Google Chrome extensions can access all websites you visit. For the most part, this is a necessary requirement to build productivity tools that can save many hours of your time. Unfortunately, sometimes extension developers don’t have the best intentions in their mind and sell your browsing history to third-party companies to make an extra buck. What can you do to take control of privacy and security back in your hands?

Required permissions

Examine permissions that extension requires before installing the extension. Similarly, as you do when installing a new app on your smartphone. Think if requested permissions match the intended use of the extension. For example, does Instagram automation extension needs access to all websites you open? Most likely no. Watch out for extensions with very broad permissions sets.

Optional permissions

Google encourages extension developers to use the optional permission model. This way permissions are requested when it is needed. Think of how it is done on Android or iOS when the app wants to access your location. Prefer extensions that are using optional permissions. You will be able to make a better judgement of requested permission when it is requested with context.

Privacy policy

All extensions in Chrome Web Store must have a working privacy link. You should carefully read privacy information before installing any extension. You should pay extra attention to what private information is collected and if it is transferred to third-parties.

Site access control

You can always go back and reduce extension permissions in browser settings. Even if you accepted the widest website access when installing the extension.

How to limit Chrome extensions access to websites:

  1. Navigate to chrome://extensions
  2. Click “Details” button on the extension card that you want to modify
  3. Scroll until you see “Site access” section
  4. Change site access to one of the below
    • On click - extension only has temporary access to a website after you click on the extension icon
    • On specific sites - extension has access to websites you specify
    • On all sites - extension has access to all websites even if you don’t interact with the extension

Summary

It’s not always trivial to understand how Chrome extensions work or what permissions are essential. Hopefully, after this article you know a couple more tips on how to evaluate extensions before installation and how to limit permissions after the fact. When was the last time you checked how many extensions you have installed and what permissions are being used? Start by navigating to chrome://extensions.

DataMask extension privacy and security

Our core mission at DataMask is to make it easier to hide your private information without spending more time. We do not collect web browsing data. Our telemetry is limited to your interactions with the extension and is deleted after 90 days. We do not sell any data or telemetry to third-parties.