That Steam login they use is safe and it's used on many other websites.
But I don't know from where you found the information that there are giveaways that don't need the extension. That's not true. Here's a quote from their site:
"You can not receive a key without "GiveAway.su Checker" installed, as it is used to verify your completion of the tasks (joining groups, voting and etc.)."
Comment has been collapsed.
So I'm wrong, I thought there were giveaways that didn't need the extension. That way there's not much to do.
Comment has been collapsed.
Their other site, givee.club, hosts giveaways without the extension.
Comment has been collapsed.
This type of login from Steam to third party sites is safe anywhere. Steam specifically created it for the purpose of third party sites. It doesn't require you to type in your password.
I've been using givee.club so far without problems. But I also know some of my friends are using giveaway.su without problems although I won't do it because of the extension.
Comment has been collapsed.
It's OpenID, you don't even enter ID or password if you are already logged in on that browser. It's as safe as any other site that uses OpenID.
Comment has been collapsed.
been using it for quite a while and have gotten many keys from both of their sites without any issues. I will say this tho if I am not logged into steam when I enter a site. I exit and go to steam directly and do it then come back and take care of business.
Comment has been collapsed.
Login to steam is safe on <any site>
(as long as the login page is the true steam thing, not a fake phishing page designed to steal your credentials)
the extension on the other hand is a different story!
PS: all giveaways on g su site require the extension
Comment has been collapsed.
RE: site & extension
I was once curious and I tried to inspect the CRX extension and the site JS source code a while back... let me tell you it is highly obfuscated, encoded in a convoluted manner, and includes a number of anti-debugging measures to prevent you from easily inspecting the source code!
For example, when you load the g.su site with the browser devtools open, it will enter a deliberate infinite loop of debug breakpoints to prevent inspection. now there is a workaround for this, but this is just an example of the type of things it tries to prevent you from seeing what it does.
Given the permissions requested in the manifest.json file, I would say it is at the very least injecting ads in these sites (vk, insta, fb, yt, reddit, etc.), or doing more evil things...
let me clarify here, the extension code itself is obviously clean (otherwise they won't be able to submit it to the addon store), but the way it works is it calls the server and the response received is then interpreted and executed (i.e remote code execution), which means whatever the server responds with can change any time, so even if it was doing something malicious, it could be selectively sending these payload to escape easy detection, you just can't know for sure without some serious effort to study it...
Comment has been collapsed.
41 Comments - Last post 29 minutes ago by icaio
36 Comments - Last post 57 minutes ago by jiggakills
29 Comments - Last post 1 hour ago by Dahljinx
40 Comments - Last post 2 hours ago by medion
12 Comments - Last post 3 hours ago by Provos
15,584 Comments - Last post 5 hours ago by BlazeHaze
1,512 Comments - Last post 7 hours ago by bttr
6 Comments - Last post 4 minutes ago by icaio
194 Comments - Last post 18 minutes ago by Janediel
55 Comments - Last post 22 minutes ago by icaio
26,805 Comments - Last post 28 minutes ago by PastelLicuado
1,200 Comments - Last post 39 minutes ago by icaio
49 Comments - Last post 47 minutes ago by Aerctaure
15,323 Comments - Last post 1 hour ago by Rosebonbon
Hello, I would like to know whether Steam login on giveaway.su is safe or not.
Obviously their extension is not up for debate, it's clearly not secure.
However, there are giveaways on their website that don't need the extension, so is it worth it?
Comment has been collapsed.