You are probably familiar with web browser extensions, which most of us use daily. They add a lot of useful features to browsers, which you might employ to quickly translate text, make screen captures, block ads, remember passwords and shorten URLs.
There are a lot of extensions – for productivity, customization, shopping, games, and more. Almost all popular browsers support extensions — you can find them for Chrome and Chromium, Safari, Opera, Internet Explorer, and Edge. They are widely available and some of them are quite helpful, so a lot of people end up using at least several extensions, and sometimes their number on one PC extends to several dozen. But, at the same time, they also pose threats to both privacy and security, they can also snoop on you and “eat at your processing power, take memory away,” and more, says David Temkin, the chief product officer for the Brave browser.
Risks of Installing Web Browser Extensions
An extension of the shopping site BeFrugal says, it gathers “information about your activities on this site and other sites to provide you with advertising based on your browsing activities and interests.” Amazon also encourages customers to install their extension, the Amazon Assistant, in exchange for a $10 discount good for 2 days. The data it collects includes URLs, search terms, search results, page metadata and limited page content from websites “for which we may have relevant product or service recommendations.” So these shopping site extensions are more than just a shortcut for delivery notices, and comparison shopping. What is not immediately obvious is that these browser extensions watch shopping on other websites. For the Amazon extension, it’s not just “harmless background activity occurring as you browse – you are giving corporations a direct look into all of your preferences, habits, and vulnerabilities,” says Tillman. “And in this case, for just $10.”
Researchers at North Carolina State University surveyed extensions and found many were not just privacy hogs, but that they also were capable of “potentially leaking privacy-sensitive information. The top 10 most popular Chrome extensions that we confirmed to be leaking privacy-sensitive information have more than 60 million users combined,” the authors Quan Chen and Alexandros Kapravelos said. Be more careful. Don’t install too many extensions. Not only do they affect computer performance, but they are also a potential attack vector, so narrow their number to just a few of the most useful.
Tillman recommends always reading the privacy policies before downloading extensions, “particularly the sections related to data collection, to see if these tools are collecting and sharing data with so-called ‘third-party partners,’ which is a strong indication that they may be selling personal data.” Pay attention to the permissions that extensions require. If an extension already installed on your computer requests a new permission, that should immediately raise flags; something is probably going on. That extension might’ve been hijacked or sold. And before installing any extension, it’s always a good idea to look at the permissions it requires and think about whether they match the functionality of the app.
If you can’t find a logical explanation for the permissions, it’s probably better not to install that extension.