I've loved the Google Chrome browser ever since it arrived on scene. It is fast, sleek, and just feels right. In all places I browse I install it if it isn't there, and hate the few sites that seem to still require IE. Then came extensions and my life was made whole! IETab and now I don't have to switch to IE! Extensions for twitter, facebook, email, url shortening, taking screen shots of the page I'm on, and most recently a new toy called Evernote.
Now for whatever reason, when I installed Evernote's web clipper extension I noticed the security information:
- Your data on all websites
- Your browsing history
Well, that seems like a lot of access, so I decided to learn more (from http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=186213):
Apps and extensions you install may have access to your data. You might also see a warning dialog when an already installed extension or app is updated, if the item requests new or different permissions. A warning doesn’t mean that the extensiondoes do something dangerous, just that it could.
Don’t install an app or extension unless you trust its creator. Check the item’s ratings and reviews to determine if it’s trustworthy.
Here are the permissions that apps and extensions may request. Click the links to see more details.
This item contains an NPAPI plug-in.
Caution: NPAPI plug-ins can do almost anything, in or outside of your browser. For example, they could use your webcam, or they could read your personal files.
Your list of installed apps, extensions, and themes
This item can read the list of themes, extensions, and apps that you have installed. It can't install items, but it might enable, disable, uninstall, or launch items that you've installed.
Your bookmarks
This item can read, change, add to, and organize your
bookmarks.
Your browsing history
This item could look at your
browsing history. This warning is often a by-product of an item needing to open new tabs or windows.
Your data on all websites
This item can read every page that you visit -- your bank, your web email, your Facebook page, and so on. Often, this kind of item needs to see all pages so that it can perform a limited task such as looking for RSS feeds that you might want to subscribe to.
Caution: Besides seeing all your pages, this item could use your credentials (
cookies) to request your data from websites.
Your data on {list of websites}
This item can read the pages that you visit on the specified websites.
Your physical location
This item uses
location information that your computer provides about where you currently are.
Well now, what! Now I'd better look at some of my other extensions!! Lo and behold a couple extensions had the top level of access, I nearly passed out. Plugins have access to my ENTIRE computer.
This all made me wonder for the first time in my life about FireFox. What permissions do their add-ons have? It must be similar right? If it similar then they aren't telling. I cannot find anything describing what access you grant to a FireFox add-on when you install it.
The key text in Googles description above is "Don’t install an app or extension unless you trust its creator.". Well how can I trust some person or company I've never met? And even if I trust them, for some strange reason, how can I trust all the people that work for them, their data hosting company, their security and on and on.
Here is the strange part; I trust Google more than ever because of all this. Google is forcing application and extension developers to be clear about what access their code needs to function, and the transparency this provides makes me more comfortable when dealing with Google as a whole.
But now I need help with a couple of questions:
1) What permissions to extensions/add-ons in other browsers have to the data on my computer?
2) How do you know if you can trust the developer of this code?
I've loved the Google Chrome browser ever since it arrived on scene. It is fast, sleek, and just feels right. In all places I browse I install it if it isn't there, and hate the few sites that seem to still require IE. Then came extensions and my life was made whole! IETab and now I don't have to switch to IE! Extensions for twitter, facebook, email, url shortening, taking screen shots of the page I'm on, and most recently a new toy called Evernote. 
No comments:
Post a Comment