Lately, I’ve been installing a lot of browser extensions: I’m doing a project that involves analysing a bunch of web clipping / sharing apps, so I’ve been dutifully installing the browser extensions that they provide. What’s been striking me, though, is how little we know about the browser extensions we install. I use Google Chrome for most of my browsing—when I went to install the Evernote Web Clipper, this is the message that popped up:
This struck me as a somewhat far-reaching request: my browsing history and my data for all websites is a lot of data for a tool that is basically supposed to help me copy-paste. “What are they going to do with this information?”, I asked myself, “Why do they need it? Why isn’t there a ‘we have access when you click on the elephant’ clause or something?”.
Initially, I couldn’t figure out how to find out more: I clicked on the “View details” link, and it brought me here… I did a more thorough search once I decided to write this post, and eventually found a link to this:
So… that’s something…
I’m not writing this because I think that the Evernote Web Clipper is dodgy… I’m pretty sure it isn’t. I don’t see, however, why an app that I use for saving adorable pictures of owls, newspaper articles that make me happy / angry, and ikea hacks should have access to my banking credentials. I’m sure that there’s a good reason why they request this access… I just don’t know what it is. What I would like to see is an easy way to have these extensions working only when you want them to be working. Yes, I could go into my preferences and enable and disable the extension as I need it, but that is a bit of an onerous solution to what I presume could be reasonably easily implemented.
More than that, though, I wish that people who publish extensions explained why they’re requesting these permissions, what they actually do with the data they have access to, how they store it, etc. I may not mind sharing my data with you… but I do what to know why, and what you’re going to do with it.