Opera Chrome Download extension, has this turned into spyware??

  • The extension tried to auto-update just now. I said no but manually downloaded the new version.

    The thing pretty much captures ALL of your Opera activity and sends it upstream to both Google and Opera.

    This is a pretty high price to pay for being able to use the Chrome store for more extensions.

    Any official comment from Opera on this would be welcome.

  • What kind of Opera activity? A thought here: this is an extension issue. Go to the website, report the issue, and ask for the explanation. Then post back when you get it.

    https://addons.opera.com/en/extensions/details/download-chrome-extension-9/?display=en

    They say on the website that the extension "will access your data on some websites.
    This extension will manage your extensions.
    This extension will access your tabs and browsing activity."

    Say you're concerned about privacy, and ask them why it accesses some of these things? I mean, why should it need to know browsing activity.

  • Afaik the extensions do autoupdate since ever but i've never seen a warning when it happens.

    As said, if it only happens with a specific extension, report the problem on the extension page. After that, if the case, report the problem in Opera's BTS

  • Some extensions shows settings page on update. This specific one showed bar under address bar about update. So user need to open extensions page and update. At least in my case.

    For now there's no fully confirmation, that problem is caused with this specific extension. There can be some incompatibility issue, so I can't judge.

    But as about rules for extensions, from what I've read there is through checking of code, and extensions are forbidden to use any private data. So if you think your privacy is compromised, write all details in forum of extension, and if it won't help, try contact Opera. This could be big dead.

    So comment about this, so even other users won't possibly loose PIVATE DATA!

  • @kuhlmanck

    The thing pretty much captures ALL of your Opera activity and sends it upstream to both Google and Opera.
    The extension doesn't capture any data, but it requires certain permissions to be able to install Chrome extensions. The new version uses a more reliable download API than the old one.

  • They say on the website that the extension "will access your data on some websites. This extension will manage your extensions. This extension will access your tabs and browsing activity."

    I still worry about what accessing "your tabs and browsing activity" has to do with permissions. There seems to be a distinction between accessing your data for permissions and capturing it. If anyway can explain this concept of "permissions" better, It would be helpful, in appreciating the difference between "accessing" and "capturing." What kind of permissions do they need? I just wish when an extension developer puts a description on a website about the data they need from your computer, they would use language that doesn't sound -- at least to a layman, which the vast bulk of users are -- so ominous (about users' privacy intersts).

  • This is one of the major problems I have in principle with extensions. They increase the risk 'entropy' for users. Instead of learning the language (terminology/meaning) used by just the browser maker and coming to trust them, with extensions a user now has to learn what each of the extension developers "means" with his wording and whether or not to trust each of them - and to what extent, and in what areas. All of which can (and does) change a day later as extensions and their developers come and go... browser makers tend to stay around a lot longer. It would be great if Opera and/or Chrome would ensure greater conformance in the nature/terminology of clear extension descriptions, but I don't suppose Opera, in particular, needs one more thing to do on top of their existing development effort.

  • Yes, I see your concern, blackbird71. It's mine too, and it has me puzzling on what the extension in this thread is doing in terms of the data it needs access to. Yes, I still prefer the extension model, over that of the browser developer bundling a package of things most users probably don't want or have need of (and it may not be realistic to think that a browser developer offering a free product can afford to develop a bundled product like that. Still there's good reason to be concerned about the users 'problem (all of us) in sifting through so many multiple terminologies (those of the browser developer and those of the extension itself).

    But on the issue in this post, the Download Chrome Extension is not just about any extension. One, it has to be approved by Opera (which has a lot of criteria governing extension approval. Two, it's a major extension. From it all access to Chrome extensions comes. Therefore, I would think Opera would (perhaps does) look at closely the architecture/code of it, and would not let user privacy rights be trashed. I am trying to get some clarification/understanding about what "permissions" means, and why the developer of the extension needs access to "tabs and browsing activity." For my comfort level, and perhaps for those of other users.

