When you install Zero Hour, Chrome shows you two install warnings: access to your eBay sites (the 18 eBay regional domains plus zerohourbid.com) and permission to show notifications. That's the entire user-facing install prompt.
Behind those two warnings, the manifest.json declares a handful of additional narrow permissions (alarms, storage, activeTab) that Chrome treats as silent because they don't grant access to your data or browsing. This page is the complete walkthrough of every declared permission, silent or not, with what it's for and what we explicitly don't do with it.
alarms
What it does: allows the extension to register scheduled alarms that wake the service worker at specific times.
Why we need it: Chrome suspends idle service workers. chrome.alarms is the only reliable way to wake the worker for scheduled work, like firing a snipe at a specific moment.
What we don't do: we don't use alarms for any purpose other than snipe scheduling (and a once-daily entitlement refresh).
storage
What it does: allows the extension to read and write to chrome.storage.local and chrome.storage.sync.
Why we need it: we store your snipes (active and history), your settings (clock offset, power-nudge dismissed flag), and your install ID. All on your machine.
What we don't do: we don't transmit any of this storage to any server. Your snipes never leave your machine.
notifications
What it does: allows the extension to create Chrome system notifications.
Why we need it: when a snipe wins, loses, or fails, we tell you. The notification is what makes the entire "set a snipe and walk away" flow work.
What we don't do: we don't send notifications for any purpose other than snipe results. We don't notify based on promotional, marketing, or upsell triggers.
activeTab
What it does: grants temporary access to the active tab when the user invokes the extension on it.
Honest current status: declared but not strictly required for the current architecture. The content scripts that inject the "Snipe this auction" button are declarative matches on eBay item pages, so they run regardless of activeTab. We may remove this entry in a future audit pass.
Why we don't ask for tabs
The tabs permission triggers Chrome's "Read your browsing history" warning on the install card. We previously requested it so the service worker could reuse an existing eBay tab on the listing at fire time. That use case is now satisfied by the existing eBay host_permissions alone, which expose tab URL and title to chrome.tabs.query for any tab matching the host pattern without the broader tabs permission. We removed tabs in v1.0.4. See the changelog for the full note.
host_permissions: ebay regional domains + zerohourbid.com
What it does: lets the extension run content scripts on, and make credentialed network requests to, the listed origins (18 eBay regional marketplace domains plus zerohourbid.com for the entitlement check).
Why we need it: the eBay domains are required so the snipe button can be injected onto listings and the bidder content script can post the bid from inside the eBay page context. zerohourbid.com is required for the install-ID entitlement lookup and the clock-sync endpoint.
What we don't do: we don't have host permissions for any other domain. The extension cannot run on, inspect, or send credentialed requests to non-listed sites. There is no <all_urls> permission.
What we explicitly do not ask for
identity: would allow OAuth flows. We have no accounts.history: would allow reading browser history. We don't need it.webRequest: would allow inspecting and modifying network traffic. We don't need it.<all_urls>: would allow operating on any site. We're scoped to eBay and zerohourbid.com only.