Chrome Extension Read and Change All Data
Many extensions in the Chrome Spider web Store desire to "read and change all your data on the websites you visit". That sounds a little dangerous—and it tin can be—simply many extensions simply need that permission to do their jobs.
Chrome Has a Permission System, But Firefox and Internet Explorer Don't
Note: This slice was originally written in 2017. Since and so, Mozilla Firefox and Microsoft Edge have gained permission systems.
This may seem alarming, especially coming from something similar Firefox. But you lot merely encounter this warning because Chrome has a permission organisation for its extensions, while Firefox and Internet Explorer don't. Every Firefox and Internet Explorer extension has total admission to the entire browser, and can do anything it wants.
For instance, when yous install the Tampermonkey addition in Firefox, you won't run into a permission warning at all. Merely that add-on gains access to your entire Firefox browser.
Unlike extensions for these other browsers, though, Chrome extensions must declare the permissions they need. When you install an extension, y'all'll see a list of the permissions it requires and you tin brand an informed decision about whether to install the extension. It's a bit similar the permissions arrangement built into Android.
To utilize the aforementioned example, when y'all install the Tampermonkey extension for Chrome, you lot'll see information about the permissions the extension requires.
Very elementary extensions don't actually require any permissions. For example, the official Google Hangouts extension just provides a toolbar icon yous can click to open a Google Hangouts chat window. Install it, and you lot won't be warned almost any special permissions it requires.
Why Extensions Need Permission to "Read and Modify All Your Data"
Effort to install most extensions, however, and you'll be warned near the permissions they require. The nigh scary looking one is probably "Read and modify all your data on the websites you visit". This means that the extension tin view every web page you visit, modify those spider web pages, and even transport information nearly that over the web.
For instance, Google offers a Save to Google Drive extension that allows you to right-click on whatever web folio or link and relieve that page to your Google Drive. The extension requires the ability to "Read and change all your data on the websites you lot visit". But it needs this permission because, when you try to save content, the extension must exist able to access the current web folio and view its data.
Extensions that need to interact with web pages will virtually always crave the "Read and modify all your data on the websites yous visit" permission. That's why the Google Hangouts extension doesn't inquire for this permission: It has no features that interact with an open up web page in your browser.
Click effectually and y'all'll chop-chop realize that most browser extensions offer features that interact with the current spider web page, from password managers that need to fill passwords to lexicon extensions that demand to define words. That's why this permission is and so mutual.
Extensions that only piece of work on a single website may but require the ability to "Read and change your data" on a specific website. For example, the official Google Mail Checker extension requires the permission to "Read and modify your information on all google.com sites".
Sure, this level of access would allow an extension capture your passwords and credit card numbers or insert additional advertisements into web pages. But Google doesn't know whether an extension will use its permissions for skilful or evil. Many pop and legitimate extensions crave this permission, as there's no other way they tin can interact with open web pages.
But, it the permission alert makes you think twice before installing an extension you're not sure nigh, that's skillful. That's why it's there—it's a reminder of how much access you're providing to your personal data whenever you install a browser extension.
Some Extensions Have Even Broader Permissions
Extensions can request quite a few other permissions, too. For example, the AVG Web TuneUp extension installed as office of the AVG antivirus requires the permission to read and alter all your data on the websites you visit, read and change your browsing history, change your domicile page, change your search settings, modify your start page, manage your downloads, manage your apps, extensions, and themes, and communicate with cooperating native applications on your computer.
RELATED: Don't Utilise Your Antivirus' Browser Extensions: They Can Actually Brand You lot Less Condom
We don't recommend using your antivirus's browser extensions, and Chrome'south permissions system does a good job of showing why in this instance. This extension is very invasive and requires access to almost every role of your browser. The permissions window helps warn you of the permissions yous'll exist granting, then you can make an informed decision.
Even the scariest browser extension doesn't have as much access to your figurer every bit a desktop programme would, though. Normal Windows applications have access to your keystrokes and files, including your web browsers. That'due south why you shouldn't run a desktop application y'all don't trust, but as you shouldn't install a browser extension you don't trust.
Which Browser Extensions Should You Trust?
If you're giving an extension admission to all the websites yous visit, that extension could potentially capture your online banking passwords and credit card numbers or insert ads in the pages you view. It's just as dangerous for your web browsing data as installing a desktop plan, and so you should treat the decision just equally carefully.
In theory, browser extensions available in the Chrome Web Store, Mozilla Add-ons website, and Windows Store are monitored by Google, Mozilla, and Microsoft, respectively. The company in charge of the shop can remove an add together-on from the store if information technology'due south doing something bad.
In reality, though, browser makers don't exam every extension—or every update to a legitimate extension—to confirm it's safe. A browser maker volition often only get around to removing an extension afterward it's caused bug for many people who take it installed.
If the extension requires quite a few permissions, you'll accept to evaluate information technology similar you would a desktop program. If the extension is created past a company you trust—like the many extensions created by companies like Google, Microsoft, Twitter, Facebook—you know it'south probable safe. If the extension was created by someone you lot don't know, be more than careful. If the extension is established and has a big number of users, good feedback in the store, and positive reviews on other websites, that's a skilful sign. If information technology has mixed feedback or much fewer users, that'south a bad sign.
If you're ever in doubt, don't install that extension. It'south best to employ every bit few extensions every bit possible to keep your browser fast, anyway.
More browsers are adding permission systems, however. Microsoft Edge uses Chrome-style extensions and volition warn you lot about the permissions the extensions require. Firefox will as well motility to Chrome-style extensions in the future.
Source: https://www.howtogeek.com/291095/why-do-chrome-extensions-need-all-your-data-on-the-websites-you-visit/
Post a Comment for "Chrome Extension Read and Change All Data"