Google is finally fixing one of Chrome's biggest privacy flaws
Web browsers don't come any larger than Google Chrome – it's almost unfathomably big. As of March this year it has almost 70 per cent market share of all web browsers. (Firefox has less than 10 per cent usage and Internet Explorer makes up a measly five-and-a-half per cent.)
The problem with dominance on this scale is that when things go wrong the results can be catastrophically bad. Chrome extensions have been found housing malware, helping to spread crypto scams and slurping-up user data.
Now, Google has decided to do something about rogue extensions. The company is clamping down on what information the creators of an extension can access. The changes it is making will also apply to Google Drive and are long overdue.
"We’re requiring extensions to only request access to the appropriate data needed to implement their features," Ben Smith, Google's vice president of engineering wrote in a blog post. In practice, this should mean that when you are installing a new Chrome extension the creators won't be able to request too much of your information in exchange for the download. For instance, an extension that promises to spell check what you write shouldn't need to access your location.
READ NEXT
States and corporations are after your data. It's time to take control
States and corporations are after your data. It's time to take control
By GREG WILLIAMS
Developers behind Chrome extensions will also have to post privacy policies explaining how they use data they access from web users. This has previously applied to developers who handle personal and sensitive user data but is now being extended to extensions that deal with personal communications and other user content. It's another basic requirement that Google should have implemented years ago.
"Extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data," Smith writes. The changes will come into place this summer, with Google saying developers will get at least 90 days notice to introduce their changes. Apps that are found to be breaching the new rules could face being removed from the web store.
Google has decided to make the changes as part of its Project Strobe data review. It was launched last year after it was revealed Gmail add-on developers could read people's emails, including entire messages, who they were sent to and a litany of other private details. The revelations shouldn't have been a surprise for a company that is built on targeted advertising and user data but they prompted needed change from Google.
The history of Chrome extensions leaves a lot to be desired. In Sepetember 2018, file sharing website Mega.nz released a statement saying the extension it developed had been hacked. An auto-update to the extension increased what data the extension could access and would pull user login and password details for Amazon, GitHub, Google, and more. In January last year, Google removed four compromised extensions and in 2017 more extensions were found to be compromised.
Extension abuse hasn't been unique to Google, though. Mozilla, the creator of Firefox, removed 23 add-ons from its browser store after it discovered they were snooping on user data and sending it to remote services. One Firefox add-on called Web Security had been installed more than 220,000 times and was funneling data to Germany.
READ NEXT
Sign In with Apple is a direct attack on Facebook and Google
Sign In with Apple is a direct attack on Facebook and Google
By MATT BURGESS
However, the Chrome extension changes may be difficult for Google to enforce. The company says there are more than 180,000 extensions within its web store and more than half of all Chrome users – we're talking millions of people – have installed some extensions. It hasn't said if it will be hiring more staff, or dedicating more of its resources to enforcing whether the changes have been made. It has also previously had issues reviewing games aimed at children in its app store.
The changes to extensions come as Google is facing criticism around its dominance in the web browser space. This week the firm has said it will introduce changes to how ad blockers work on Chrome, which could essentially make them useless. The creators of ad blockers have criticised Google for introducing changes which they say could benefit its advertising business.
Meanwhile, if you want to get a grip on the data the web giant holds about you, here's how to delete your Google history.
The problem with dominance on this scale is that when things go wrong the results can be catastrophically bad. Chrome extensions have been found housing malware, helping to spread crypto scams and slurping-up user data.
Now, Google has decided to do something about rogue extensions. The company is clamping down on what information the creators of an extension can access. The changes it is making will also apply to Google Drive and are long overdue.
"We’re requiring extensions to only request access to the appropriate data needed to implement their features," Ben Smith, Google's vice president of engineering wrote in a blog post. In practice, this should mean that when you are installing a new Chrome extension the creators won't be able to request too much of your information in exchange for the download. For instance, an extension that promises to spell check what you write shouldn't need to access your location.
READ NEXT
States and corporations are after your data. It's time to take control
States and corporations are after your data. It's time to take control
By GREG WILLIAMS
Developers behind Chrome extensions will also have to post privacy policies explaining how they use data they access from web users. This has previously applied to developers who handle personal and sensitive user data but is now being extended to extensions that deal with personal communications and other user content. It's another basic requirement that Google should have implemented years ago.
"Extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data," Smith writes. The changes will come into place this summer, with Google saying developers will get at least 90 days notice to introduce their changes. Apps that are found to be breaching the new rules could face being removed from the web store.
Google has decided to make the changes as part of its Project Strobe data review. It was launched last year after it was revealed Gmail add-on developers could read people's emails, including entire messages, who they were sent to and a litany of other private details. The revelations shouldn't have been a surprise for a company that is built on targeted advertising and user data but they prompted needed change from Google.
The history of Chrome extensions leaves a lot to be desired. In Sepetember 2018, file sharing website Mega.nz released a statement saying the extension it developed had been hacked. An auto-update to the extension increased what data the extension could access and would pull user login and password details for Amazon, GitHub, Google, and more. In January last year, Google removed four compromised extensions and in 2017 more extensions were found to be compromised.
Extension abuse hasn't been unique to Google, though. Mozilla, the creator of Firefox, removed 23 add-ons from its browser store after it discovered they were snooping on user data and sending it to remote services. One Firefox add-on called Web Security had been installed more than 220,000 times and was funneling data to Germany.
READ NEXT
Sign In with Apple is a direct attack on Facebook and Google
Sign In with Apple is a direct attack on Facebook and Google
By MATT BURGESS
However, the Chrome extension changes may be difficult for Google to enforce. The company says there are more than 180,000 extensions within its web store and more than half of all Chrome users – we're talking millions of people – have installed some extensions. It hasn't said if it will be hiring more staff, or dedicating more of its resources to enforcing whether the changes have been made. It has also previously had issues reviewing games aimed at children in its app store.
The changes to extensions come as Google is facing criticism around its dominance in the web browser space. This week the firm has said it will introduce changes to how ad blockers work on Chrome, which could essentially make them useless. The creators of ad blockers have criticised Google for introducing changes which they say could benefit its advertising business.
Meanwhile, if you want to get a grip on the data the web giant holds about you, here's how to delete your Google history.
Recommended News for You
The key to creating virtual conferences that work
15 February 2023
Netflix’s Free Weekend, StreamFest
20 November 2020
Art Paris spring fair finally goes ahead
20 November 2020
