My opinion would be that nothing on the internet is truly safe, and I'm not aware of any major security breaches in regards to Mod.io; I wouldn't lose any sleep over it.

You can always use a regular browser to browse Mod-io & subscribe to mods.

The actual mod downloading process doesn't involve the Steam overlay browser at all - DRG uses Mod-io's API to download them directly from their servers.

the steam browser has always been terrible so i imagine what you're saying is true. however the only way that would be a concern in this case is if you downloaded a mod that contained malware, which is extremely unlikely to happen. even if it did, you'd still get infected regardless of which browser you use because it doesn't know you're downloading malware

i don't know if modio makes any use of javascript, but even if it did i doubt that would be a worthwhile attack vector either

i imagine you'll probably be fine, but yeah i wouldn't try accessing my bank thru steam browser that's for sure

Just to be clear, any and all mods can be unsafe, including but not limited to steam Workshop, infact even joining into community hosted servers with mods can be unsafe, lemme give you some great examples

Insurgency Sandstorm is a game that when you join a community hosted public server can host mods not available on Modio but you will automaticalyl install the mod even if it's unlisted, which can contain scripts that include malware or viruses

Terraria allows custom scripts and file access paths for it's mods on both Steam Workshop and Tmodloader, which can extend all the way to Remote Access Codes that allows the mod owner to fully access and control your PC

Gmod had a massive server breach by a hacker that installed malware on hundreds of servers and automatically compromised people's PC

Apex Legends recently has a backdoor left open where people were able to direct access people's PC's and download content directly onto their computer, and it even happened during a tournament

Marauders a game that allows people to upload custom images for profile and group icons in-game which can be used as an exploit to download explicitly illegal images into people's game cache, which depending on your ISP can get you banned for possession of contraband

so in short, the internet isn't a safe place no matter where you go really, it's such a toss up when and where you play it's best to just stay in places or use downloads you know to be safe, or others can vouch for.

Originally posted by kestrel:

i don't know if modio makes any use of javascript, but even if it did i doubt that would be a worthwhile attack vector either

It does, but so does basically every website. If a website has any amount of dynamically interactive content, then it uses JavaScript.

Just for fun, I tried disabling JavaScript on Mod-io, YouTube, Steam, and SoundCloud. They all became completely unusable afterwards:

- Mod-io just becomes a white screen.
- YouTube only shows placeholder skeletons & doesn't load anything.
- Steam's infinite scrolling & most buttons stopped working.
- SoundCloud displays a "please re-enable JavaScript" message.

Thanks for everyone for their thoughts.
I would not use my Steam account on any browser, not because I dont trust my Firefox, but I know how unaware I can be sometimes and I might visit other sites while Im logged in Steam what is quite risky in same browser. So subscribe on mondio is not possible that way. Even my Firefox is hardened also settled into Sandboxie Plus.

You don't send your Steam password by logging in, only your Steam account identification token (or something like that) - you're fine as long as the website doesn't send you to a bogus Steam login page.

It does for some reason ask for an email before you can subscribe (or even unsubscribe) to a mod, which shouldn't have to be the case.

Originally posted by Chris!!:

You don't send your Steam password by logging in, only your Steam account identification token (or something like that) - you're fine as long as the website doesn't send you to a bogus Steam login page.

It does for some reason ask for an email before you can subscribe (or even unsubscribe) to a mod, which shouldn't have to be the case.

Ok, so how I download mods for DRG trough Firefox without login in that browser with Steam account?

Originally posted by Nosteru:

Originally posted by Chris!!:

You don't send your Steam password by logging in, only your Steam account identification token (or something like that) - you're fine as long as the website doesn't send you to a bogus Steam login page.

It does for some reason ask for an email before you can subscribe (or even unsubscribe) to a mod, which shouldn't have to be the case.

Ok, so how I download mods for DRG trough Firefox without login in that browser with Steam account?

You can simply login to Mod-io using Firefox instead of Steam's overlay browser, then subscribe to mods like usual.
DRG will install subscribed mods like usual as well.

Steam's overlay browser is just that - a different browser. It is not required in any part of installing mods.

Edit: if you're asking how you can download mods without logging into Mod-io, that's unfortunately not possible.

Originally posted by Blargo:

Originally posted by Nosteru:

Ok, so how I download mods for DRG trough Firefox without login in that browser with Steam account?

You can simply login to Mod-io using Firefox instead of Steam's overlay browser, then subscribe to mods like usual.
DRG will install subscribed mods like usual as well.

Steam's overlay browser is just that - a different browser. It is not required in any part of installing mods.

Edit: if you're asking how you can download mods without logging into Mod-io, that's unfortunately not possible.

^ Exactly this. Steam browser has no ties to the actual installation of the mods, only browsing and managing them like you would a shopping cart on e-commerce sites.

Originally posted by Blargo:

Originally posted by Nosteru:

Ok, so how I download mods for DRG trough Firefox without login in that browser with Steam account?

You can simply login to Mod-io using Firefox instead of Steam's overlay browser, then subscribe to mods like usual.
DRG will install subscribed mods like usual as well.

Steam's overlay browser is just that - a different browser. It is not required in any part of installing mods.

Edit: if you're asking how you can download mods without logging into Mod-io, that's unfortunately not possible.

Originally posted by Chris!!:

^ Exactly this. Steam browser has no ties to the actual installation of the mods, only browsing and managing them like you would a shopping cart on e-commerce sites.

Thanks I will check that.

Also I figured out that I already have all mods I need. I dont need to use modio much.

Originally posted by Nosteru:

Thanks for everyone for their thoughts.
I would not use my Steam account on any browser, not because I dont trust my Firefox, but I know how unaware I can be sometimes and I might visit other sites while Im logged in Steam what is quite risky in same browser. So subscribe on mondio is not possible that way. Even my Firefox is hardened also settled into Sandboxie Plus.

First of all when you login in browser no websites can steal your data and even if some1 knows your login data they can do nothing with it because of steam guard.

Only unsafe thing in browsers are autofills or google pass.

You should check youtube how such stuff work to reduce your paranoia and when you know how things work you wont need to do difficult things like right now, because you are unsure.

https://www.youtube.com/watch?v=fnMGt8J-uKs

Originally posted by Baj:

First of all when you login in browser no websites can steal your data and even if some1 knows your login data they can do nothing with it because of steam guard.

Only unsafe thing in browsers are autofills or google pass.

You should check youtube how such stuff work to reduce your paranoia and when you know how things work you wont need to do difficult things like right now, because you are unsure.

https://www.youtube.com/watch?v=fnMGt8J-uKs

With your logic I should freely write here my account name and password, because steam guard will protect me anyway. I rather be paranoid and try figure out things first.

If you are really worried about security then set up 2-factor authentications where available. You can't stop a determined hacker, but you can make their attempts longer and harder.

Also don't browse rock-fondling sites on Steam browser. Preferably don't browse any sites with Steam browser because it doesn't have an access to adblock/ublock/tampermonkey for multi-spectrum domain and popup blocking.

The only worry about mod.io is that the entire company just goes under and breaks mod support and/or gets taken over by a malicious actor. Which can happen with any website. Even Steam.