浏览器(Browser)扩展可以改善您的浏览体验、阻止侵入性广告或为您的日常互联网使用带来新功能。有数以千计的浏览器扩展和扩展开发者,所以谨慎使用的扩展是明智之举。
安装扩展程序时,您授予它使用某些数据的权限,因此最好了解如何仔细检查并仅安装安全的浏览器扩展程序,以确保它们不会恶意使用您的信息。
安装前检查安全浏览器扩展(Checking For Safe Browser Extensions Before Installing)
值得庆幸的是,检查浏览器扩展程序的安全性比在计算机上安装程序更容易。这是因为每个浏览器扩展都会在安装之前列出它请求的任何权限。
权限可以是查看您的搜索历史记录、访问您的网络摄像头、在特定网站上读取您的数据或修改您输入、复制或粘贴的数据等任何内容。
如果浏览器扩展没有权限,它就无法执行任务。因此,例如,扩展程序不可能访问您的网络摄像头,除非在安装页面上说明了访问权限。
当您安装浏览器扩展程序时,您应该做的第一件事是检查这些权限。他们可以告诉您很多有关浏览器扩展安装后可以做什么的信息。让我们以Social Blade为例。
Social Blade是一种工具,可以告诉您Twitch、YouTube、Instagram、Twitter和更多平台上的帐户的增长统计数据。它非常适合跟踪您自己的成长、跟踪竞争对手或那些对他们最喜欢的创作者感到好奇的人。
当您将Chrome Social Blade 扩展(Chrome Social Blade extension)添加到您的浏览器时,它会请求读取和更改Facebook、YouTube、Twitch、Twitter和Instagram 上(Instagram)数据的权限。鉴于扩展程序的作用,这听起来像是一个安全的浏览器扩展程序。当您安装它时,它会在您浏览它时显示每个网站内的Socialblade统计信息。(Socialblade)因此,为什么需要这些权限是有道理的。
即便如此,当它可以访问和编辑社交媒体网站上的数据时,您可能会对使用此服务感到有点担心。所以,在这一点上,它取决于你自己的判断力。你信任这个开发商吗?Socialblade在业界享有盛誉,他们的网站上有隐私政策(a privacy policy on their website),链接在他们的扩展页面上。
但是,或者,您会相信来自更不知名的开发人员的类似扩展吗?例如,来自名为 system.unplugged 的开发人员的此扩展程序具有 1 星评级,并且没有公共隐私政策。
也许不是,但话又说回来,即使你下载它,它也只能访问安装扩展时声明的权限。
这个权限系统对于Chrome和Firefox都是一样的。在Microsoft Edge上,您需要格外小心。已授予权限,但它们首先通过Microsoft Store,这意味着您必须向下滚动以首先阅读权限。按安装时没有警告。
总之,首先检查权限。如果它们与扩展程序提供的服务有关,那么您很可能是清楚的。接下来,检查开发人员及其隐私政策,看看他们是否值得信赖。
最后,阅读扩展评论,如果您想进一步了解,请仔细查看开发人员在其网站上的公开资料和隐私政策。
哪些是安全浏览器扩展权限,哪些不是?(Which Are Safe Browser Extension Permissions & Which Aren’t?)
当您授予浏览器扩展权限时,这实际上意味着什么可能有点令人困惑。为了帮助您,我们提供了更详细的说明,以便您在安装新的浏览器扩展程序时能更清楚地了解情况。这些指南基于Google 提供的(provided by Google)信息。
高风险浏览器扩展权限(High Risk Browser Extension Permissions)
您应该立即怀疑任何需要访问您计算机和您访问的网站上所有数据的扩展程序。如果扩展程序需要访问您计算机上的任何数据,而不仅仅是浏览器本身内的数据,您应该担心。这表明它不是一个安全的浏览器扩展。
下载这些应用程序时要格外小心(Take extreme precaution),即使是从受信任的来源下载。
中等风险浏览器扩展权限(Medium Risk Browser Extension Permissions)
您应该对需要您访问的网站上的数据的任何扩展保持适度怀疑。扩展程序很少需要在您访问的每个网站上收集数据。(every website)扩展程序更有可能需要访问权限才能读取、请求或修改特定网站列表上的数据,您可以自行决定是否允许此权限。
例如,Socialblade需要访问特定社交媒体网站上的数据,以提供深入的统计数据。扩展的唯一功能需要这种访问才能工作。
了解扩展的功能,并问问自己该功能是否与权限请求相匹配。您永远不应授予对PayPal(PayPal)或银行 网站等网站的扩展访问权限。
低风险浏览器扩展权限(Low Risk Browser Extension Permissions)
以下任何权限都被视为低风险。通过这些权限请求,您不太可能成为欺诈或恶意行为的受害者。但是,如果您想通过这些权限放弃您的数据,则由您自行决定。
- 您保存的书签
- 您的浏览历史
- 您的标签和浏览活动
- 您的实际位置
- 任何复制和粘贴的数据
- 已安装应用程序、扩展程序和主题的列表
概括(Summary)
使用用于浏览器扩展的权限系统,可以很容易地了解扩展正在访问哪些数据。话虽如此,您应该谨慎并了解每次允许权限时发生的情况。
希望本指南有助于解释哪些权限是安全的,以及如何仅从值得信赖的开发人员那里找到安全的浏览器扩展。
How To Install Only Safe Browser Extensions
Browser extensions can improve your browsing expеrience, block intrusive ads, or bring new functionality tо your everyday internet usage. There are thousands of browser extensions and extension developers, so it’s smart to be cautiоus about the extensions you use.
