Kee needs a variety of permissions to help you to manage your credentials.
Our position is that we will only ask for those that we require (following the principle of least privilege). However, considering the sensitive nature of the data that the extension has access to, we feel that the precise list of permissions needed is nowhere near as critical as the trust gained from the Open Source nature of our software. If you are here looking for reassurance before accepting a permissions prompt, we recommend that you have first familiarised yourself with why being Open Source is even more important than the details on this page.
The necessary permissions were slightly adjusted for Kee version 3.12. Using Kee 3.11 or earlier?
The permissions
| Technical names | Firefox names | Chrome names | Used for |
|---|---|---|---|
| "tabs" and "activeTab" | Access browser tabs | Your tabs and browsing activity | Core functionality such as detecting web page locations, titles and working around various Firefox and Chrome bugs that would otherwise prevent Kee from functioning correctly |
| "<all_urls>" | Access your data for all websites | Your data on all the websites you visit | It’s not possible for Kee to predict which web pages you will need to sign in to so we must request access to all pages. Your browser may give you more detailed options but we recommend always using the intended behaviour of "enabled on all websites" because this is the only configuration that we have tested and can support. You may have luck with manually enabling additional restrictions if you have a very specific use case for the Kee extension. It is likely that any attempt to avoid enabling this permission (if indeed that is even possible in your browser) will break Kee and at least require a browser restart after each re-configuration to get some parts working and avoid significant performance impacts, memory leaks, etc. |
| "contextMenus" | - | - | The context menu that is shown when you right click your mouse on a web page |
| "privacy" | Read and modify privacy settings | - | Preventing the built-in password manager conflicting with Kee |
| "storage" and "unlimitedStorage" | Store unlimited amount of client-side data | - | Storing information essential for connecting to your password database and Kee options |
| "clipboardWrite" | Input data to the clipboard | Data you copy and paste | Generating new passwords and copying existing credentials to your clipboard |
| "webNavigation" | Access browser activity during navigation | Your browsing history | Know when a tab is loading a new web page so we can search for sign-in forms on that page, etc. |
| "webRequest" and "webRequestAuthProvider" | - | - | Log you in to websites that send network authentication requests (also known as HTTP Auth) |
| "notifications" | Display notifications to you | - | Display temporary notifications about important events |
| "idle" | ? | ? | Defer automatic updates to a time when you aren’t using your browser (8 hours maximum delay) |
| "alarms" | ? | ? | Allowing internal operations to occur after a delay or on a regular basis |
| "scripting" | ? | ? | The reliable enabling of the Kee Vault website and all the tabs that were already open when the extension is installed/updated |
| "offscreen" | ? | ? | Working around Chromium MV3 limitations that prevent DOM access for features such as copying a password to the clipboard |
Please note that the technical names are the real permissions that are made available to Kee. Web browsers frequently change the name and description of these permissions (as well as displaying them in languages other than English). Some displayed permissions may cover more than one technical permission and this mapping of displayed permission to real (technical) permission may be changed by browsers at any time, potentially creating an illusion that Kee has added/removed required permissions when this is not the case. In some cases, one browser will display a permission message while another determines that the permission does not need to be explicitly presented to you. Again, this may change in each browser version and we can’t promise to keep this page up to date with every change that the various browser creators make.
Optional vs Required
In future it may be possible for some permissions to be requested during your use of Kee, rather than at the initial installation time. All new permissions we add will be made optional if it is technically feasible to do so. We have also considered the feasibility of making existing required permissions optional and found that it is not possible although in a couple of cases some future changes to Kee features may allow this to be reconsidered.
| Technical names | Can be optional? | When is it needed or why is it always required? |
|---|---|---|
| "tabs" and "activeTab" | N | Extension cannot start or function without these permissions. |
| "<all_urls>" | N | Unlikely to be practical for users to manually whitelist every web page; No technical possibility to control this permission at runtime due to differences between Chrome and Firefox at least until mid-2024. |
| "contextMenus" | N | No technical possibility to control this permission at runtime. |
| "privacy" | N | No technical possibility to control this permission at runtime. |
| "storage" and "unlimitedStorage" | N | Need for more than 5MB of storage space will be reached at an unpredictable time and not as a result of a user-triggered event so requesting permission is both too late and not technically possible. |
| "clipboardWrite" | N | Current password generation feature creates the requirement for clipboard access from non-user-triggered events and thus can not trigger an optional permissions request. This can be reconsidered if the generation of new passwords changes in future. |
| "webNavigation" | N | Extension cannot function without this permission. |
| "webRequest" and "webRequestAuthProvider" | N | Extension cannot function without these permissions. |
| "notifications" | N | Notifying a user to request the display of notifications using a permission that is otherwise never mentioned to them seems counter-intuitive, even confusing. |
| "idle" | N | Interrupting a user to request their permission to delay interrupting them in future makes no sense. |
| "alarms" | N | Extension cannot function without this permission. |
| "scripting" | N | Extension cannot function without this permission. |
| "offscreen" | N | Extension cannot function without this permission (at least in Chromium based browsers). |
Further reading
For more information about browser extension permissions, we recommend these articles: