Protect your privacy while using Chrome Extensions

keep calm and control chrome extensions | Night Eye
Chrome extensions are arguably an essential reason why Chrome is the most popular browser nowadays and continues to be on the top. In a nutshell, the extensions add new features and functionalities to the browser. Most of the extensions are free, easy to install and their number is constantly growing. At the moment there are nearly 200 000 extensions offering a way to boost your productivity, save money shopping online, protecting you and much more.

It can’t be that good, right? You are right, the biggest downside of the extensions is that they can be a vulnerability when it comes to your online security and privacy.

How can chrome extension can harm you?

Although Google is pushing hard on reducing the possibilities of approving malicious extensions, the constantly growing number of new extensions makes the task even harder for the tech giant.

One of the most hard to catch bad extensions are those that fit the category “Good extensions gone bad”. It can be either voluntary step by the developers - like selling their code to another company/developer or simply getting hacked.

In most cases the goal of the malicious extensions is to force the victim to click and visit advertising website that earn money for the developers. If we can consider that this the best case scenario, there are far worst things that can be done with with the help of malicious extension. Hackers can gain access to corporate networks, personal information and more.

The good news is that Google is doing their bast to catch those bad boys and disable them as soon as the go in the wrong direction.

How to avoid installing malicious extension?

There is no guaranteed way, but by following the steps bellow your chances of NOT installing a bad extensions are good.

1. DON’T install anything that might seem interesting at first sight. Read carefully the overview of the extension. If the extension has a website, this is a good sign, but still - go through it and familiarise yourself with the software.

2. Privacy policy, written in human language, can be a decent sign as well - if everything is understandable to you, that’s a good sign. Still, if you find something unclear - contact the developer and ask for clarification. Not getting clear answer is a red flag.

3. Check how many users currently there are using it. Although we’ve seen extensions with over 100k going the wrong direction, this is usually a decent indication Extensions with low number of users can be suspicious, but everyone start at the bottom so give those starting out a chance.

4. Go through the reviews section.

5. Check if the developer/extension can be found on the social media websites such as Twitter, Facebook, Linkedin and others. If, for example, the extension has a twitter page and you can see that they are interacting with other users - this is a good sign.

How to ensure your online safety with the current extensions you are using?

Clean up the unused extensions
The first thing that you can do is remove all those extensions that you don’t use. Go ahead, simply remove them. If, at some point, you need them - the installation process is short and easy. Visit the extensions page (chrome://extensions) regularly and keep it clean of unused extensions.

Control what the extensions read and change
Different extensions need different access to work properly. We will take Night Eye (link) as an example. In order to analyse and convert the website colors and bring you the best dark mode possible, the software requires read and change site data rights. If they are not granted, no colors will be changed - it is as simple as that. This is where the privacy policy is crucial (check out ours - Privacy Policy). If done right, you will be explained as simply as possible why you need to grant access to certain data and how this access is used.
Chrome has this great feature that allows you to manage when each extension can actually access the granted data. You are presented with 3 options - to allow it on all websites, to allow it only when clicking the extension, to allow it on specific websites.
To access that setting, simply follow those 3 easy steps:

1. Right click on the extension

2. Go to “This can read and change site data”

3. Pick the option you prefer
Although it can be more inconvenient and most of you will choose to grant the access on all websites, there are some situations in which I would not recommend it. If you are managing sensitive personal information such as you online banking account, taking the step and preventing extensions for reading anything can be a healthy habit.