Before we get to that though, we want to make it clear that we will never include any kind of malicious code in our scripts. We will never purposely try to adversely affect your Turking, make permanent changes to your computer or try to spy on private information. (In fact, Greasemonkey provides no way for anyone to do those last two.) But, since you shouldn't just believe us - read on!!
Some Facts About How GreaseMonkey Works
- GreaseMonkey scripts only work on those webpages listed in the header of each script. We limit our scripts to working only on the pages where they're needed (typically just certain sets of pages within www.mturk.com and sometimes pages needed for specific HITs, such as www.amazon.com/s for Amazon searches), as recommended. When extra data (e.g. an image) is needed by one of our scripts, we encode the image into the script itself, rather than having it be fetched from some third party server. This not only speeds things up (you don't have to wait for the third party server to respond), but avoids the risk of other parties tracking your online activity.
- GreaseMonkey (at least after v0.3.5) cannot access your local files. So, a GreaseMonkey script can't read any information stored on your computer, it can only work with webpages that you open. (The small exception to this is that GreaseMonkey allows scripts to store settings on your computer - for example a script might store your preferred number of results to show on a search page so that this is remembered from one session to the next. Each script can only access its own settings - nothing else.)
- GreaseMonkey scripts are, by construction, open source. That means that, for any script that you install or have installed you can view the Javascript source code for the script. (There's an option to do this when you install a new script, after that you can access the script source through the "Manage User Scripts" dialog.) So, if you're suspicious of a script and you know Javascript you can look through the source and check that it's not trying to do anything of dubious intent. If you don't know Javascript, find a friend who does, buy them a coffee (Javascript...... java...... coffee......) and have them read through the source code for you.
Articles on Greasemonkey Security
As with most things, you can find a lot of discussion online about GreaseMonkey and security issues. Here are a few useful links:
- GreaseSpot: The official GreaseMonkey blog has discussion of all things GreaseMonkey, including security updates. Subscribe to their feed!
- Entry on GreaseMonkey Security over the at the GreaseSpot Wiki.
- An article on Peter Laird's blog discussing the Greasemonkey security model.
Disclaimer
Our scripts are provided "as-is". We always aim to provide a well-tested and useful script that aids in your Turking and causes no adverse effects. Given the huge variety of configurations on which our scripts might be used we can never guarantee that something won't go wrong. We take no responsibility for any inconvenience, increased rejection rate, blocking by a requester, loss of income or damage or any other problem that use of our scripts might cause. We recommend that you only use HIT-specific scripts on HITs that you're very familiar with. When you use HIT-specific scripts, treat it as if you were starting a new type of HIT with a new Requester - try doing a few, then wait to be sure that they're getting accepted.
RSS Feed
No comments:
Post a Comment