Pinterest Stumbleupon Whatsapp

chrome plugin privacyIf you’ve installed Chrome plugins, you’ve probably seen a warning that they can access your data on all websites, your tabs and browsing activity, or even all the data on your computer. This warning can be scary, especially if you’re installing a simple browser extension that looks harmless.

Chrome has a permissions system, just like Android does How App Permissions Work & Why You Should Care [Android] How App Permissions Work & Why You Should Care [Android] Android forces apps to declare the permissions they require when they install them. You can protect your privacy, security, and cell phone bill by paying attention to permissions when installing apps – although many users... Read More . Unfortunately, the way web browsers and web pages work means that extensions must ask for quite a few permissions to do simple things. Chrome’s permissions system is not particularly fine-grained.

Plugin Permissions

Unlike Mozilla Firefox and Internet Explorer 7 Useful Tips & Tricks For Internet Explorer 9 Users 7 Useful Tips & Tricks For Internet Explorer 9 Users Tech websites write a lot about Google Chrome and Mozilla Firefox, so it’s easy to feel a bit left out if you use Internet Explorer. Internet Explorer 9 is easily the best version of Internet... Read More , both of which allow extensions to do anything they want, Chrome uses a permission system for its extensions. All Chrome plugins must declare the permissions they need. When you install a plugin, you’ll see a list of the permissions it requires. This gives you some idea of what a plugin can do. For example, if an extension doesn’t require any permissions, it’s definitely safe to install. If an extension requires permission to access all the data on your computer, you should be sure the extension was created by someone you trust.

Very simple plugins, such as the Timer plugin, which displays a timer button on your browser toolbar and doesn’t interact with any websites, don’t need any permissions.

chrome plugin privacy

Other plugins need different types of permissions, depending on what they do.


Access Your Data On All Websites

Plugins that interact with web pages need to declare the permissions “Access your data on all websites.” Plugins that need to see the addresses and titles of the websites you visit must declare the permission “Access your tabs and browsing activity“.

For example, LastPass LastPass for Firefox: The Ideal Password Management System LastPass for Firefox: The Ideal Password Management System If you've not yet decided to use a password manager for your myriad logins online, it's time you took a look at one of the best options around: LastPass. Many people are cautious about using... Read More is a password manager Password Manager Battle Royale: Who Will End Up On Top? Password Manager Battle Royale: Who Will End Up On Top? Read More that needs to detect what website you’re visiting, automatically fill forms with your saved passwords, and detect when you’ve entered a password and offer to save it. The LastPass Chrome extension must ask for all these permissions because it needs to view the websites you’re accessing and run JavaScript code on the pages you visit.

better privacy plugin chrome

Other less-invasive extensions may also request these permissions. Any extension that works by running JavaScript code on the websites you visit must be able to “Access your data on all websites“. For example, the colorPicker plugin allows you to select a color used on the current website and view its exact color code. It functions by running JavaScript code on the current page, so it must be able to access all your data.

Google has no way of knowing whether an extension that manipulates the pages you visit is doing something innocuous, like picking a color 3 Color Picker Add-Ons For Web Designers & Graphic Artists [Firefox] 3 Color Picker Add-Ons For Web Designers & Graphic Artists [Firefox] Eyedroppers and color pickers can work outside a mammoth graphic tool like Photoshop and CorelDraw. Most of these tools are small and portable. But today, we will diverge from desktop color picking tools and look... Read More , or doing something more dangerous, such as spying on your credit card number and payment information.

better privacy plugin chrome

Extensions that only work on a single website, such as an extension that adds additional features to Gmail 6 Cool Google Chrome Extensions For Gmail Users 6 Cool Google Chrome Extensions For Gmail Users If you're like me, you use Gmail for all of your email needs, even across multiple email accounts. Although there are plenty of email clients available, Gmail is often easier to use, quicker, and nearly... Read More , will only have the permission to access your data on that specific website. Extensions like LastPass and colorPicker must run everywhere and need more permissions.

better privacy plugin chrome

Access All Data On Your Computer

Some Chrome plugins aren’t just Chrome extensions. They include NPAPI plugins. NPAPI plugins are essentially just programs that run on your computer. Browser plugins like Adobe Flash, Oracle Java Is Java Unsafe & Should You Disable It? Is Java Unsafe & Should You Disable It? Oracle’s Java plug-in has become less and less common on the Web, but it’s become more and more common in the news. Whether Java is allowing over 600,000 Macs to be infected or Oracle is... Read More , and Adobe’s PDF reader are all NPAPI plug-ins.

When a Chrome extension contains an NPAPI plugin, it has the permission to “Access all data on your computer and the websites you visit.” The NPAPI plugin runs just like a program on your computer with access to your everything on your system. You should be careful about installing Chrome plugins with this permission – it’s just like installing a program on your computer.

For example, LastPass has a special version of its Chrome plugin available from its website. This plugin has the ability to share your LastPass login state with other web browsers running on your computer. It works by using an NPAPI plugin that runs as a program on your computer.

chrome personal data

Plugins In Other Browsers

While Chrome’s permission warning messages can seem a bit scary to some users, it’s important to consider that the situation is worse with other web browsers.

For example, when you install a Firefox add-on, the add-on has full permission to access your entire computer, if it wants. There’s no permission system in Firefox. The only limitation is Windows’ User Account Control The MUO Security Checklist: What You Need To Do Right Now To Be Safe The MUO Security Checklist: What You Need To Do Right Now To Be Safe Security can be an overwhelming subject – there are so many potential problems we need to think about when securing our computers, our online accounts, and our wireless networks. This list should help simplify things... Read More , which prevents the add-on from running with administrator privileges.

If you pay attention while installing a Firefox add-on, you’ll see a similar warning message, although it’s less specific than Chrome’s warning message.

chrome plugin privacy

This also applies to all other software on your computer. When you install a Windows desktop application, it has full access to every file on your computer and the ability to monitor your browsing activity – if it wants to.

While it would be nice if Chrome’s extension permission system was more fine-grained, it would be extremely difficult to limit what more powerful extensions can do. To see a full list of Chrome plugin permission and a short explanation of each, read this page on Google’s website.

How much attention do you pay to permissions when you install Chrome plugins? Have you avoided installing plugins when they ask for lots of permissions, or does Chrome’s permission system provide so many warnings that you ignore them? Leave a comment and share your thoughts!

Leave a Reply

Your email address will not be published. Required fields are marked *