How Chrome extensions abuse their users

I’ve written before about how chrome extensions abuse their users by requiring to much permissions. Not only is this serious from a privacy perspective but also a security issue.

For example, extensions tend to ask for permissions to read and edit the DOM, on every page, just to display a custom popup by injecting this into the DOM. The concern with this is that it doesn’t necessarily stop here. This weekend, this happened to me:

Stories injected by Pocket’s chrome extension
Exactly

I don’t know but generally, people install extensions to remove ads, not inject them? Pocket’s extension, and my trust in them for building great products went out the window within seconds 🏃.

I’m also making a promise that Klart will never, ever, do this shit. We will only ask for the permissions we need, because we care 👊.