Privacy aspects of Safari extensions
I'm wondering about privacy aspects of Safari extensions, or which pieces of information active extensions can obtain about my web browsing activities. Should I expect that an extension will generally be able to collect information about everything I'm doing in Safari, or are there any restrictions on what extensions can access? The question is it possible to disable Safari extensions when using Private browsing? seems to indicate that there may be privacy issues when extensions are enabled.
More specifically, I'm interested in the Google Scholar extension that installs a button in the toolbar. Should I expect that this extension communicates information to Google only when I'm actually clicking the button, or can it communicate more?
Solution 1:
In general, extensions should only be installed from trusted sources. See the popup that appears when you attempt to install an extension below. Unlike Chrome's extension API, Safari does not require that extensions request specific rights from the browser that the user must in turn grant when installing the extension, or specify a set of domains that the extension is allowed to operate on.
The developer of a Safari extension must, however, be part of Apple's Developer Program, and must obtain a signed security certificate from Apple for an extension to load in a user's browser. Unlike iOS or Mac App Store apps, though, this does not mean that Apple reviews extensions that are not hosted in the Safari Extension Gallery on apple.com.
The second part of your question is out of scope for this site, as it requires interpretation of Google's TOS and Privacy Policy (as linked from the page you linked).
Solution 2:
According to this, so i think the extensions cannot read what you're browsing.
A side benefit to Content Blockers being implemented as an App Extension is that they perform their intended function without knowing (or recording) what content the user is actually browsing, eliminating privacy concerns.
Safari App Extension Content Blockers can't see URLs of the pages or other resources the user has requested, because they only define rules of what Safari should block. WebKit also does not record which blocking rules have been executed on specific URLs.