Addressing security and privacy concerns of browser extensions

The Chrome extensions that can be installed on Brave are a potential serious security and privacy risk. Here is what I would like to see:

  1. A simple guide on safe practices. E.g. there is a difference between an extension being able read and change all your data on websites that you visit anytime, or only after you click on the extension.
  2. Warnings on the data extraction that you agree to by installing an extension or the data exchange that these extensions de facto generate.
  3. Ideally, a Brave supported scoring of these extensions in terms of their security and privacy impact,

A security dashboard page - similar to the Brave Rewards page - would be of great added value.

Thanks.

AFAIK they’re planning to have their own extension store eventually, in which case most of this would likely be implemented anyways. Probably still gonna take a while though.

The issue is now covered by The Washington Post. As I was suspecting, it is worse than it seems.

Hi @vdb,

Thank you for your post. We do have plans to release our own extension store down the line.

As you know we take privacy very seriously at Brave and are dedicated to protecting our users.

I’m passing your post along to our team.

Thank you again!

1 Like

Thank you @steeven for your fast and engaged reply. The problem I have as a user is that I don’t even have a means to evaluate the current extensions. How do I know if the 4 extensions I currently have (the Bitwarden pw manager, a VPN, a text only reader, and a wallabag read it later one) are safe or not? Can you at least provide some intermediate guidance while the extension store is not yet there? How should we deal with this right now?

@steeven In the end, people function on trust. Most of us are not able to evaluate code, so we trust on people who (say they) do, on reviews by people who do, or simply on the assertions of a software provider like Brave. The extension challenge is a topic where you could gain credibility in, but you are not covering it. We, users, need help, and you, Brave, could gain a lot of standing by providing it to us.