That Steam login they use is safe and it's used on many other websites.
But I don't know from where you found the information that there are giveaways that don't need the extension. That's not true. Here's a quote from their site:
"You can not receive a key without "GiveAway.su Checker" installed, as it is used to verify your completion of the tasks (joining groups, voting and etc.)."
Comment has been collapsed.
So I'm wrong, I thought there were giveaways that didn't need the extension. That way there's not much to do.
Comment has been collapsed.
Their other site, givee.club, hosts giveaways without the extension.
Comment has been collapsed.
This type of login from Steam to third party sites is safe anywhere. Steam specifically created it for the purpose of third party sites. It doesn't require you to type in your password.
I've been using givee.club so far without problems. But I also know some of my friends are using giveaway.su without problems although I won't do it because of the extension.
Comment has been collapsed.
It's OpenID, you don't even enter ID or password if you are already logged in on that browser. It's as safe as any other site that uses OpenID.
Comment has been collapsed.
been using it for quite a while and have gotten many keys from both of their sites without any issues. I will say this tho if I am not logged into steam when I enter a site. I exit and go to steam directly and do it then come back and take care of business.
Comment has been collapsed.
Login to steam is safe on <any site>
(as long as the login page is the true steam thing, not a fake phishing page designed to steal your credentials)
the extension on the other hand is a different story!
PS: all giveaways on g su site require the extension
Comment has been collapsed.
RE: site & extension
I was once curious and I tried to inspect the CRX extension and the site JS source code a while back... let me tell you it is highly obfuscated, encoded in a convoluted manner, and includes a number of anti-debugging measures to prevent you from easily inspecting the source code!
For example, when you load the g.su site with the browser devtools open, it will enter a deliberate infinite loop of debug breakpoints to prevent inspection. now there is a workaround for this, but this is just an example of the type of things it tries to prevent you from seeing what it does.
Given the permissions requested in the manifest.json file, I would say it is at the very least injecting ads in these sites (vk, insta, fb, yt, reddit, etc.), or doing more evil things...
let me clarify here, the extension code itself is obviously clean (otherwise they won't be able to submit it to the addon store), but the way it works is it calls the server and the response received is then interpreted and executed (i.e remote code execution), which means whatever the server responds with can change any time, so even if it was doing something malicious, it could be selectively sending these payload to escape easy detection, you just can't know for sure without some serious effort to study it...
Comment has been collapsed.
765 Comments - Last post 26 minutes ago by grimfandango8888
0 Comments - Created 27 minutes ago by PaganFears
43 Comments - Last post 1 hour ago by Qnemes
70 Comments - Last post 1 hour ago by orono
12 Comments - Last post 1 hour ago by orono
17 Comments - Last post 2 hours ago by SeaGoblin
345 Comments - Last post 3 hours ago by Vasharal
28 Comments - Last post 2 minutes ago by ERROR989
115 Comments - Last post 7 minutes ago by Axelflox
45 Comments - Last post 28 minutes ago by s4k1s
16 Comments - Last post 33 minutes ago by Fluffster
34 Comments - Last post 49 minutes ago by Mets9
42 Comments - Last post 50 minutes ago by Thexder
414 Comments - Last post 1 hour ago by Dragonnx
Hello, I would like to know whether Steam login on giveaway.su is safe or not.
Obviously their extension is not up for debate, it's clearly not secure.
However, there are giveaways on their website that don't need the extension, so is it worth it?
Comment has been collapsed.