I wanted to install this extension, but I have security concerns.
The extension needs permission to "Access your data on all websites". This makes sense, but I presume this includes password and credit card fields, bank routing numbers etc.
This page says that certain permissions require a warning shown to the user, but certain permissions don't trigger warnings. Among the permissions that don't trigger warnings is 'webRequest'.
How can I be sure that this extension (or any) isn't reading my sensitive data and writing it back to a db via an invisible web request?
Best Answer
Adblock extensions require ability to access and modify the full HTML content of pages you visit, in order for element-blocking rules to work (e.g. to hide all
<div id="advert">elements). So of course they could abuse this access, and it is very hard to determine it programmatically.In the case of Adblock Plus, you could examine the publicly available source code; but other than that, you'll just have to trust it. The extension has been around since 2006 for Firefox and 2010 for Chrome, and hasn't caused security issues since then nor has been ever removed from either program's extension store. It is reasonable to assume that it is trustworthy.