Should i give private data to the Extension/addon?
If extension gather some private data about my activity, like for example https://addons.mozilla.org/en-US/firefox/addon/clipboardhelper/ which gather my clipboard history.
"This add-on needs to:
Get data from the clipboard Input data to the clipboard Store unlimited amount of client-side data Access your data for all websites"
How to assess the resulting privacy risks?
1. Isn't there insignificant chance these data leak out thru other extensions? For example on Andorid (i am on Windows) i think that i heard that the apps has some common storage and it was/is possible one app read data of other app. Maybe it is not true and likely does not apply on Firefox on Windows.
2. or this extension send my data out to author or such? Btw. is there(why not) setting which would by default disallow extension to send data it gathered away via internet? And user would have to allow it on prompt.
Diubah
All Replies (1)
Just as when you install any other software, you should use some caution to only install add-ons that are trusted. Hypothetically, yes your data could be collected and sent to the developer. However, Mozilla does a pretty good job removing those add-ons from the add-ons website and they generally have low reviews.
The number of add-ons that use the permissions for legitimate purposes greatly outweighs the ones that use it for bad purposes.
Sometimes the permission descriptions may sound intimidating, but there are reasons why the developers need certain permissions. For example, let's look at the add-on that you have mentioned. I haven't actually looked at the code of the add-on myself, but as an add-on developer too I have a good idea of why the permissions are being used based just on the description of the add-on functionality.
The Get data from the clipboard and Input data to the clipboard permissions are pretty obvious for this add-on. It gives the add-on the ability to add things to clipboard and remove things from the clipboard. In this specific case, the add-on saves your clipboard information into the browser storage. There's a limit to how much can be stored in the browser storage and it can be pretty easy to go over that limit when you are having large amounts of text. The Store unlimited amount of client-side data permission allows the add-on to bypass the storage size limits.
Finally, the Access your data for all websites permission always sounds the worst. This simply allows the add-on to view data on any website and insert information into any website. For example, if you want to insert one of the saved clipboard items into a text box on a website, this permission gives the add-on the appropriate access to insert the text into the website.
But to answer your main question, I'd say that there's no more risk of a data leak by installing an add-on than there is installing any other kind of software on your computer. Any software could steal data, which is why you should always use your discretion when installing new software or add-ons.