This article explains why the Phantom browser extension requests permission to “Read and change all your data on all websites” during installation.
When you install the Phantom browser extension, you may see a message asking for this permission. While it may sound serious, it allows Phantom to connect with dApps and help you use your wallet securely.
Why this permission is needed
Phantom injects a small piece of code (JavaScript) into the websites you visit. This allows apps (dApps) to detect your wallet and connect to the blockchain.
This is what makes it possible to view your NFTs, sign transactions, and check balances directly from the website you’re using.
How you stay in control
If you want to limit where your wallet interacts, consider using a separate browser profile just for Phantom. This creates an isolated environment for crypto activity and reduces exposure to other extensions or browsing sessions.
Security is our top priority
Phantom is built with strong security practices to protect your data and funds. While this browser permission may appear broad, it is required for the wallet to interact with apps (dApps) properly.
Phantom does not access or store your personal browsing data when this permission is granted.