When installing an extension, you might encounter a message requesting permission to access your browser's data or features. Granting this permission is necessary for the extension to install and function properly.
It's important to note that if you're downloading an extension from a source other than addons.mozilla.org (AMO), you should verify the authenticity of the source to ensure a secure installation.
Remember, it's essential to be cautious about the permissions you grant to extensions. Although most extensions are from trustworthy third-party developers, bad actors may put your security and privacy at risk by using extensions to expose sensitive browsing data. This article guides you in evaluating the safety of the extensions you're planning to install or an extension that is currently installed.
When a developer submits an extension to addons.mozilla.org, it’s scanned for a set of common issues. It may also be subject to human review. But neither of these processes guarantee that an extension is absolutely 100% safe.
With permissions messages, you can see what data and features an extension wants to access, so you can make more informed choices about the software you’re considering.
If you’re unclear how to decide on an extension’s safety, here are a few questions to ask yourself:
- Is the extension from a brand or developer I trust?
Most extensions, however, are written by individual developers who aren't well-known. So you might therefore want to ask:
- Is the developer’s website, their blog, or social media activity consistent with the features of the extension?
- How many other users have installed this extension? Does it have a good star rating and positive reviews?
If the extension doesn't have many reviews or you're still not reassured, then consider:
- Are the permissions requests consistent with the features of the extension?
For example, if the extension is requesting access to your location, is there a location feature included in the description of the extension? In some cases, though, it may not be obvious how certain permissions relate to a feature of the extension, so you should ask:
- Does the extension’s website or description on addons.mozilla.org include an explanation of why the extension is requesting these permissions? Is the explanation consistent with the features of the extension?
If you'd like more information about every potential permission request you may encounter, please see Permission request messages for Firefox extensions.
For an even deeper analysis:
After probing these questions, you'll hopefully be satisfied that the extension is requesting an appropriate set of permissions.
While the vast majority of extension developers aren't interested in stealing your personal information or doing anything nefarious, you should be aware there are occasional bad actors. Always heed caution when installing extensions or any third-party software.