How to tell if a browser extension may be up to no good
There’s an adage that has developed in the digital age which states that if an online service is free, chances are, you are the product. While there is some debate as to how true this is, one would be forgiven for assuming it is based on ad revenues from the tech giants that offer free search, social networks, and video platforms.
It’s already quite well known within the tech industry that many free browser extensions inject advertising into the browsing experience in exchange for practical browser enhancements. We also now know, as of last month, that there is at least one extension that was hacked to turn end-user devices into crypto-mining terminals. If this makes you feel somewhat uncomfortable, it probably should.
How can you tell if a browser extension is more trouble than it’s worth? We have a few tips to share.
Generally speaking, extensions that are not looking to sell your data to third-parties will be quite explicit about it.
Having read both Privacy Policies, it’s pretty clear which one is going to be a higher risk to your browsing privacy. Make sure to understand what you are agreeing to when you install any software on your device.
TIP #2: Understand the permissions required for the extension (or app) to be installed
As extensions have become more sophisticated, so have the resources required to run them. Depending on the functionalities of the extension, you may be required to authorize certain permissions for the extension to run properly.
While many simple extensions can function without requiring any additional permissions, the more complex ones will need to access areas of your browser that, in the wrong hands, could be used unethically.
Giving permissions to an extension is similar to giving someone access to your house. You want your gardening service to have access to your yard, but there’s no reason they need a key to your bedroom. If they were to ask, you might be suspicious of their motives — the same should apply with extensions requesting permissions in your browser.
The key to being safe with permissions is common sense. An ad-blocker, for example, will require access to the data on websites you visit. Is there any reason though, for an ad-blocker to need to modify your copy and paste data, or access your bookmarks? Ask your self this question before installing any extension. If you cannot think of a reason why an extension should require a certain permission, try looking at similar extensions and see if they all require similar permissions.
TIP #3: Read the reviews
Reviews are often an excellent way to find out if an extension is worth the trouble of installing it. While reviews tend to focus on the efficacy of the extension, reviewers will generally out any extension that is misbehaving.
As can be seen in the image above, even extensions with seemingly good star ratings can be hiding malware that will impact your browsing experience and potentially put your browsing data in the hands of third-parties without your explicit permission.
Browser extensions have revolutionized the way users experience and interact with the web. Many free extensions offer enhanced functionality in exchange for a user’s trust. Others seek to take advantage of users by inserting malvertising or spyware into extensions.
In order to protect yourself from installing a malicious extension, we recommend that you always:
- Read the terms and conditions, specifically sections that focus on data privacy and third parties
- Make sure the permissions required for the extension to be installed do not step out of the boundaries of intended functionality
- Read user reviews to understand if other users have identified malicious activity originating from the extension