Block Party — Deep clean your social media
Version 2.11.2 View in Chrome Web Store
Last scanned: 4 days ago
| force re-scan
Extension Details
Developer:
blockpartyapp.com
Rating:
4.9 ★
(101 ratings)
Size:
9.94MiB
Last Updated:
March 28, 2025
Users:
5,000
Developer Info:
Block Party Studio Company3790 El Camino Real #1209
Palo Alto, CA 94306-3314
US
Context-Aware Verdict
This section provides a Claude-based AI analysis that applies additional context to the risk. Results are not guaranteed to be accurate.
MEDIUM
Risk Level
Trust Factors:
- The extension has a relatively high number of users (5,000) and a good rating (4.9/5), suggesting it is a popular and well-received extension.
- The developer is a registered company (Block Party Studio Company) with a physical address, which adds some credibility.
- The extension's stated purpose of helping users "deep clean" their social media accounts aligns with the permissions it requests.
Concerns:
- The "cookies" and "webRequest" permissions are considered high-risk, as they allow the extension to access and modify browser cookies and intercept web requests, which could potentially compromise security and privacy.
- The "storage" permission allows the extension to store data locally, which could raise privacy concerns if sensitive information is stored.
- The broad host permissions allow the extension to access many or all websites, which could enable tracking of browsing activity or data theft.
Recommendations:
- While the extension appears to be from a legitimate company and has a reasonable purpose, the high-risk permissions and broad host access raise some concerns.
- Users should exercise caution and consider running the extension in a separate browser profile or sandboxed environment to limit potential risks.
- Users may want to periodically review the extension's permissions and data storage to ensure it is not overreaching or collecting unnecessary information.
- If any suspicious behavior is observed, the extension should be promptly disabled or uninstalled.
Security Analysis
This section provides a detailed analysis of the extension's security posture, without broader context. Assumes worst-case impact.
HIGH
Overall Risk
Based on 5 total findings, ranked without considering overall context, including 3 high-risk and 2 medium-risk findings.
HIGH
Broad Host Permissions
This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.
HIGH
High-Risk Permission: cookies
This extension has the cookies permission. Can access and modify browser cookies. This could potentially be used maliciously to compromise security or privacy.
HIGH
High-Risk Permission: webRequest
This extension has the webRequest permission. Can intercept and modify web requests. This could potentially be used maliciously to compromise security or privacy.
MEDIUM
Medium-Risk Permission: notifications
This extension has the notifications permission. Can show notifications.
MEDIUM
Medium-Risk Permission: storage
This extension has the storage permission. Can store data locally.
Security Analysis Details
Required Permissions:
- alarms
- cookies
- notifications
- scripting
- storage
- webRequest
Host Permissions:
- https://*.blockpartyapp.com/*
Embedded URLs (265 total):
| https://react.dev/link/special-props | https://react.dev/link/warning-keys | |
| https://react.dev/link/invalid-hook-call | https://github.com/facebook/react/issues | |
| https://github.com/facebook/react/issues/3236 | https://react.dev/link/new-jsx-transform | |
| https://github.com/uuidjs/uuid#getrandomvalues-not-supported | http://www.example.com | |
| https://app.blockpartyapp.com/ | https://www.blockpartyapp.com | |
| https://537914eda78d44f19cb91d00c5038fe1@o238475.ingest.sentry.io/4505138839093248 | https://www.blockpartyapp.com/faqs/why-is-a-setting-not-available-for-me/ | |
| https://www.blockpartyapp.com/faqs/limitations-on-x/ | https://www.facebook.com | |
| https://www.google.com | https://www.instagram.com | |
| https://www.linkedin.com | https://www.reddit.com | |
| https://www.strava.com | https://x.com | |
| https://venmo.com/ | https://www.youtube.com/ | |
| https://accounts.google.com | https://analytics.google.com | |
| https://calendar.google.com | https://docs.google.com | |
| https://drive.google.com | https://mail.google.com | |
| https://www.google.com/search | https://business.strava.com | |
| https://labs.strava.com | https://partners.strava.com | |
