If you use Google Chrome, you most likely have at least one or two extensions. Although extensions can improve your browsing experience, that also means an extra set of eyes on your personal data.
Now — as a part of Project Strobe — Google is putting restrictions on extensions to help minimize their access to users’ data. Ben Smith, Google Fellow and Vice President of Engineering, announced the changes in a blog post.
The biggest change is that all extensions have to use the “minimum set of permissions necessary.” Essentially, if something can be achieved multiple ways, the extension has to use the one that requires the least-sensitive amount of data.
In addition, extensions now have to post privacy policies in the Chrome Web Store. Google’s past policy already required that of extensions dealing with personal and sensitive user data. Now, they’re expanding the category to include any extensions handling user-provided content and personal communications.
There are over 180,000 extensions in the Chrome Web Store, so these changes will impact a lot. As noted by The Verge, they seem to stem from a realization that developers of Gmail apps had “near-complete access to users’ emails” last summer.
Along with switching things up for extensions, Google will place similar data limitations on apps that access Google Drive. They’ll be stopped from “broadly accessing” content with the exception of specific files they need.
The changes aren’t in effect yet, but you can expect to see them roll out over the summer and into early next year. For users, this probably won’t change much in day-to-day use, but it does help keep you a little safer.