Chrome Extensions and Privacy – I’m Scared !

Recently Google introduced Chrome Extensions which are little applications that let you do more with your Chrome browser. Like take this Google Dictionary extension which can tell you the meaning of any word on a website. All you have to do is double-click the word.

Super cool, isn’t it? You just need to Install the Google Dictionary extension and double-click words and meanings will pop up! After you excitedly click “Install”, you get this lovely confirmation box, where things start getting interesting.

All it wants is for you to confirm that this extension will have access to your data on all websites and your browsing history. A little scared? Worried about privacy? Don’t be, Google already knows everything there is to know about you.

Google with its “open” culture allows everyone to create extensions. Developers around the world have already created tons of extensions and people around the world have dutifully downloaded them. See this one from Yoono. It claims to be the most popular extension on Firefox. I should be able to trust it right? But for some reason when the warning pops-up, demanding I allow Yoono to access ALL my web information, I freeze. I just can’t do it.

I decided I will have to be satisfied with extensions developed by Google. We all trust Google. Google’s the good guy. So I decide to Install Speed Tracer.

An even better confirmation message pops up this time. Google now requests access to all data on your computer. Thats right, all my local computer data. The message gives me the creeps! So Google will know everything I do online AND offline. Why don’t they just send me to prison and get over with it!

May be I am orthodox, but the privacy around chrome extensions frightens me, it really does. Until Google can come up with a better privacy policy, I’m definitely going to keep my hands off chrome extensions.

[There is a positive side to this; the extension code is public, so you could in theory review the code. Now, who doesn’t love code reviews?]

Advertisements

9 thoughts on “Chrome Extensions and Privacy – I’m Scared !

  1. Offline data is way extreme. Even, online data like bank transactions and all. What about that? I mean, I wouldn’t mind if they c my bills and pay it off ;)

  2. I know Santy, it is indeed extreme ! Privacy in the online world is getting quite twisted, and soon we won’t be able to tell the bad guys from the good guys.

    I was listening to a documentary, where someone said how dangerous Google is and they could in the future be the “bad ones” and sell off all this data they have. Who know what will or will not be!

    Yesterday when installing Norton, I was asked if I was willing to share some “critical security information” with Norton from my PC to help improve internet security. Now I sure want to, but then again one wonders what exactly this information will be and will I be exposed in any way. Sad ;-/

    Sorry for the delayed response… IKEA needs me ;-)

  3. I’m scared too. More scary is, I haven’t seen any discussion about it on the web except your blog. Is everybody happy about it?

  4. The internet is a scary place.. Its getting a bit extreme with all these websites wanting all your data.. I am sure there will be someone coming up with services like “I dont need your data for this service, just pay me 5 cents every time you use it!” :) Does that make sense ;)

  5. Hi. I’ve been developing software for 25 year, mostly cutting-edge stuff both on and offline. The privacy concerns you describe are very legitimate.

    It is indeed scary and bizarre that hardly anyone is discussing this beyond a few threads online. I could list a dozen aspects of the Chrome Extension security breaches, like no disclosure statements of any kind by 99% of extensions, to the justification that since the programing (source) code for (every?) extension is viewable by anyone who knows how to find and read it prevents abuses by enhancing accountability.

    People are clicking OK without understanding what they are literally giving away–at the very least *access* to personal information with no no disclosure, no legal guarantees, no enforcement of privacy standards, no monitoring of data collected and how it used and shared.

    No one in their right mind would handover their credit card information and email passwords to someone virtually unknown and unverifiable on the other side of the world, but yet that’s basically what people are doing when they are clicking “OK”.

    Yes, it is insane and scary as it sounds.

    I wonder, is Google now so powerful, so “everywhere” and so essential, that no one wants to directly challenge them? Or are people who should be raising flags in the tech and media worlds that clueless? Probably a bit of both.

    From what I have read from Google replies and other discussions on this topic, we are not exaggerating the exposure, nor is there any unseen mechanism to give us significant (if any) substantial disclosure, protection and accountability.

    And that’s why I never enter personal info on my computer if at all possible, why I will never load a Chrome extension unless I know for certain (somehow?) that its developers are trustworthy and aggressively protecting not using my data.

  6. @Ben, Couldn’t agree more. What shocked me are the download statistics – hundreds and thousands of people clicking “OK”. These numbers can easily give you a pseudo sense of security, because when you see some 20K users downloading the extension, you presume it must be safe to do so.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s