24

Often I install simple add-ons for Google Chrome. However, they almost all need what appears to me as excessive access to my data. For instance, I install an extension that allows me to click on any part of a page and it gives me the color of the clicked object. This is what this extension requires:

View screenshot here

Why does it need my data on all websites? (Also, what does this imply?). And why does it need to know my browsing activity? I see this for almost all extensions, and it looks highly suspicious.

Rob W
  • 2,113
  • 18
  • 20

2 Answers2

18

I install a plugin that allows me to click on any part of a page and it gives me the color of the clicked object

For this to work, the plugin needs to register a click event handler and it needs to interact with the document object model of the current HTML page.

HTML was originally designed to share scientific documents. And while we build complex web applications today, it remains document orientated at its core.

The browsers cannot know what parts of a HTML page contain sensitive information. For example if you login to StackExchange, it will display your username in the top navigation bar. On your bank website there will be information on your money transfer and account balance. There is no structural difference between those informations and a text saying "Your answer".

Chrome does offer some protection against malicious plugins by preventing them from arbitrarily accessing your harddisk. But a plugin that needs to interact with webpages, can do anything to them. All other browsers have the same issues, they just don't go into detail.

Community
  • 1
Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
4

The basic problem is that the plugin model doesn't have a properly defined/granular authorization policy. In a lot of cases its all or nothing when it comes to certain pieces of information.

Maybe the plugin needs to know the particular URL of the page you are on. Well that might require access to browsing history, etc. The other part of the problem is that developers suck. They (we) like to have as much information about a user available so we can potentially do nifty things with it. A lot of times though the information isn't used.

On the other hand, the plugin could be sending the information back to some server to track usage or other nefarious activity.

Steve
  • 15,155
  • 3
  • 37
  • 66
  • 1
    "_The basic problem is that the plugin model doesn't have a properly defined/granular authorization policy._" At least Chrome has some control. With FF a plugin is a just a program that can be installed without superuser rights. "_Maybe the plugin needs to know the particular **URL** of the page you are on._" which is sometimes secret information that allows me to access your banking information, buy some stuff, steal your online account. In general, being able to read your cookies also allows such things. When a program is capable of reading your data on websites, you need to trust it anyway. – curiousguy Jul 01 '12 at 05:28