Why does Cliqz not allow third party add-ons?

Many browser extensions out there use questionable practices in terms of data protection. Some collect data in the background, which is aggregated into profiles and then sold. Therefore, Cliqz integrates add-ons only after strict review.


Björn GreifEditor

Cliqz for Windows and Cliqz for Mac are based on Firefox technology. However, contrary to Mozilla’s browser, Cliqz does not allow the installation of add-ons. We deliberately decided to block third-party browser extensions in order to provide comprehensive privacy protection to your users. While add-ons can offer useful features, they can also access and collect a vast range of data in the browser and on your computer. You cannot know for sure whether an extension logs your site visits, search queries, online purchases, or transactions on web pages in the background. This raises the question: Can you trust every extension as much as the browser itself?

We take the protection of our users’ data very seriously. Thanks to our Privacy by Design architecture and large technical efforts we make sure that we can never identify our users or save their data on our servers. In addition, our anti-tracking technology prevents the disclosure of user-specific information to online trackers that hide on just about every website these days. Consequently, we would not want our users’ data to leak out to “nosy” extensions.

Questionable business practices of many add-on providers

The business model of many add-on distributers is based on the sale of user data. Users are generally kept in the dark about which data is being sold to whom. Several data vendors even offer so-called “Developer Toolkits” as free add-ons that can be used to collect user data and turn it into profit. The best-known example of such business practices is the browser extension Web of Trust (WOT), which has been downloaded millions of times. It was supposed to only show the trustworthiness of a website using a traffic light system. But in fact, it secretly recorded the browsing behavior of its users. Reporters of the NDR, Northern German Broadcasting, made this discovery while investigating for the ARD TV-magazine “Panorama”. The research was triggered by the Cliqz study “Tracking the Trackers“.

(Bild: Web of Trust)

According to NDR, the data collected by WOT were consolidated into profiles and sold through intermediaries on the free market. The vendor stated that the data had been anonymized before it had been passed on to third parties. Nevertheless, the NDR reporters could easily identify individual users by their e-mail addresses, logins or other parts of the recorded URLs. This made it possible, for example, to draw conclusions about illnesses, sexual preferences or drug use.

Hidden add-ons on the computer

A surprisingly large amount of add-ons are active on computers without their owners being aware of it. These extensions may have been installed unknowingly in a bundle with other programs. For example, the Ask Toolbar was installed along with Java for many years, if the user missed to uncheck the option during the installation process. (Today, Java is bundled with the Yahoo search.)

Some malicious add-ons sneak into the browser secretly via malware or when visiting certain websites. Their only purpose is to access and collect user data. Unfortunately, this happens in other browsers every single day. An entire industry specializes on installing software without the user’s knowledge. Currently, there is no reliable technical way to solve this problem.

Cliqz integrates add-ons only after strict review

In the end, a significant risk for the users’ safety and privacy must be considered even though this does not count for all browser extensions and most add-ons are probably harmless. It is technically too complex, even impossible, to automatically distinguish “good” from “bad” add-ons. Even an in-depth manual verification of the data safety of every single add-on is currently no feasible solution. If our users ask for a certain add-on frequently, we contact the respective provider and ask permission to review the source code. Only if we get access and the code withstands our strict criteria, we consider an integration of the add-on into the Cliqz browser.

We only integrate strictly audited add-ons like LastPass and Ghostery into our Cliqz browser.
We only integrate strictly audited add-ons like LastPass and Ghostery into our Cliqz browser.

As a consequence, we currently only support LastPass as a password manager extension. (Update June 6, 2018: We now also support the open source password manager Bitwarden.) The provider granted access to the add-on’s code, so we could analyze it. This has not been possible for other add-ons, such as 1Password, so far. But we keep trying. The current version of Cliqz for Desktop contains the extensions LastPass, HTTPS Everywhere, and Ghostery. In addition, we integrated proprietary features like anti-tracking and ad-blocking (currently in beta), as well as a video downloader. They come as built-in features that are only available as add-ons for other browsers.

Safety first

Our users’ privacy is our number one priority. Therefore, we cannot simply ignore the add-on problem. The negative example WOT indicates that our decision to block add-ons in the Cliqz browser remains the right one. The underlying problem has not changed. We continue to work toward new solutions to make the most popular features available in Cliqz for Windows and Mac*. Until then, we kindly ask for your patience and hope you understand that the decision against add-ons was made solely for the benefit of your safety and privacy.

If you still do not want to browse the web without add-ons, you can install Cliqz as an extension for Firefox. It makes the central Cliqz features such as anti-tracking and quick search available in the Mozilla browser. Other extensions can be used in parallel.

*Add-on providers who are interested in working with Cliqz, please contact richard@cliqz.com.