AI-powered Chrome extensions are watching you…
It's not exactly Big Brother, but a new analysis of Chrome extensions from Incogni reveals that 67 percent collect user data, and 41 percent collect personally identifiable information (PII), including sensitive details like credit card numbers, passwords, and location data.
Extensions like Grammarly, which make writing almost anything effortless, or Vetted, which act as online shopping assistants, are quickly becoming essentials of everyday life. But because many users trust Google's ecosystem, they also assume that third-party extensions vetted through the Chrome Web Store are equally safe.
Incogni researchers analyzed the permissions of 238 extensions with more than 1,000 users, along with the data their publishers admit to collecting, then used the findings to create a ranking of AI extensions and extension categories based on how much of a risk they pose to user privacy.
It found nearly 100 extensions requiring sensitive permissions that provide access to personal user data, like passwords, financial information, browsing history, email content, and location. 18 percent collect authentication information, such as passwords, credentials, security questions, and personal identification numbers (PINs); audio transcription and programming helpers are the worst offenders.
Seven percent collect financial and payment information (transactions, credit card numbers and credit ratings scores), including 15 percent of text/video summarizers and 14 percent of audio transcribers.
Among the most popular extensions, the most privacy-invasive was the DeepL AI translator and writing assistant, followed by AI Grammar Checker & Paraphraser and advanced AI assistant Sider.
While some of the data types collected are clearly sensitive and may cause consumers to think twice before using an extension, others are more vague. For example, 'user activity' (collected by 22 percent of extensions) may not sound alarming, but it is actually one of the most sensitive types of data, as it can reflect everything from highly personal data, sensitive company information, and keystrokes to passwords, timestamps, and even behavioral patterns.
"People are coming up with such creative ways to use AI; there's probably an AI extension for almost any use case you could think of," says Darius Belejevas, head of Incogni. "While this is very exciting, it could also be risky if users don't stop to consider whether the extensions they add to their browser may be logging their every keystroke, or injecting code into the sites they visit."
You can read more on the Incogni blog and there's an infographic showing privacy ratings for the most popular extensions below.
Image credit: maxkabakov/depositphotos.com