Google will make it easier to choose what websites a Chrome extension can access
In an attempt to bolster extension security, Google recently made some changes to the data collection policies for Chrome extensions. Thanks to the new policies, the Chrome Web Store will soon limit what extension developers can do with the data they collect. Google will also require developers to certify their data use practices and display that information on the Chrome Web Store. Building upon these new policies, Google has now announced that it will make it easier for users to choose what websites an extension can access.
Extensions are currently a bit of a privacy nightmare, as they get to choose which websites they can access upon installation. For instance, if you use the Grammarly extension, you’d know that it runs on all websites by default. And if you don’t want it to work on a particular website, you have to click on the three-dot menu in the extension list and then click on the “this can read and change site data” to restrict Grammarly’s access to the current domain or a list of whitelisted domains. While you can also set website access by going to the extension’s details page at chrome://extensions, you can only make such changes to it after it’s installed.
However, as per today’s announcement, the Chrome Web Store will soon present with you a new option when you’re installing an extension that will let you set website access. This option is expected to make it easier for users to set website access for each extension. On top of that, the option will also alert users who currently don’t even know that they can limit website access for Chrome extensions.
While the announcement doesn’t specifically mention when this new option will be available in the Chrome Web Store, we expect it to go live alongside the new “Privacy practices” declarations next month. Speaking of which, Google has also shared a more detailed screenshot of the declaration, showcasing exactly what information will be displayed to users.
As you can see in the attached screenshot, the sample extension collects personally identifying information, including name, address, email address, age or identification number. It also collects authentication information and data about the user’s activity. The declaration also includes a section highlighting that the data collected is not sold to third parties, isn’t used or transferred for purposes that are unrelated to the item’s core functionality, and isn’t used or transferred to determine creditworthiness or for lending purposes.