Do extensions pose a risk?



  • Hi guys, there's something that I find equally practical and troubling with Vivaldi: by developing the browser so it can use the extensions from the Chrome store seamlessly, are we by any chance under risk of being tracked by Google specifically from this feature?

    I'm a bit paranoid about this Google stuff and even though I am fully aware that the moment you enter any Google service in your browser, you're done for, I would like to know from you guys if any stuff like that could happen as well with the mere interaction with their extension store.


  • Moderator

    @mepqfilho Interaction with the Google Web Store in and of itself should not be a source of risk. Being signed in to a Google account means Google has access to at least some of your data.

    Extensions are a different matter altogether. Certain extensions are totally safe, and certain others may mine data from you. Google ostensibly QA's extensions before they allow them to be offered in the Store, but their screening is not perfect, and any extension that is safe when you install it may become a data leech at a later date when it is updated. So all you can rely on are the representations and integrity of individual extension developers.

    All that said, Vivaldi aims to build in to the browser such a wide range of capabilities and options that a user doesn't have to install any extensions. That makes it run faster and lighter, and makes it more secure.


  • Vivaldi Ambassador

    Ok, an adblocker and a scriptblocker are always recommended (I use nano adblocker and Privacy Badger).
    Using Chrome Store extensions is not the same as exposing yourself to Google, as long as you do not use Google's extensions.
    You can even see what they are, by checking the option to search Google extensions, by checking the corresponding box on the left on the Store page. The others are extensions placed by third parties, independent of Google.
    But also be careful, as these can also compromise privacy or worse, such as some free VPN that, instead of using the IP of a public server use the IP of its users, such as the famous Hola, or hidden Crypto Miner



  • Worth doing if you're very paranoid:

    • You can turn on "developers mode" at vivaldi://extensions.
    • Then, you can click on an extension's background page to inspect it
    • go to the network tab to see if any web requests are being made with your private data
    • make a best judgement for your needs as to whether any web requests made are acceptable

    Also, note that if an extension is injecting stuff into pages you visit, that may well allow for additional fingerprinting.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.