Chrome extensions are something a lot of people cannot live without. They depend on them for productivity, notifications and a plethora of other useful things. But are Chrome extensions as safe as Google and extension developers make them out to be? Detectify Labs doesn’t seem to think so and in a long blog post sets out to explain why exactly we should be concerned about Chrome extensions and what we can do to avoid our privacy from being invaded.
Popular Google Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. These extensions will receive your complete browsing history, all your cookies, your secret access-tokens used for authentication (i.e., Facebook Connect) and shared links from sites such as Dropbox and Google Drive. The third-party services in use are hiding their tracking by all means possible, combined with terrible privacy policies hidden inside the Chrome Web Store. The Detectify team has identified how they are doing it and what options you have to avoid being affected by it.
When you download an extension from the Chrome Webstore you’ll get a list of permissions the app is asking to use in order for it to function properly. You can accept those permissions or you can decline them, 98 percent of the time most people will simply accept without reading the permissions. But we recommend you head over to the Detectify website and read its very in-depth and long technical write up on this to gain a better scope and understanding of what they’ve found and how they went about finding it.
What do you think of Detectify Labs detailed report? Let us know in the comments below or on Google+, Facebook and Twitter.Source: Detectify Labs