That Steam login they use is safe and it's used on many other websites.
But I don't know from where you found the information that there are giveaways that don't need the extension. That's not true. Here's a quote from their site:
"You can not receive a key without "GiveAway.su Checker" installed, as it is used to verify your completion of the tasks (joining groups, voting and etc.)."
Comment has been collapsed.
So I'm wrong, I thought there were giveaways that didn't need the extension. That way there's not much to do.
Comment has been collapsed.
Their other site, givee.club, hosts giveaways without the extension.
Comment has been collapsed.
This type of login from Steam to third party sites is safe anywhere. Steam specifically created it for the purpose of third party sites. It doesn't require you to type in your password.
I've been using givee.club so far without problems. But I also know some of my friends are using giveaway.su without problems although I won't do it because of the extension.
Comment has been collapsed.
It's OpenID, you don't even enter ID or password if you are already logged in on that browser. It's as safe as any other site that uses OpenID.
Comment has been collapsed.
been using it for quite a while and have gotten many keys from both of their sites without any issues. I will say this tho if I am not logged into steam when I enter a site. I exit and go to steam directly and do it then come back and take care of business.
Comment has been collapsed.
Login to steam is safe on <any site>
(as long as the login page is the true steam thing, not a fake phishing page designed to steal your credentials)
the extension on the other hand is a different story!
PS: all giveaways on g su site require the extension
Comment has been collapsed.
RE: site & extension
I was once curious and I tried to inspect the CRX extension and the site JS source code a while back... let me tell you it is highly obfuscated, encoded in a convoluted manner, and includes a number of anti-debugging measures to prevent you from easily inspecting the source code!
For example, when you load the g.su site with the browser devtools open, it will enter a deliberate infinite loop of debug breakpoints to prevent inspection. now there is a workaround for this, but this is just an example of the type of things it tries to prevent you from seeing what it does.
Given the permissions requested in the manifest.json file, I would say it is at the very least injecting ads in these sites (vk, insta, fb, yt, reddit, etc.), or doing more evil things...
let me clarify here, the extension code itself is obviously clean (otherwise they won't be able to submit it to the addon store), but the way it works is it calls the server and the response received is then interpreted and executed (i.e remote code execution), which means whatever the server responds with can change any time, so even if it was doing something malicious, it could be selectively sending these payload to escape easy detection, you just can't know for sure without some serious effort to study it...
Comment has been collapsed.
19 Comments - Last post 2 minutes ago by vlbastos
26 Comments - Last post 2 hours ago by m0r1arty
16,494 Comments - Last post 2 hours ago by leecee
47,234 Comments - Last post 4 hours ago by ManOman
575 Comments - Last post 5 hours ago by RobbyRatpoison
379 Comments - Last post 6 hours ago by Rosales
102 Comments - Last post 6 hours ago by Reidor
395 Comments - Last post 1 minute ago by Subspace
174 Comments - Last post 18 minutes ago by RosimInc
174 Comments - Last post 21 minutes ago by belarus56
55 Comments - Last post 23 minutes ago by CrabdaddyLonglegs
75 Comments - Last post 31 minutes ago by Delisper
23 Comments - Last post 46 minutes ago by ormax3
937 Comments - Last post 47 minutes ago by Phantomreader42
Hello, I would like to know whether Steam login on giveaway.su is safe or not.
Obviously their extension is not up for debate, it's clearly not secure.
However, there are giveaways on their website that don't need the extension, so is it worth it?
Comment has been collapsed.