Saltar al contenido

A Chrome security setting that you shouldn’t overlook

A Chrome security setting that you shouldn't overlook

I spent a lot of time talking about Android security settings , as the Android 10 option added to limit how and when apps can access your location. However, it is often lost in the confusion that the Chrome desktop browser has some important security options of its own and are just as critical to consider.

In fact, Chrome has an easy-to-see setting, which is somewhat similar to Android’s new location control feature. It’s attached to every Chrome extension you install, not long ago, and lets you decide exactly when an extension should be able to see what you’re doing on the web and be up to date with all the details (yes, even these details) about your browsing activity.

Suffice it to say, the setting is incredibly important. And if you’re like me, you might find some surprises by raising your eyebrows when you take the time to look at her.

So don’t wait any longer – here’s how you can accurately see how much of your web browsing data is accessed by various Chrome extensions, then take control to show it no more why it is really needed.

Four steps to smarter Chrome security

Okay, first step: write chrome: extensions In the address bar of your browser, then one by one, click the Details box for each extension that appears on the page.

But with other extensions, you’ll see one of the three access levels listed:

  • Clicking , which means that the extension can only see and change what’s in your browser when you actively click on it (and then only for the site that is currently open in that specific tab)
  • On specific sites , which means that the extension can only see and change the content of your browser when you are on the site or sites specified here.
  • Everywhere , which means that the browser forever can view and modify everything in your browser without restrictions.

Now, depending on what an extension should do, it may or may not legitimately need access to view and modify browsing data at any of these levels. For example, an ad blocking or script blocking extension must be able to view and edit every page you open, if it detects and then blocks certain types of content for you.

But in reality, the vast majority of extensions are not needed what the both access. In any case, they need to see what you’re browsing, whether it’s just a specific URL or even when you’re actively clicking on them to enable their feature. And yet, quite a few Chrome extensions require unlimited continuous access to your web browsing data – more than a third of all extensions, according to an analysis Made earlier this year, and looking at my own list of installed Chrome extensions, I came across some pretty puzzling examples.

E.g: extension official Save in your pocket , the sole purpose of which is to save an article to my pocket account for later reading each time I click on its icon, it gives me access to read my data on all websites, all the time. Let me repeat: the only real function of the extension is to save an article when I click on its icon . There is absolutely no reason why the software should be able to see and access everything they do on every web page, all the time. And yet, well:


JR

It’s not good.

Another that took me by surprise: extension official al Authy Chrome , which only exists as a shortcut to open the full Authy application for managing two-factor authentication code. This doesn’t have to know what I’m doing on the web at some point. And yet here we are again

Chrome security settings: Authy
JR

This is where step three comes into play: when you come across an extension like this and when you have thought about it carefully and come to the conclusion that reducing the level of access will not affect any legitimate features that the software should work on. , adjust the permissions by clicking one of the lower access options in the same area.

Here’s the catch: you may encounter some cases where an extension won’t work without the level of access it initially requires. For example, with Pocket, I changed the extension so that I can access my site data only when I click on its icon, which should theoretically be all you need to do your limited work, and now every time I click on its icon, an error occurs informing me that the page I am viewing cannot be saved. This means that I will have to decide whether I will continue to use the extension despite this apparent overrun or the entire tranche and replace it with a solution (such as the service simple book market who does pretty much the same thing without asking Not access to my web browsing data).

However, with most extensions, you shouldn’t see any difference in how things work after you’ve significantly reduced your permissions. With Authy, I changed the extension so that I can only access my site data when I’m on authy.com (because, oddly enough, there’s no way to to deactivate full permission, so it seemed to me the best way to remove it). And then I sent some curses to the company because I was claiming such insanely wide access in the first place. Aside from being disproportionately satisfied with me for my creative choice of blasphemy (which, unfortunately, I cannot reissue here), my situation is now identical to what it was before, practically speaking.

Other extensions whose permissions we adjusted seamlessly included a simple color-coding utility, a tool to save any image on the web as PNG, and what about that? extension official Save to Google Drive from Google . All these extensions claimed the possibility to read data from the site All the default time, when all they really need to work (and all they’re really justified to have) is the «click to read» setting.

Now, to be fair, it’s quite unlikely that most of these extensions did this for unfortunate reasons. This granular approach to Chrome extension security settings only exists since last October and, prior to this point, extensions were only offered the binary option to request access to all or none of their browsing data. The three extensions I just mentioned were last updated before the time of that change (which is also an issue in itself, but we’ll save the topic for another day), so it’s likely your permission. Default wide access to the site to be just a kind of inherited remnant. (The same goes for Authy, though not specifically for Pocket, whose extension was last updated last July.)

However, I now have the ability to correct this in most cases. So I did it. And you should too.

One more thing: I’d miss it if you didn’t mention that every time you install a new extension from the Chrome Web Store, a pop-up window appears with a list of permissions that the extension requires. And, yes, that collection includes the default settings for the extension so that you can read and edit the data on the sites you see.

Chrome security settings: extension permissions
JR

But look: even the wisest of us are prone to occasionally clicking on such screens without carefully considering their implications. We all have. We’re just people. (Well, most of us are, anyway. Don’t take offense, but I’m not 100% sure of you.)

So, step four: once you’re done cleaning your security settings extensions current of Chrome, turn it into a personal policy from now on – don’t click on these disclosures. Take a close look at the permissions for each new extension you install, and then consider whether you should change the data view permission for any given extension by default.

The beauty of Chrome’s current settings is that it doesn’t have Rather than giving any extension the full level of access to the data view it is trying to apply. But it depends on you think carefully every time, then take steps to regain control of your personal data when needed.