Privacy aspects of Safari extensions

privacy safari safari-extensions

I'm wondering about privacy aspects of Safari extensions, or which pieces of information active extensions can obtain about my web browsing activities. Should I expect that an extension will generally be able to collect information about everything I'm doing in Safari, or are there any restrictions on what extensions can access? The question is it possible to disable Safari extensions when using Private browsing? seems to indicate that there may be privacy issues when extensions are enabled.

More specifically, I'm interested in the Google Scholar extension that installs a button in the toolbar. Should I expect that this extension communicates information to Google only when I'm actually clicking the button, or can it communicate more?


Solution 1:

In general, extensions should only be installed from trusted sources. See the popup that appears when you attempt to install an extension below. Unlike Chrome's extension API, Safari does not require that extensions request specific rights from the browser that the user must in turn grant when installing the extension, or specify a set of domains that the extension is allowed to operate on.

The developer of a Safari extension must, however, be part of Apple's Developer Program, and must obtain a signed security certificate from Apple for an extension to load in a user's browser. Unlike iOS or Mac App Store apps, though, this does not mean that Apple reviews extensions that are not hosted in the Safari Extension Gallery on apple.com.

The second part of your question is out of scope for this site, as it requires interpretation of Google's TOS and Privacy Policy (as linked from the page you linked).

Extension installation popup in Safari

Solution 2:

According to this, so i think the extensions cannot read what you're browsing.

A side benefit to Content Blockers being implemented as an App Extension is that they perform their intended function without knowing (or recording) what content the user is actually browsing, eliminating privacy concerns.

Safari App Extension Content Blockers can't see URLs of the pages or other resources the user has requested, because they only define rules of what Safari should block. WebKit also does not record which blocking rules have been executed on specific URLs.

Related

What's a normal value for kernel_task RAM usage?
How do I map a Mac function to an 'unfindable' Windows keyboard key?
How to install RGtk2 on OS X 10.10.5?
Quickest way to "destroy" the contents of a drive?
Only use external keyboard when laptop is open [duplicate]
Question mark on finder's side bar -- could it be malware?
Given the same remote LDAP server, why does Directory Utility work on one machine but not on the other?
How to change the system folders (Pictures, Movies etc)
If a photo is imported to Aperture via Photo Stream, is it safe to delete it from iCloud?
Apache config resetting after every OS update
How can I use rEFInd boot manager without an enter key?
Is my Mac compatible with Big Sur?