  • @lem729

    It's not completely true what you say. 'Download Chrome Extension' isn't the only way to install chrome extensions in opera. You can also download the .crx file, rename it to .nex and drag and drop it on opera extension page. Or simply use the far superior 'extension source viewer' --
    https://addons.opera.com/en/extensions/details/extension-source-viewer/?display=en

  • Why thank you @luetage. :) I didn't know that. Now the first method you give, seems maybe too much work for lazy me, and I might forget all of the renaming stuff :) (unless the benefit is to escape all of the "permissions" and "data accessing" of the other methods. I assume you open the file on desktop, rename it, then in the browser, go ctrl shift E and drag it from the desktop to the page that comes up there with your extensions. (If it turns out that the "permissions" and "data accessing" are real privacy concerns (as opposed to no big deal, which is what I suspect), then I might try to remember this method.

    As to the "extension source viewer," (which does interest me) (I did just download it) let me ask you why you deem it superior to "Download Chrome Extension." Now it does seem to require the same "permissions" of "Download Chrome Extension." As it says on the website for this extension: "This extension will access your data on all websites.
    This extension will access your data on some websites.
    This extension will access your tabs and browsing activity."

    So since the permissions and accessing are pretty much the same as "Download Chrome Extension," why do you prefer the "extension source viewer?"

    I'd still to get to the bottom of why "Download Chrome Extension" and the "Chrome Extension Viewer" needs all of the permissions and this accessing, as well as kuhlmanck's claim that "Download Chrome Extension" sends all of your Opera activity upstream to Google and Opera (what did he base it on?) (he was perhaps mistaken?). Haavard said quite plainly it didn't capture it, only accessed it.

    So anything you can add on why you deem the "extension source viewer" better would be helpful.

  • Well first of all extensions need permissions, there is nothing wrong about that. And really every extension needs some or more rights. It doesn't matter which way you install it, the same code will always have the same outcome once included. It's just a matter if you trust the author.
    Now the extension source viewer is nice, because you can check the code and the manifest file right in the browser, before installing/downloading the extension, pretty neat. With download chrome extension you just install it blindly basically.

  • FWIW, there is a reasonable overview of Chrome extensions and their permission needs at: http://lifehacker.com/5990769/why-do-chrome-extensions-need-to-access-all-my-data

    One point made in that explanation is that Chrome (and presumably Opera) don't offer 'granularity' in the explanations offered for permissions requests by extensions... there are only 3 levels overall for the 10 different types of extension permissions available, essentially: low, medium, and high. So an extension needing just one piece of data (for whatever reason) at each site you visit has to advertise itself as accessing "your data on all websites". In other words, Chrome's "3-levels" come to dominate, and are reflected in, the extension's write-ups. The other point made is that it can be really hard to track down the "why" of an extension needing the permissions it wants.

    Probably the Download Chrome Extension is reasonably safe, and the concerns really revolve around the granularity of terminology driven by Chrome's "3-levels". However, this is an illustration of the risk entropy I noted earlier... instead of just having to trust Opera, a user now has to trust the Download Chrome Extension developers with regard to privacy, etc. And, one might add, instead of just trusting Opera to be robust against hacking, one also has to trust the extension, since it "handles" and is thus granted permission for a lot of user data.

  • That was a good article -- the Lifehacker one -- thanks. Yes, I threw it in my Stash (so let no one should diminish the value of a good Stash). I guess the problem is the broad terminology, and it's not explained by the extension developers (the need for the permissions, and proposed use of the data) in a way that non-tech people can easily understand. Now Opera reviews each proposed extension to makes sure it does not: "collect private information without authorization from the user."

    http://dev.opera.com/extensions/tut_publishing_guidelines.html#reviewed

    So the extensions ask very broadly, and, thus, get the authorization as part of the download or installation of the item. I agree about the "risk entropy," (one has to try to become informed) but the choice is, it seems to me, a native browser with extensions, or bundled browser with features you probably don't need (and which may not any longer be financially viable for a company offering a free browser to develop).

    The Lifehacker article did suggest reading the extension reviews carefully, to see what others may have picked up on the permissions, and it is important. I try to look at that, also reviews, and how popular something is. If it's the blind leading the blind, at least with the more popular stuff, there will be a lot of company going off the cliff. :)

  • Note that the Chrome extension downloader was made by Opera. As for why specific permissions are needed, keep in mind that even a minor thing that is affected by permissions will trigger that permission requirement. The Lifehacker article was quite informative.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.