Who maintains [your browser extensions]? Is it the same entity that maintained it when you first installed? Are you sure?
I'm 100% sure you don't know these things, but you probably should! Because there's a dirty little (well, not so little) secret in the browser extension realm:
Many people, maybe even most people, developing a useful but free extension will sell out when enough cash is waved in their face.
And who's to blame them, really? If you were developing some little extension for fun or your own convenience in your spare time, it took off in popularity and user install count, and suddenly some marketing firm is offering you $50k for it, would you sell it? As much as I want to say I wouldn't for moral reasons, I very well might!
While browsers do typically (or always?) ask for permissions again when an extension is updated and wants new ones, most people pay these pop-ups exactly zero mind. What could go wrong? After all, you've been using that extension for months, maybe even years, and it's been fine. Well, that extension could've changed owners, and the new guys didn't spend $50k on it out of the goodness of their hearts!
Without you realizing what's happened, you just granted the extension, now under new ownership, permission to spy on you. As demonstrated by this scary article, there's a *lot* of spying it can do! How often does this happen? Well, it's more often than you think. Plenty of big-name extensions have been bought out and had trackers installed. One even stole the users' cookies to like Instagram posts behind the scenes to boost their own shit! Pretty slick.
- The original AdBlock
- Nano Adblocker and Defender
- Ghostery
- Stylish
- Tampermonkey
- The list goes on, but I'm too lazy to find any more.
What can you do about it? Not much, unfortunately. First, you should only be using extensions that have an open-source codebase. Second, any time an extension asks for permissions again after the initial install, you should be very wary and start googling and checking reddit to see if you can find out why.