Why Free Browser Extensions Can Be Dangerous
On a daily basis we make use of different browsers to surf the internet using our PCs and these browsers develop adds up new features especially extensions from third-party developers and these might cause a threat to our online activities I,e privacy and security. In this article, we would discuss what could be wrong with browser extensions and how you can minimize the chances of one of them ruining you.
Browser extensions, and its importance?
Browser extensions are like plugins for your browser that adds certain functions and features to it. Extensions can modify the user interface or add some Web service functionality to your browser. Extensions depending on the purpose can be used to block ads on Web pages, translate text from one language to another, or add pages to a third-party bookmark service such as Evernote or Pocket, change your PC browser into a mobile browser and lots you can think of. there’re thousands of them, for productivity, customization, shopping, games, and more.
Issues faced with extensions
- Malicious extensions: Extensions can be developed just to be malicious. This is common mostly with extensions from third-party websites. Security researchers recently uncovered four extensions in the Google Chrome Web Store that posed as innocuous sticky notes apps but in fact, were caught generating profits for their creators by secretly clicking on pay-per-click ads.
- How can an extension do something like that? Well, to do something, an extension requires permissions. Problem is, of the browsers people commonly use, only Google Chrome prompts the user to grant these permissions (or not); other browsers allow extensions to do anything they want by default, and the user doesn’t have a choice but to accept it. But with the new GDPR Compliance law, all browser would need to prompt users for permission on the extension activities. Lately, another malicious extension was discovered, they’ve been used by crooks to spread malware in Facebook Messenger. You might want to do a Google search on that topic for more information on how it was carried out.
- Hijacking and buying extensions: Browser extensions are an interesting target for crooks because a lot of extensions have massive user bases. And they are updated automatically, which means that if a user had downloaded an innocuous extension, it can be updated to become malicious; that update would be pushed to the user right away and the user won’t notice anything at all. A good developer won’t do such a thing, but their account can be hijacked and a malicious update can be uploaded to the official store on their behalf. That’s what happened when crooks used phishing to get the access credentials of the developers of a popular plugin called Copyfish. In that case, the plugin, which originally performed optical character recognition, was used by crooks to serve additional ads to users.
- Extension can be dangerous naturally: Even extensions that are not malicious can be dangerous. The danger arises because most extensions have the ability to collect a lot of data about users. To earn more money, some developers sell anonymized data they’ve collected to third parties. That’s usually mentioned in the extension’s EULA, and generally, it’s OK.
Here’s the issue, sometimes that data is not anonymized enough, which leads to some serious privacy issues: The parties that purchase the data can identify the users of the plugin. It once happened to Web of Trust, a once-popular plugin for Chrome, Firefox, Internet Explorer, Opera, Safari, and other browsers. The plugin was used to rate websites based on crowdsourced opinion. Aside from that, the extension collected the full browsing history of its users.
A German website claimed that Web of Trust was selling the data it collected to third parties without properly anonymizing it, which resulted in Mozilla’s pulling the extension from its store. The creators of the extension then removed it from all of the other browsers’ stores. However, a month later the extension was back in stores. Web of Trust is not a malicious extension, but it can harm people nonetheless by exposing their data to someone who is not supposed to see what websites users visit and what they do there.
Here are some tips to use extensions safely.
As we now know that extensions can be dangerous, some of them are really useful, and that’s why you probably wouldn’t want to abandon them completely. It might be safer not to use them at all, but that’s inconvenient, so we need a way to use extensions more or less safely.
- Avoid installing too many extensions.
- Install extensions only from official Web stores.
- Pay attention to the permissions that extensions require.
- Use a good security solution.
Polina works as marketing manager for a year now and loves searching for interesting topics for you:)