Taho
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Taho is the community-owned Web3 wallet.
It’s got everything you need for DeFi + NFTs, plus lots of awesome features to love:
- An awesome Ledger integration
- A beautiful NFT gallery
- Swaps with no hidden fees
It's also the safest way to connect to web3:
- Taho is 100% open source
- You have full control over your coin
- Independently audited
- We respect your privacy
Install Taho to get started today!
Tags
Privacy Practices
Security Analysis — Taho
Permissions
Code Patterns Detected
External Connections
Package Contents 327 files · 88MB
What This Extension Does
Taho is a community-owned Web3 wallet that provides DeFi and NFT features, Ledger integration, and secure connection to web3. It's designed for users who want to manage their cryptocurrencies and digital assets securely. With over 40,000 users, it's a popular choice in the Lifestyle/social category.
Permissions Explained
- alarmsexpected: This permission allows Taho to display notifications on your browser.
Technical: Taho uses this permission to send push notifications to users when they have new transactions or updates. This is a standard Chrome API for sending notifications, and it does not grant access to sensitive data. - storageexpected: This permission allows Taho to store data locally on your device.
Technical: Taho uses this permission to store user data, such as wallet information and transaction history. This is a standard Chrome API for storing data locally, but it does grant access to sensitive data if compromised. ⚠ 1 - unlimitedStoragecheck this: This permission allows Taho to store an unlimited amount of data on your device.
Technical: Taho uses this permission to store large amounts of user data, such as wallet information and transaction history. This is a high-risk permission that grants access to sensitive data if compromised. ⚠ 1 - activeTabexpected: This permission allows Taho to access the currently active tab in your browser.
Technical: Taho uses this permission to monitor user activity and detect when they are interacting with web3 applications. This is a standard Chrome API for accessing tab data, but it does grant access to sensitive information if compromised. ⚠ 1 - notificationsexpected: This permission allows Taho to display notifications on your browser.
Technical: Taho uses this permission to send push notifications to users when they have new transactions or updates. This is a standard Chrome API for sending notifications, and it does not grant access to sensitive data.
Your Data
Taho accesses user data on your device, including wallet information and transaction history. It sends this data to various domains, including gov.tally.cash, sea1.discourse-cdn.com, and raw.githubusercontent.com.
Technical Details
Code Findings
Taho has an unnecessary permission to store an unlimited amount of data on your device. This could potentially lead to sensitive information being compromised if the extension is hacked.
Technical: The extension uses the unlimitedStorage permission, which grants access to sensitive data if compromised. This is not necessary for the stated purpose of the extension and should be removed.
💡 Extensions often need to store user data locally, but this permission is excessive and unnecessary.
Taho has access to the currently active tab in your browser. This could potentially lead to sensitive information being compromised if the extension is hacked.
Technical: The extension uses the activeTab permission, which grants access to sensitive information if compromised. This is necessary for the stated purpose of the extension, but it's still a high-risk permission that should be carefully monitored.
💡 Extensions often need to monitor user activity and detect when they are interacting with web3 applications.
Taho has access to your device's storage. This could potentially lead to sensitive information being compromised if the extension is hacked.
Technical: The extension uses the storage permission, which grants access to sensitive data if compromised. This is necessary for the stated purpose of the extension, but it's still a high-risk permission that should be carefully monitored.
💡 Extensions often need to store user data locally.
Taho has some concerning permissions and potential data exposure risks. While it's designed for secure web3 interactions, its excessive storage permission and access to sensitive information raise concerns. Users should carefully review the extension's permissions and consider alternative options.