Tech news reports served up shocking news in January 2014 – malware creators used both free and paid in Google Chrome extensions to spread malware. If you stick to quality, well-reviewed extensions, though, you should be safe. It’s more difficult to stay out of trouble with regular that spy on you and sell your information to anyone willing to pay for it. These extensions mean trouble in three ways:
. They track all your browsing habits (not just your browsing habits using the extension) and send this data to their publishers. These publishers then sell this information to any marketer who wants it.
. Google Chrome and other browsers allow extensions to place advertisements on the pages you view (see developers.google.com/chrome/web-store/program_policies ). The makers of extensions take full advantage of this allowance.
. They try hard to hide from users the fact that they do any kind of user tracking – to the point of lying. For instance, they usually mention in their agreements that all usage statistics gathered is anonymous. They do connect your usage statistics to your email ID, though.
Do these extensions qualify for classification as spyware?
Spyware is defined as software that gathers personal information on people without their knowledge or informed consent. Seen in this way, these extensions do qualify as spyware. They track you and use the information gathered in ways that you wouldn’t allow if you knew what they did with it.
It isn’t difficult to use information obtained from such browser spyware to identify the users using them. For instance, when you sign into Facebook or Google+, something in the URL can often be used to identify you – it could contain your email ID, your name or something else that’s identifiable. A browser extension following you around only needs to record your social media URLs once you’ve signed in, to gain identifiable information that can be collected and sold.
Many extensions actually tell you what they’re doing
With many extensions (Eat My Cookies and Power Zoom, for instance), the tracking that they subject you to isn’t completely hidden. The license agreement that you accept does tell you clearly that they can collect usage statistics and transfer it to third parties. It doesn’t make any difference, though. No user looks at these user agreements.
They can try another clever trick
Many extension authors create useful extensions and get great followings just so that they can find shady marketers buyers for their product. These extensions have spyware code built in, but they are turned off. Even if you have been satisfied with an extension for a while, there’s no guarantee that it will continue to be good. It could be sold at any moment and have an ill-behaved marketer turn the switch on.
So what do you do?
The only real way to know if an extension spies on you is to get into some pretty deep computer investigation. You can install debugging tools like Fiddler to see what websites your extensions transmit data to, visit services like api28.webovernet.com see the names of the services that receive these transmissions and so on. If you simply want to remain safe, though, the only way to do it is to do a reasonable amount of research on every extension before you install it. You simply need to look it up on Google to see if anyone talks about any spyware or adware in relation to it.