CRX id
pkojeiconnflehbhkcphookllfpgnjdj
pkojeiconnflehbhkcphookllfpgnjdj
Description from extension meta
Automatically flags and neutralizes suspicious webpages, helping protect users from phishing, fraud, and other digital scams.
Image from store
Description from store
Online safety through programmatic vigilance. `growl` automatically sniffs out and defangs suspicious webpages, helping prevent phishing, fraud, and other digital scams.
When a webpage is flagged as potentially suspicious, users must "opt in" in order to interact in certain ways with the site, like inputting credit-card data, personal information, or otherwise sensitive content.
As such, `growl` complements built-in browser security measures such as Google Chrome's Safe Browsing feature, providing additional content-filtering protections to enhance digital security.
`growl` is lightweight (and minimally obtrusive) -- but always has your back. It functions like a digital guardian or shoulder angel: As you browse, the extension is working hard in the background to detect threats and swinging into action to preempt them. Moreover, `growl` acts as a cybersecurity conscience of sorts, reminding users to stay vigilant with pop-out warnings upon detection of a suspicious site.
The computer security principles of *zero-trust* and *security by default* inspired `growl`'s core functionality.
Core Features
`````````````````````
***Input Blocking and Warning***
On page load, if the following two conditions are both met, automatically block input elements (with stylized growl placeholders), removing the user's ability to interact with them, and display a popup notification (in which the user has controls to turn this behavior on or off).
1. The page is classified as potentially untrusted.
2. There are interactive user-input elements on the page, like text input fields in a form.
Exception:
If user has previously whitelisted the site (either temporarily or persistently), the above behavior is overridden. The popup is still displayed, however, to remind the user the domain was initially classified as potentially suspicious, and to give them the opportunity to toggle back the controls.
***Disable Blocking (Temporary) and Whitelist (Persistent)***
The extension's popup UI gives the user the opportunity to control growl's behavior on the site now and in the future (that is, to remember the user's choice in future browsing sessions) through interactive buttons.
Detection Algorithm
`````````````````````````````
We try our best to adhere to the semantic versioning scheme as given by the SemVer spec (https://semver.org/), which states the following:
> Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
For our prototype (major version zero) releases, a "dumb" -- but effective -- detection algorithm is used to identify potentially unsafe websites. In particular, *any* webpage will be flagged if it meets both of the following criteria:
1. It resides on a very unpopular website.
2. It contains interactive text content such as form input fields.
A **very unpopular website** is defined as one whose popularity rank is outside the top 1-million domain names on the internet, according to Tranco (https://tranco-list.eu/), an independent, open-source project that ranks sites using a robust formula to combine data aggregated from several sources. Read more about their methodology at https://tranco-list.eu/methodology.
This bare-bones algorithm provides a simple yet highly effective way to combat digital fraud and scams, given that most occur on sites that receive little traffic. False alarms (false positives) are rare, as normal users don't visit highly unpopular sites very often. And when such false alarms occur, they're of little consequence -- the user can easily dismiss them if they're confident there's no threat, while the notification serves as a reminder to remain vigilant. (Note that false negatives are, of course, possible. This occurs when the algorithm fails to classify a malicious site as such, and as a result, `growl` would fail to warn the user and block content on a scammer's site. But no security product or detection algorithm is perfect, and digital risk can never be fully eliminated. Still, in the field of cybersecurity, we strive to reduce risk to an acceptable level by adopting defensive tools, policies, and behaviors. `growl` is intended to be used as _one of many_ defensive security mechanisms to achieve the goal of risk reduction-- not as the only defense!)
Future major and minor releases will hone the detection algorithm. A major enhancement we have planned on the horizon is "smart" detection -- leveraging machine-learning techniques and artificial intelligence to assess site trustworthiness.