That Steam login they use is safe and it's used on many other websites.
But I don't know from where you found the information that there are giveaways that don't need the extension. That's not true. Here's a quote from their site:
"You can not receive a key without "GiveAway.su Checker" installed, as it is used to verify your completion of the tasks (joining groups, voting and etc.)."
Comment has been collapsed.
So I'm wrong, I thought there were giveaways that didn't need the extension. That way there's not much to do.
Comment has been collapsed.
Their other site, givee.club, hosts giveaways without the extension.
Comment has been collapsed.
This type of login from Steam to third party sites is safe anywhere. Steam specifically created it for the purpose of third party sites. It doesn't require you to type in your password.
I've been using givee.club so far without problems. But I also know some of my friends are using giveaway.su without problems although I won't do it because of the extension.
Comment has been collapsed.
It's OpenID, you don't even enter ID or password if you are already logged in on that browser. It's as safe as any other site that uses OpenID.
Comment has been collapsed.
been using it for quite a while and have gotten many keys from both of their sites without any issues. I will say this tho if I am not logged into steam when I enter a site. I exit and go to steam directly and do it then come back and take care of business.
Comment has been collapsed.
Login to steam is safe on <any site>
(as long as the login page is the true steam thing, not a fake phishing page designed to steal your credentials)
the extension on the other hand is a different story!
PS: all giveaways on g su site require the extension
Comment has been collapsed.
RE: site & extension
I was once curious and I tried to inspect the CRX extension and the site JS source code a while back... let me tell you it is highly obfuscated, encoded in a convoluted manner, and includes a number of anti-debugging measures to prevent you from easily inspecting the source code!
For example, when you load the g.su site with the browser devtools open, it will enter a deliberate infinite loop of debug breakpoints to prevent inspection. now there is a workaround for this, but this is just an example of the type of things it tries to prevent you from seeing what it does.
Given the permissions requested in the manifest.json file, I would say it is at the very least injecting ads in these sites (vk, insta, fb, yt, reddit, etc.), or doing more evil things...
let me clarify here, the extension code itself is obviously clean (otherwise they won't be able to submit it to the addon store), but the way it works is it calls the server and the response received is then interpreted and executed (i.e remote code execution), which means whatever the server responds with can change any time, so even if it was doing something malicious, it could be selectively sending these payload to escape easy detection, you just can't know for sure without some serious effort to study it...
Comment has been collapsed.
21 Comments - Last post 41 minutes ago by hbarkas
106 Comments - Last post 1 hour ago by hbarkas
2,039 Comments - Last post 2 hours ago by Ledyba
10 Comments - Last post 2 hours ago by Georgeous
35 Comments - Last post 3 hours ago by reigifts
1,120 Comments - Last post 3 hours ago by root777
406 Comments - Last post 4 hours ago by mramsterdam
153 Comments - Last post 12 minutes ago by skincriedon
31 Comments - Last post 19 minutes ago by ayuinaba
31,386 Comments - Last post 20 minutes ago by xeos23
166 Comments - Last post 22 minutes ago by DudeNukem
868 Comments - Last post 45 minutes ago by Vexterion
2,319 Comments - Last post 51 minutes ago by Almostn33t
402 Comments - Last post 1 hour ago by Codric
Hello, I would like to know whether Steam login on giveaway.su is safe or not.
Obviously their extension is not up for debate, it's clearly not secure.
However, there are giveaways on their website that don't need the extension, so is it worth it?
Comment has been collapsed.