The Chrome Extensions You Use Should Be Much More Secure In October

Advertisement
Advertisement

Google now has a firm date for and more details about the changes that will be included as part of the next version of its review and policies centered around third-party access to user data commonly referred to as "Project Strobe." Initially slated to go into effect next year, the search giant now says those will be effective as of October 15, 2019.

The goal of the project, as outlined in previous updates about its progress, is to keep users safe when using Chrome extensions by preventing third-party developers from accessing more data than is actually needed to accomplish their given purpose. It will also ensure that transparency is built into every extension's policies and practices as detailed on the extension's Chrome Web Store listing and elsewhere.

It accomplishes that by 'extending' on previous policies that required extensions handling personal or sensitive user data to post a privacy policy and handle that data securely. As of October 15, that also applies to extensions that handle content the user themselves has agreed to supply either directly or simply through the use of the extension. Personal communications are covered under that same umbrella.

Advertisement

Consequences of not following through

Nothing will necessarily be changing in terms of how Google addresses violations of the bulk of its policies on the surface but Google is no longer simply suggesting extension developers follow the newest rule. Now, it's going to enforce them.

Developers will also need to narrow down the scope of their permissions and include the list of permissions required and why they're needed as well as only including or requesting access to new permissions during an update to the extension. Those that go beyond the scope of what's needed in terms of data collection will now be in violation of the policies. After October 15, the company will no longer accept extensions that do violate the polices and those that already do and haven't adjusted accordingly will be removed from the storefront and browser.

Advertisement

This is the less contentious of two incoming policy changes

These aren't the only changes the search giant is making to its browser in support of user privacy and safety either, although it's likely to be among the least contentious. With the new policies in place, privacy will be in the hands of end-users as much as it is in Google's but simultaneously, any potentially harmful extensions that don't detail exactly how they're handling user data and what it's used for — on top of permissions changes — will be removed.

Another recent change that addresses similar issues but in a completely separate fashion and specifically addresses the risks associated with ad blockers, is going to be much more controversial. Following the discovery that as many as 20-million users downloaded fake ad blockers in 2018, the company has decided to rein in exactly how much information those utilities have access to.

Advertisement

Summarily, the change will force developers to DeclarativeNetRequest API from webRequest API, effectively ending nearly unfettered access to the information input by users and the sites they visit — putting an end to ad blocking extensions acting as a 'man-in-the-middle' for internet activity.