Lately, I’ve been installing a lot of browser extensions: I’m doing a project that involves analysing a bunch of web clipping / sharing apps, so I’ve been dutifully installing the browser extensions that they provide. What’s been striking me, though, is how little we know about the browser extensions we install. I use Google Chrome for most of my browsing—when I went to install the Evernote Web Clipper, this is the message that popped up:
This struck me as a somewhat far-reaching request: my browsing history and my data for all websites is a lot of data for a tool that is basically supposed to help me copy-paste. “What are they going to do with this information?”, I asked myself, “Why do they need it? Why isn’t there a ‘we have access when you click on the elephant’ clause or something?”.
Initially, I couldn’t figure out how to find out more: I clicked on the “View details” link, and it brought me here… I did a more thorough search once I decided to write this post, and eventually found a link to this:
So… that’s something…
I’m not writing this because I think that the Evernote Web Clipper is dodgy… I’m pretty sure it isn’t. I don’t see, however, why an app that I use for saving adorable pictures of owls, newspaper articles that make me happy / angry, and ikea hacks should have access to my banking credentials. I’m sure that there’s a good reason why they request this access… I just don’t know what it is. What I would like to see is an easy way to have these extensions working only when you want them to be working. Yes, I could go into my preferences and enable and disable the extension as I need it, but that is a bit of an onerous solution to what I presume could be reasonably easily implemented.
More than that, though, I wish that people who publish extensions explained why they’re requesting these permissions, what they actually do with the data they have access to, how they store it, etc. I may not mind sharing my data with you… but I do what to know why, and what you’re going to do with it.
As a web-developer, I use a lot of extensions, and you’re right – there’s a lot of trust involved here… technically, any of these people could be stealing all your personal information, passwords, etc… I’ve been worried about that for a while.
Here’s two ways I deal with this issue:
1. I prefer extensions that are open source – preferably with the source-code ready to browse on GitHub or another social coding site. If the author was evil, he most likely would not post the source-code in the open. (don’t take it for granted, though.)
2. I keep most of my extensions disabled, and I turn them on selectively, when I need them. This has other benefits: some extensions may cause instability, waste memory, or slow down the browser – I keep them turned off, and I simply turn them on and off as needed.
If you wish there was an easier way to do that, here’s an extension: http://bit.ly/117cOCm … and hopefully we can trust that one 😉