Something important you need to consider for every extension you install.
The article in question is titled “Did You Know Browser Extensions Are Looking at Your Bank Account?”
In some ways, the article feels a little sensational. In other ways, it doesn’t go far enough.
Regardless, this is a very important concept to understand.
Become a Patron of Ask Leo! and go ad-free!
Can extensions be trusted?
Extensions add a wide variety of functionality to web browsers. In order for them to be able to do what we want them to, they need access to almost everything, often including the complete contents of the webpages we view. Extensions from trusted and reputable sources limit their activities to what they promise, even though they could do much, much more. Extensions from elsewhere? There’s no real way to know.
Browser extensions, also called add-ons or plugins, provide functionality the browser’s features do not include. Examples include ad blockers, password managers, web clippers, security software, and more.
Often browser extensions make the rounds by nothing more than word-of-mouth advertising as people use them to resolve issues or add functionality.
Can they see?
For extensions to perform their task, they need access to information within the browser. Sometimes that information is limited — perhaps the URL of the page you’re visiting, and nothing more. Other times, that information seems unlimited.
While most browsers have a more granular permissions system, many extensions ask for, and get, access to everything.
Everything in this context means your browser settings, the pages currently displayed in your browser, and the content of every webpage you view.
Some extensions also have the ability to modify what you see before you see it. For example, there are extensions designed to configure your Facebook experience more to your liking: they make a variety of changes to the pages you see, based on the options you choose.
So, can a browser extension see your bank account when you visit your bank’s website?
Absolutely. Browser extensions can see anything on any site, banking or not.
And, yes, that’s an important security risk to be aware of.
The real question is, do they? Do browser extensions look at your bank account?
Even that isn’t a simple question to answer.
An extension that, for example, scans webpages you visit to provide some kind of functionality could very well be scanning your bank account pages as you visit your bank.
Do they know it’s a bank? Do they care it’s a bank?
Not if they’re legit. But if scanning pages is required to do the job the extension provides, then yes, they could be looking at it.
Whether or not they do something malicious while they’re in there brings us to the most important take-away of all.
Only install extensions you trust
Given the access extensions can have to see the content of every webpage you visit, you’re placing a tremendous amount of trust in them. A browser extension could, for example, promise to do one thing — or even actually do it — but it could also be slurping up all your data and saving it for some hacker somewhere.
It’s critical, then, that you trust whoever is providing the extensions you use.
Whenever you consider adding yet another extension (and I’ll admit, they do seem to accumulate), think long and hard about whether the promised functionality is worth the security risk. Take the time to determine who’s providing it and how much of your trust they deserve.
When in doubt, live without the extension.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!