Security Architecture
Security Architecture
SuperchargeBrowser is built on a "Local-First" philosophy. This document outlines our technical approach to permissions, data isolation, and application security.
SuperchargeBrowser is built on a "Local-First" philosophy. This document outlines our technical approach to permissions, data isolation, and application security.
The "All Data" Permission Explained
The "All Data" Permission Explained
When installing SuperchargeBrowser, Chrome displays the following warning:
"Read and change all your data on all websites"
We understand this looks alarming. However, this permission is a functional requirement for performance optimization, not surveillance.
When installing SuperchargeBrowser, Chrome displays the following warning:
"Read and change all your data on all websites"
We understand this looks alarming. However, this permission is a functional requirement for performance optimization, not surveillance.
Permission Scope & Justification
To deliver performance optimizations, SuperchargeBrowser requires interaction with the Document Object Model (DOM) of the pages you visit. Here is the specific technical mapping of permissions to features:
Permission Scope & Justification
To deliver performance optimizations, SuperchargeBrowser requires interaction with the Document Object Model (DOM) of the pages you visit. Here is the specific technical mapping of permissions to features:
To Block Ads & Trackers (
declarativeNetRequest):We define blocking rules that the browser enforces. This allows us to stop ad servers without needing to inspect your sensitive network traffic directly.
To Save Memory (
tabs):We monitor tab metadata (active vs. inactive state) to identify idle processes. This enables our engine to suspend unused tabs and free up RAM automatically.
To Accelerate Rendering (
scripting&host_permissions)We inject lightweight, local content scripts to handle Image Blocking, Font Optimization, and Script Throttling. Without access to the host page, these optimizations cannot run.
To Save Your Preferences (
storage)Required to store your settings, such as whitelisted domains and custom timers, so they persist between sessions. We use
chrome.storage.localto ensure this data remains sandboxed on your device. We do not sync your settings to any cloud server.To Schedule Background Tasks (
alarms)Required to run efficient internal timers that check for inactive tabs.
To Block Ads & Trackers (
declarativeNetRequest):We define blocking rules that the browser enforces. This allows us to stop ad servers without needing to inspect your sensitive network traffic directly.
To Save Memory (
tabs):We monitor tab metadata (active vs. inactive state) to identify idle processes. This enables our engine to suspend unused tabs and free up RAM automatically.
To Accelerate Rendering (
scripting&host_permissions)We inject lightweight, local content scripts to handle Image Blocking, Font Optimization, and Script Throttling. Without access to the host page, these optimizations cannot run.
To Save Your Preferences (
storage)Required to store your settings, such as whitelisted domains and custom timers, so they persist between sessions. We use
chrome.storage.localto ensure this data remains sandboxed on your device. We do not sync your settings to any cloud server.To Schedule Background Tasks (
alarms)Required to run efficient internal timers that check for inactive tabs.
Without these permissions, the extension is technically unable to improve browser performance.
Note: All of these operations are performed locally on your device. No page content or browsing history is ever transmitted to our servers.
Without these permissions, the extension is technically unable to improve browser performance.
Note: All of these operations are performed locally on your device. No page content or browsing history is ever transmitted to our servers.
Local Execution Model (Air-Gapped Logic)
Local Execution Model (Air-Gapped Logic)
Most extensions process data by sending it to a cloud server. SuperchargeBrowser reverses this model.
Most extensions process data by sending it to a cloud server. SuperchargeBrowser reverses this model.
Client-Side Logic:
All decision-making (e.g., "Should this tab be suspended?") happens 100% on your CPU.
Local Storage:
User preferences and whitelists are stored in
chrome.storage.local, which is sandboxed to your specific browser profile.
No Analytics Stream:
We do not stream your clickstream, browsing history, or page interaction data to any external endpoint.
Client-Side Logic:
All decision-making (e.g., "Should this tab be suspended?") happens 100% on your CPU.
Local Storage:
User preferences and whitelists are stored in
chrome.storage.local, which is sandboxed to your specific browser profile.
No Analytics Stream:
We do not stream your clickstream, browsing history, or page interaction data to any external endpoint.
Data Minimization
Data Minimization
We adhere to a strict policy of data minimization. We only touch data that is absolutely necessary for the utility to function.
We adhere to a strict policy of data minimization. We only touch data that is absolutely necessary for the utility to function.
Data Type
Browsing History
Page Content
Search Queries
Account Email
License Keys
Data Type
Browsing History
Page Content
Search Queries
Account Email
License Keys
Browsing History
Collection: Never Collected
Storage Location: N/A
Page Content
Collection: Never Collected
Storage Location: N/A
Search Queries
Collection: Never Collected
Storage Location: N/A
Account Email
Collection: Collected (Waitlist/PRO)
Storage Location:
Secure Merchant of Record
License Keys
Collection: Collected (PRO)
Storage Location:
Secure Merchant of Record
Collection Status
Never Collected
Never Collected
Never Collected
Collected (Waitlist/PRO)
Collected (PRO)
Collection Status
Never Collected
Never Collected
Never Collected
Collected (Waitlist/PRO)
Collected (PRO)
Storage Location
N/A
N/A
N/A
Secure Merchant of Record
Secure Merchant of Record
Storage Location
N/A
N/A
N/A
Secure Merchant of Record
Secure Merchant of Record
Supply Chain Security
Supply Chain Security
We minimize the attack surface by reducing external dependencies.
We minimize the attack surface by reducing external dependencies.
Manifest V3:
The extension is built on the latest Chrome Manifest V3 architecture, which prevents the execution of remote code.
Open Source Auditability:
We utilize trusted, standard libraries (React, Tailwind) and community-vetted blocklists.
No "Black Box" SDKs:
We do not include third-party monetization SDKs or "audience measurement" scripts found in other free extensions.
Manifest V3:
The extension is built on the latest Chrome Manifest V3 architecture, which prevents the execution of remote code.
Open Source Auditability:
We utilize trusted, standard libraries (React, Tailwind) and community-vetted blocklists.
No "Black Box" SDKs:
We do not include third-party monetization SDKs or "audience measurement" scripts found in other free extensions.
Vulnerability Reporting
Vulnerability Reporting
Security is an ongoing process. If you are a security researcher and believe you have found a vulnerability in SuperchargeBrowser, please disclose it responsibly.
Security is an ongoing process. If you are a security researcher and believe you have found a vulnerability in SuperchargeBrowser, please disclose it responsibly.
Contact: support@superchargebrowser.com (Subject: Security)
Contact:
support@superchargebrowser.com (Subject: Security)