The majority of extensions are not malicious, dangerous or privacy invading. The last years have seen a rise of an industry however that monetizes browser extensions.
Companies contact extension developers to either purchase successful extensions (based on users) outright, or broker a deal with the developer to include scripts used to monetize the extension or track users of it.
This seems to happen more on Chrome than on Firefox, and one of the reasons why that is the case is that Chrome extensions get updated automatically, often without the user even noticing that this happened.
So what can you do to prevent this from happening to you?
1. Check the source
The most reliable way of verifying an extension for third-party content is to check its source. This works best before it gets installed on the user system.
You can use Chrome extension source viewer for that for example. The add-on for the browser displays a button in the main toolbar that you can click on to display the source right in the browser or download the extension as a zip file instead to analyze it locally.
You can filter by type, for instance images, so that only code is displayed right away. While that is the best option, it only works if you can read the code.
If you don't, it won't do you any good unfortunately.
2. Check the reviews
This is again something that you do before you install the extension. User reviews may reveal that the extension is monetized or behaving in shady ways.
If you see lots of low score reviews there you may want to stay away from the extension regardless of what it promises to do.
3. Check the permissions
Whenever you hit the install button on the Chrome Web Store the permissions that the extension requires are displayed first.
You may be able to use the information to determine whether an extension requests permissions that are not required for its core functionality.
If you have an extension that improves the readability on Yahoo but requests permissions to manipulate all web pages you visit, then it is something that you need to consider before you install the extension.
It may not always be as easy to determine whether the permissions requested are required for its functionality or not.
You can check Google's support page that lists and describes all extension permissions.
The most important permissions that you need to look out for are the following ones:
- All data on your computer and the websites you visit.
- Your data on all websites.
- Your data on [list of websites].
4. Other tips
Once you have installed an extension it may be updated at any time without you having a say in it. You can install an extension such as Chrome Update Notifier Plus or Extensions Update Notifier to receive information whenever extensions were updated in the browser.
Another option is to disable all auto-updates in Chrome using system policies on Windows.
Now You: Have another tip on how to handle this? Feel free to share it in the comments below.