Six Ways to Make Sure Your Browser Extensions Are Legal
Browser extensions can potentially see a lot of what you do on your computer, so you need to be careful when it comes to choosing which of these add-ons you install and allow access to your browser.
While there are many browser extensions that are legitimate and truly useful , some are not. Browser security analyst John Tuckner (via Ars Technica ) recently reported finding dozens of suspicious extensions that have overly broad permissions and appear to collect browser data. These extensions appear to be used by around six million users.
Most of these extensions are not listed in the Chrome Web Store, so users need to be directed to the exact URL to find them, and they are less visible to security scans and the web. They don’t seem to offer much in terms of functionality and are coded in a way that makes it difficult to determine their purpose.
What’s even more alarming is that the developers of some of these extensions have been labeled “Recommended” by Google, which presumably means they meet certain standards in terms of privacy and security. As a reminder, even if the extension appears normal, you should still exercise caution.
There is no reliable and 100% guaranteed way to detect suspicious browser extensions, but there are many ways to assess their legitimacy, which I have outlined below.
Follow the news
There are a lot of good people on the right side of the security and privacy fence, including John Tuckner. Stay up to date with tech news headlines and the latest social media news, and you’ll always be on top of any major issues.
Take for example the Honey extension, which was recently revealed to employ shady tactics in terms of online price manipulation. If you check the news, you will hear about similar discoveries.
Read reviews
Reviews may be fake and don’t always give a true picture of the quality of the extension, but they will give you some clues. Look for common complaints and problems, especially those that have been published recently.
Lots of low ratings can be a serious warning sign, especially if they mention that the extension is buggy or slow. You should also check whether the developer has addressed any complaints and provided plausible explanations for them.
Look at the developer
Speaking of developers, information about the people behind these add-ons is always shown in the extension listings. See if there is clear evidence of what these people or teams are doing and why they might have made the extension available to your browser.
If the extension is created by a professional programmer with an active social media presence and a real GitHub landing page, that’s a good sign. If the developer’s link leads to a poorly formatted web page with little information, it’s not so good.
Check permissions
Just like apps installed on your phone or laptop, browser extensions have permissions: you can see the permissions they ask for on their listing pages, and once you install them, check what they’re trying to do.
You’ll have to make some judgment calls here in terms of what’s reasonable and what’s not when it comes to permissions, but obviously an extension that snoozes inactive tabs (for example) shouldn’t read everything you type into your browser.
Use Security Tools
Several security tools can help you spot bad extensions, such as John Tuckner’s own Secure App : with a little help from artificial intelligence, it scans extensions for potential problems, although it’s aimed at companies rather than individuals.
For Chrome, try Chrome Extension Source Viewer (to check the code) and Under New Management (to check who’s behind the extension), as well as Chrome’s own security checker . There are many other options, both for Chrome and other browsers.
Stay informed
Web browsers and operating systems are actually quite effective, although not infallible, when it comes to identifying security problems, including browser extensions that may be trying to steal data or direct you to suspicious parts of the Internet.
However, this depends on whether you keep your software up to date: hackers and scammers love outdated, unpatched code. Be sure to install pending updates for your browser and Windows or macOS as soon as you receive notifications about them.