With 4 million Chrome extensions downloaded by users daily, it’s clear that we love expanding the functionality of our browser in new ways. What isn’t so great is when we see in the news that a Chrome extension or two has stolen the data of millions and seemingly gotten away with it. Extensions are a hot mess right now, to put it lightly, but with great power comes great responsibility – or so a highly specific pop culture icon’s uncle once said – so, if we’re going to continue to use and trust Chrome extensions, they’re going to need to be subject to better “supervision”, so to speak.
That’s why Google has been on a warpath against bad actor extensions as of late. Just last month, they revealed their roadmap for limiting how much data a developer can collect on your browsing habits and they also outlined their plans for policing how it can be used. Additionally, they revealed their plans to offer a ‘seal of approval’ of sorts for extensions that follow a strict set of guidelines and respect users’ privacy.
During this upcoming year (presumably early on), Chrome will change how extensions access data and how permissions work when an extension is installed. You will be in charge of determining which websites the extension can access while you’re browsing. The extension itself has historically been able to make a determination on this, thus allowing the developer to use your browsing data for anything they want without even informing you!
Once you grant an extension permission to access a website’s data, that preference can be saved for that domain. You can also still decide to grant an extension access to all the websites you visit, but that is no longer the default.
The Keyword
Another way in which Google is holding extension developers accountable is by requiring them to list exactly what data they’re using and how. Come 2021, the details page and the Chrome Web Store listing for each of your extensions will reveal, in plain sight, what was previously hidden. By clicking the ‘Privacy practices’ tab, you’ll be able to read through exactly what that developer has agreed to in regards to data collection and usage. Any deviation from this should get them removed from the Web Store. Going forward, we’re hoping that Google comes in stronger and faster with this and lays the smack down before bad actor extensions have time to do any damage.
Lastly, Chrome will start offering more proactive measures against these types of extensions in 2021 through Enhanced Safe Browsing. Last year, they updated their safety check tool in the browser’s settings to help you identify potentially harmful extensions and remove them. At this time, we aren’t sure what they will reveal, but we’re excited to find out as we continue to watch Google transform the Chrome Web Store from the wild west into a properly managed marketplace for extensible functionality. Now if they could just redesign it or move everything into the Play Store as they’re starting to do with PWAs, we’d be ecstatic!