When you install an extension, you give it permission to use certain data, so it’s best that you learn how to double-check and install only safe browser extensions to be sure they aren’t using your information maliciously.
Checking For Safe Browser Extensions Before Installing
Thankfully, checking the safety of a browser extension can be easier than installing a program to your computer. This is because every browser extension will list any permissions it requests before being installed.
Permissions can be anything from viewing your search history, accessing your webcam, reading your data on specific websites, or modifying data that you enter, copy, or paste.
If a browser extension doesn’t have permissions, it cannot perform a task. So it’s impossible for an extension to access your webcam, for example, unless the permission to access it is stated on the installation page.
When you go to install a browser extension, the first thing you should do is check for these permissions. They can tell you a lot about what the browser extension can do once it is installed. Let’s take Social Blade, for example.
Social Blade is a tool that can tell you the growth stats for accounts on Twitch, YouTube, Instagram, Twitter, and more platforms. It’s great for tracking your own growth, tracking competitors, or for those curious about their favorite creators.
When you add the Chrome Social Blade extension to your browser, it asks for permissions to read and change data on Facebook, YouTube, Twitch, Twitter, and Instagram. Given what the extension does, this sounds like a safe browser extension. When you install this it, it’ll show Socialblade stats within each website as you browse it. So it makes sense why these permissions are needed.
Even so, you may feel a little apprehensive about using this service when it can access and edit data on social media websites. So, at this point it comes down to your own discretion. Do you trust this developer? Socialblade is well regarded in the industry and they have a privacy policy on their website, linked on their extension page.
But alternatively, would you trust a similar extension from a more unknown developer? For example, this extension from a developer called system.unplugged has a 1 star rating and no public privacy policy.
Maybe not, but then again, even if you download it, it can only access the permissions stated when installing the extension.
This permission system is much the same for both Chrome and Firefox. On Microsoft Edge, you need to be extra careful. Permissions are granted, but they go through the Microsoft Store first, which means you will have scroll down to read the permissions first. There’s no warning when you press install.
In summary, check the permissions first. If they are related to the service the extension provides, you’re most likely in the clear. Next, check the developer and their privacy policy to see if they are trustworthy.
Finally, read extension reviews and if you’d like to take it further, take a closer look at the developer’s public profile and privacy policies on their website.
Which Are Safe Browser Extension Permissions & Which Aren’t?
When you give permissions to a browser extension, it can be a little confusing what that actually means. To help you, we’ve provided a closer explanation so that you can be more informed when installing new browser extensions. These guidelines are based on information provided by Google.
High Risk Browser Extension Permissions
You should be immediately suspicious of any extensions that require access to all data on your computer and the websites you visit. You should be concerned if an extension needs to access any data on your computer, instead of just data within the browser itself. This is a sign that it’s not a safe browser extension.
Take extreme precaution when downloading these apps, even from trusted sources.
Medium Risk Browser Extension Permissions
You should be moderately suspicious of any extensions that require data on the websites you visit. It’s rare that an extension should ever need to gather data on every website you visit. It’s more likely that an extension may need access to read, request or modify data on a specific list of websites, and it’s down to your sole discretion to allow this permission.
For example, Socialblade requires access to data on specific social media websites that it can provide in-depth stats for. The sole functionality of the extension needs this access to work.
Understand the functionality of an extension and ask yourself whether the functionality matches up to the permission requests. You should never give an extension access to a website like PayPal or your bank’s website.
Low Risk Browser Extension Permissions
Any of the following permissions are considered low risk. You’re unlikely to be the victim of fraudulent or malicious behavior with these permission requests. However, it’s down to your sole discretion if you’d like to give up your data through these permissions.
- Your saved bookmarks
- Your browsing history
- Your tabs and browsing activity
- Your physical location
- Any copy and pasted data
- A list of installed apps, extensions and themes
Summary
With the permission system used for browser extensions, it can be easy to understand what data an extension is accessing. With that being said, you should be cautious and understand what is happening each time you allow permissions.
Hopefully, this guide has helped to explain which permissions are safe and how to find only safe browser extensions from trustworthy developers.