That's one cautionary note making the rounds along with a popular new extension for Firefox that lets people customize Web pages they visit without the knowledge or cooperation of Web publishers. The extension, dubbed Greasemonkey, lets people run what's known as a "user script," which alters a Web page as the page is downloaded.
That capability has gained the extension an avid following of Web surfers who want to customize the sites they visit, removing design glitches and stripping sites of ads. But the extension comes with substantial security risks and could stir trouble among site owners who object to individual, custom redesigns of their pages.
Greasemonkey, an add-on for the popular Firefox browser, lets surfers customize the sites they visit. Using the extension, one could, for example, jump directly to "printer-friendly," and ad-free, stories on news sites.
The catch is that the type of scripts used to enable the customization can also be used by cyberthugs to make mischief on people's PCs. Caution, then, is advised.
The idea of letting Web site visitors alter pages they visit isn't new. Many pages use the World Wide Web Consortium's Cascading Style Sheets recommendation to let users do just that--adjust colors, font sizes and other style elements.
Greasemonkey goes well beyond such superficial changes. Among other things, Greasemonkey can strip out ads, a feature that's sure to prove controversial with publishers, if it crosses over to the mainstream.
Web site customization tools that give Web surfers the ability to "rip and mix" Web page elements have drawn fire in the past when publishers balked at alterations. Google, for example,after it released a toolbar that offers Web surfers the option of inserting hyperlinks into pages through its AutoLink feature.
In 2001, Microsoftin Windows XP, which would have linked words in a Web page to pages of Microsoft's choosing.
By manipulating the Dynamic HTML, or DHTML, of a Web page, Greasemonkey scripts can perform a host of tasks, according to the GreaseMonkey UserScripts page. They can, for example, transform story links on The New York Times site and take readers to ad-free, printable versions. They can also change Slashdot's colors and make the site "less ugly," the page says.
Adding hyperlinks where
there weren't any before
is like hijacking a Web
site, some critics say.
Others are designed to execute more substantial changes, such as making connections to Yahoo Mail and Gmail more secure. One, called "Butler," is meant to remove ads on Google results pages, add links to competing search sites, and remove image copy restrictions from Google Print. (CNET News.com's tests of various scripts showed that some were more successful than others at delivering promised results.)
In what could signal a trend toward user scripts, Norwegian browser maker Opera Software has picked up the idea, adding similar functionality to beta 3 of Opera 8, acknowledging Greasemonkey on its Web site.
Regardless of how Web sites react to Greasemonkey--Google wasn't immediately available for comment on the various Google-oriented Greasemonkey scripts--the extension will have to face down substantial security concerns.
The trouble with Greasemonkey and user scripts in general is that scripts can be used for both good and ill, and end users scanning