| https://press.strava.com | https://stories.strava.com | |
| https://support.strava.com | https://help.venmo.com/ | |
| https://www.facebook.com/privacy/consent | https://app.staging.blockpartyapp.com | |
| https://staging.privacypartyapp.com | https://app.blockpartyapp.com | |
| https://www.privacypartyapp.com | https://www.facebook.com/ | |
| https://www.facebook.com/profile.php?id= | https://accountscenter.facebook.com/profiles/ | |
| https://www.linkedin.com/in/me/edit/forms/intro/new/ | https://www.linkedin.com/mypreferences/d/settings/connections-visibility | |
| https://www.linkedin.com/mypreferences/d/settings/organization-and-interests | https://www.linkedin.com/mypreferences/d/settings/email-address-visibility | |
| https://www.linkedin.com/mypreferences/d/settings/discover-me-by-email-address | https://www.linkedin.com/mypreferences/d/settings/discover-me-by-phone-number | |
| https://www.linkedin.com/mypreferences/d/settings/manage-my-active-status | https://www.linkedin.com/mypreferences/d/categories/sign-in-and-security | |
| https://www.linkedin.com/feed/ | https://www.linkedin.com/mypreferences/d/settings/data-for-ai-improvement | |
| https://www.linkedin.com/mypreferences/d/settings/policy-and-academic-research | https://www.linkedin.com/mypreferences/d/notification-categories/searching-for-a-job | |
| https://www.linkedin.com/mypreferences/d/notification-categories/hiring-someone-job-posts | https://www.linkedin.com/mypreferences/d/notification-categories/connecting-with-others | |
| https://www.linkedin.com/mypreferences/d/notification-categories/posting-and-commenting | https://www.linkedin.com/mypreferences/d/notification-categories/messaging | |
| https://www.linkedin.com/mypreferences/d/notification-categories/groups | https://www.linkedin.com/mypreferences/d/notification-categories/pages | |
| https://www.linkedin.com/mypreferences/d/notification-categories/attending-events | https://www.linkedin.com/mypreferences/d/notification-categories/editors-choice | |
| https://www.linkedin.com/mypreferences/d/notification-categories/reports-and-insights | https://www.linkedin.com/mypreferences/d/notification-categories/updating-your-profile | |
| https://www.linkedin.com/mypreferences/d/notification-categories/verifications-notifications | https://www.linkedin.com/voyager/api/me | |
| https://www.strava.com/me | https://www.strava.com/login | |
| https://graphql.strava.com/ | https://www.strava.com/settings/privacy | |
| https://www.strava.com/settings/privacy/hide-anywhere | http://127.0.0.1/ | |
| https://www.linkedin.com/ | https://www.x.com | |
| https://www.venmo.com | https://www.strava.com/ | |
| https://www.youtube.com | https://www.youtube.com/account |
Page 1 of 4
Raw Manifest
{ "name": "Block Party — Deep clean your social media", "icons": { "128": "icons/icon128.png" }, "action": { "default_icon": { "16": "icons/icon16.png", "32": "icons/icon32.png" } }, "version": "2.11.2", "background": { "service_worker": "background/background-script.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Deep clean your social media, notifications, settings and more in just one click.", "permissions": [ "alarms", "cookies", "notifications", "scripting", "storage", "webRequest" ], "host_permissions": [ "https://*.blockpartyapp.com/*" ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "*://m.facebook.com/*", "*://www.facebook.com/*", "*://accountscenter.facebook.com/*", "*://*.venmo.com/*", "*://*.twitter.com/*", "*://*.x.com/*", "*://*.linkedin.com/*", "*://*.instagram.com/*", "*://*.strava.com/*", "*://*.reddit.com/*", "*://*.google.com/*", "*://*.youtube.com/*", "https://*.privacypartyapp.com/*", "https://*.blockpartyapp.com/*" ], "resources": [ "*.png", "dashboard/index.html", "fonts/red-hat-text-v13-latin-600.woff2", "fonts/red-hat-text-v13-latin-600italic.woff2", "fonts/red-hat-text-v13-latin-italic.woff2", "fonts/red-hat-text-v13-latin-regular.woff2", "fonts/roboto-regular.woff2", "full-screen-modal/index.html", "sidebar/index.html" ] } ], "optional_host_permissions": [ "*://*.venmo.com/*", "*://www.facebook.com/*", "*://accountscenter.facebook.com/*", "*://*.twitter.com/*", "*://*.x.com/*", "*://*.linkedin.com/*", "*://*.instagram.com/*", "*://*.strava.com/*", "*://*.reddit.com/*", "*://*.google.com/*", "*://*.youtube.com/*", "https://*.privacypartyapp.com/*" ] }
Secure Annex (beta)
Coming soon...