Explaining the new Kelvin Extension permissions
Summary: We updated the Kelvin Chrome Extension and the permissions changed. Now when you browse your Kelvin Extension asks the Kelvin Web Application if the site you are currently on has been rated or remarked on. We do not include any information linking you with the site that you are on. Depending on the answer, we update the Kelvin Extension icon to let you know to check out the remarks or be the first to rate the site. Your information is never processed and is automatically deleted from our log files after 7 days. Transparency and privacy are important to us. If you’d like to learn more, please read on.
If you’re an early user of our Kelvin Chrome Extension, you may have noticed that the Kelvin extension has a new look.
Perhaps your Kelvin extension was replaced with an orange exclamation when you restarted Chrome. That alert message would have told you that Kelvin Beta is disabled, and to re-enable it, you need to accept new the permissions. The permission change is that “This extension can read your browsing history”.
As the person who wrote the code changing the permissions, I wanted to take some time to explain in an accessible way what we changed, why we changed it, and how these changes affect you.
It started with an idea for a new feature.
Wouldn’t it be great if as you browsed with Kelvin, you could be notified unobtrusively as to whether you were the first to claim a site? Or alternatively, if there was a conversation happening on top of a site, shouldn’t the extension subtly let you know?
We didn’t like the idea of using a popup, so I went looking around the Google Chrome Extensions API for other ideas. An API, in this context, is a group of defined functionalities that you can implement in your extension code to interact with the Google Chrome browser. For example, I can use the
fontSettings API to change the font on your browser if you have my extension installed. I can use the
tabs API to open a new tab on your browser if you have my extension installed. We ended up deciding to change the icon of our Extension as a way of unobtrusively notifying our users about the Kelvin conversation surrounding a website.
The new functionality we implemented is that when you switch between tabs, or navigate to new websites in a tab, the extension will take the url of the tab you are on and ask our Kelvin web application the following questions: is this site already rated on Kelvin, and if so, are there remarks about this site?
The only information the extension sends is the url of the site you’re looking at, but not any information about you or your Kelvin account. The url is stripped down simply to be the homepage of the site you are on, not the specific page of the website. For example: if you are learning Welsh on duolingo, the Kelvin extension would simply as the Kelvin web application if the site
duolingo.com has been rated or has any remarks.
The web application will either respond saying the site is
If the site is
unrated, then we change the extension icon image to show the plus sign.
If the site is not
unremarkable, then we change the image to show the comment bubble.
On our end, we do not store, process or look at this data. We only store when Kelvineers rate and remark on sites. It does live in our log files — which are searchable for 48 hours and archived for 7 days, and then deleted.
The biggest takeaway is that when you install a Chrome extension, you are placing a lot of trust in the company that made the extension. The Kelvin team values transparency and wants to earn your trust. There are many ways that we can improve on this implementation — and many ways that I think we should improve — and I will continue to keep you updated as we make those changes. At a minimum, I hope this post clarifies what the permissions change means for you, and empowers you to advocate for any changes or adjustments that you’d like to see.
If you want to keep using the Kelvin extension, but want this feature disabled (meaning we only know the site you’re on when you explicitly click on the extension icon), please let us know.
If you’re looking for a more technical description — or want to engage in further conversation with me about this issue — please feel free to email me at firstname.lastname@example.org — I look forward to continuing the conversation.