have a lot of useful features. Moreover, if the statistics on GITHUB are to be believed, it seems to be very popular. Nevertheless, I am sceptical.
Sign In or Register to comment.