Submit News Alternative Tip Form

Google Is Finally Cracking Down on Data-Harvesting Chrome Extensions

Google is to finally tackle the pervasive use of data-harvesting by Chrome extensions.

From July, the search giant will require all add-ons on the Chrome Web Store that collect user data in the background to ask you for your explicit permission to collect your data ‘via a prominent disclosure’ during install. Developers must also add encryption and  link to a privacy policy in their web store description.

But Google is not stopping there.

Extensions which collect data about your web habits when this behaviour is not integral to the add-on’s functionality — e.g., a toolbar weather app doesn’t need to access your entire browsing history to show the temperature — are going to be removed from the Chrome Web Store. 

The strict new User Data Policy comes into effect from July. Non-compliant add-ons still in the store after this date will be removed.

Explaining the reasons behind the change in a blog post, Google says: “protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled.”

About time, Google!

We get notified of hundreds of Chrome extensions by developers looking for a plug.  The majority of these we never write about because they have excessive permissions requests that are not needed.

We rarely bother to review any extension that asks for permissions to read, collect and change data on websites you visit.  And on the rare occasion we do (for example, if the add-on is from a reputable company and not a nameless developer) we tell you about this drawback up-front. 

A lot of other Chrome blogs are happy to aimlessly advise you to install an add-on that’s addled with this data harvesting drawback. We aren’t. This new user policy makes everyone’s lives easier.

Be prepared to see a lot of popular add-ons vanish from the store and users’ toolbars over the coming months…

  • yann933

    Will chrome ever reach a point like Android Marshmallow, where we can selectively choose which permission apps/extension can have access to or not. That would help the privacy issue even more.

    • I thought some permissions were already like this, but having all the permissions as runtime would help. Since that’s how all permissions work for websites anyways.

  • bananakabob

    Wait, how? I looked and Google Search, Gmail, etc. were all still there. How are they cracking down on data harvesting extensions?

    • Skunky

      Google is giving extension developers rules to follow and if they don’t comply to the new rules by a certain date (sometime next month), google will remove those extensions from the Webstore.

    • Most of those are web-apps (bookmarks to google services) not extensions. And the few that are, like Gmail checker, Gcal, +1 button don’t harvest browsing habits so are allowed.

      • view2share

        I think the meaning was lost somehow. Pretty sure the person meant that Google is the main harvester of data. Something pays for free. As long as the user know going in, what more can I say. Every service or product has to pay-out and in the case of Google products, they hope to know as much about you as possible so that they can use it as a sales tool. Just a different model of making money, and if you realize this and want to contribute, then you get the goodies ( apps and services ) for that cost. When you buy an Apple product, you pay up front for the hardware, software and services — this is what Apple is selling.

  • Now if they would just do something about the nasty “Sumo Paint” chrome extension that no matter how many times you try to uninstall it the icon and crap keeps coming back.

    • hellol11

      boi, it’s already online, it’s not like it needs an extension.

      • Yeah.. thanks for that incredibly helpful suggestion. I’m referring to those who installed this crummy extension over a year ago and have been trying to get rid of it ever since. And why would I even want to use a site that just spams everything under the sun.

        • M Bently

          You can try a ‘reset’ of Chrome from the SETTINGS screen, but I’ve had a few times where that didn’t remove the crap. If you un-install Chrome and re-install it, this usually does the trick.

  • Andrew Emerson

    This is why I don’t add much of any extensions on chrome that aren’t google operated.

    • I really love all my extensions though, they make life a lot easier.

  • Well done Google. Some of the posts refer to search and gmail etc, but I think this is more to do with third-party extensions harvesting your data without your knowledge or consent. Search is overt – if you put it in the Omni-bar, you should consider it publicly posted. However, if I load an extension to read text aloud, or provide a dictionary, I shouldn’t have that extension ploughing its snout through everything else on my computer. That is data theft and Google is making a step in the right direction. [So … Don’t bag google for a step in the RIGHT direction. :-) ]

    • Dagwood Bumstead

      Exactly. I’d like to know which popular ones are doing so, but that would leave people open to litigation, I suppose.

  • Annonymous

    Of cours the don’t want add-ons stealing user’s data, that’s what they do. Google doesn’t want competition inside its own browser.

    • Dagwood Bumstead

      Thanks Captain Obvious. The thing is Google is an entity we know and Google has to obey some sort of civil legal framework, and can be sued. A nameless developer, who knows exactly what they’re doing with the data or even where they’re located!

      • SheepleWhisperer

        Google obeys the law, absolutely. As laid out for NSA data collection and while a private company, censorship of political viewpoints is in full swing. They join the ranks of Twitter and Facebook as honeypots for Intel and Communist China taught them a lot… for censorship.

        • Dagwood Bumstead

          Not so sure about your premise – Sure some companies have/are collaborating, but I doubt Google has done so, or, willingly.

          Why would the NSA tap their lines if Google was working with them voluntarily? I’m sure if you search with DuckDuckGo, you’ll find some relevant hits on that data point.
          The story goes, that once Google found out, they were alarmed enough to lead a coalition of companies to develop encryption for end users, AND to encrypt data between the end user and Google Data Centres worldwide – As you know they have them scattered all over the world.

          But, who really knows – I guess that could be convenient (planned if it was ever discovered) if one is the paranoid sort.

          • brendadipalma

            It’s been 1 yr since I decided to leave my previous work and I never felt this good… I started freelancing at home, for a company I found over internet, several hours a day, and I earn much more than i did on my previous job… Last check i got was for Nine thousand dollars… Superb thing about this work is that i have more time for my family… SECURE47.COM