The risks of browser add-ons
Browser add-ons are practical because they provide useful additional functions quickly and conveniently. However, they can also slow down your browser or pose certain privacy and security risks that are often underestimated. Cliqz, as a browser manufacturer, has no control over what data installed extensions access.
What makes add-ons potentially dangerous?
Some add-ons require extensive permissions during the first installation, for example, to read and change your data on websites you visit – regardless of whether or not this is necessary for their smooth operation. If you have granted such a permission to an extension, it can theoretically monitor everything you do online.
Browser extensions are not just harmless little tools, but programs with a huge level of access to your browser or even your entire computer. For example, assuming they have the appropriate permissions, they can access personal information, log your website visits, capture your passwords, record all your keystrokes, insert ads into websites you visit, or misuse your computer’s processing power for cryptocurrency mining.
How to minimize the risks associated with add-ons
In general, you should keep the list of installed extensions as short as possible. If an add-on is not indispensable or you don’t trust the developer, uninstall it. Furthermore, always pay attention to the requested permissions and, in case of doubt, rather do without a specific add-on. This minimizes the risk that one of your installed extensions may slow down your browser or cause other trouble.
For privacy or performance reasons, some extensions that use certain application program interfaces (APIs) cannot be installed in the Cliqz Browser. A list of these blocked APIs can be found here.
How harmless extensions can transform into malware
Even if you install extensions only from official sources like the Firefox Add-ons Store, it’s not guaranteed that they are safe. Unfortunately, fraudsters repeatedly succeed in abusing official stores as a distribution platform for their malware.
Besides extensions that don’t do any good right from the start, there are also harmless add-ons that suddenly become malicious due to various reasons. On the one hand, developers can lose control over their software, for example, if they fall for a phishing attack. On the other hand, developers of popular browser extensions regularly receive purchase offers from shady companies and not everyone resists the temptation of money. The new owner may then turn the once harmless extension into adware or spyware.