Credit: Minerva Studio / Shutterstock.com

Published 14 minutes ago

Sydney Butler is a technology writer with over 20 years of experience as a freelance PC technician and system builder and over a decade as a professional writer. He’s worked for more than a decade in user education. On How-To Geek, he writes commerce content, guides, opinions, and specializes in editing hardware and cutting edge technology articles.

Sydney started working as a freelance computer technician around the age of 13, before which he was in charge of running the computer center for his school. (He also ran LAN gaming tournaments when the teachers weren’t looking!) His interests include VR, PC, Mac, gaming, 3D printing, consumer electronics, the web, and privacy.

He holds a Master of Arts degree in Research Psychology with a minor in media and technology studies. His masters dissertation examined the potential for social media to spread misinformation.

Outside of How-To Geek, he hosts the Online Tech Tips YouTube Channel, and writes for Online Tech Tips, Switching to Mac, and Helpdesk Geek. Sydney also writes for Expert Reviews UK.

He also has bylines at 9to5Mac, 9to5Google, 9to5Toys, Tom’s Hardware, MakeTechEasier, and Laptop Mag.

Sign in to your How-To Geek account

Browser extensions really make the sky the limit when it comes to customizing your browsing experience, and I’m sure there are some extensions where you just can’t imagine living without them. However, browser extensions that promise to improve your privacy are a bit of an oxymoron. Why? Because extensions, any extensions, are inherently damaging to your privacy.

HTG Wrapped 2025: 24 days of tech

24 days of our favorite hardware, gadgets, and tech

Browser extensions enlarge your attack surface

Every little thing you add to your browser is an additional thing a hacker can potentially exploit. Consider the sorts of permissions some extensions have, and how much damage they could do if compromised. Now consider that most of these extensions aren’t created by large entities with robust cybersecurity resources. This is a recipe for disaster. It’s one of the reasons that I have limited my Chrome browser extensions strictly to those released by Google itself, and then only what I absolutely need to have.

Related

Browser Extensions Are a Privacy Risk I Failed to Think About

We install extensions casually, but their power to read and change data makes them high-risk.

Privacy extensions are easy targets for abuse

Credit: BestForBest/Shutterstock.com

It’s scarily easy for an extension to be taken over by a malicious actor who then corrupts it with an update, or for a good old vulnerability to be exploited in a given extension.

Malicious actors can often simply buy an extension from its current owner, and then do things like inject ads or harvest data from you. Sometimes the language around browser permissions is vague or overbroad, so you don’t really understand what you are empowering an extension to do and whether it really needs those permissions to do its advertised job.

When was the last time you audited your extensions? This is something people rarely do. Once an extension is installed, it’s normal to just forget about it as long as it works. This is why browsers alert you when you haven’t used an extension in a long time, and suggest removing it or will warn you if an extension has been removed from the store, or if it thinks it may be malicious. However, you can’t rely on these features to protect you. Even if they do work, there’s a window of time when that extension can harm you, and I don’t think it’s worth the risk no matter how useful that extension may be.

Related

Extensions can’t fix the fundamental tracking ecosystem

When it comes to extensions, they’re just a Band-Aid to mitigate a deeper problem. There’s an arms race between the creators of these extensions and advertisers or malicious actors trying to circumvent them. Ironically, when it comes to tracking you across the web, your unique mix of browser extensions can actually help track you. This is known as browser fingerprinting, and it’s one reason special privacy browsers exist.

Related

I Configured These 5 Firefox Settings for Optimal Security

Unlock Firefox’s full potential with these top-notch security settings!

Native browser features offer safer, more reliable protection

It’s almost always better to make use of built-in privacy features in a browser, rather than use an extension. It mitigates fingerprinting, and it means that those features are maintained and designed at the platform level for the browser. Before you throw in your lot with some random extension someone suggested on Reddit, consider a privacy-focused browser, or activating additional privacy options in the browser you’re already using.

This also includes extensions from your VPN provider, but there is one privacy extension that I can recommend—Privacy Badger. It’s created by the Electronic Frontier Foundation, a non-profit that contributes extensively to privacy and security activism on the web. If you have no other option than using an extension, this is the one to get.

Better strategies go beyond the browser entirely

If you care about your privacy, you’re better off using solutions that aren’t bolted on to your browser, but run independently. Something like a Pi-hole that sits on your network and provides network-wide ad-blocking and privacy protection for anything else connected to that network.

I also recommend using your VPN provider’s client app for your device to connect your entire computer through the VPN instead of just your browser using an extension.

It’s also better to use a specialized privacy-hardened browser, at the very least, for browsing you want to do that’s sensitive in nature that you wouldn’t want a company, government, or malicious actors monitoring. As for extensions, it’s rare that I’d give blanket advice, but I think all third-party browser extensions are better left alone. No matter how convenient they are.

Related