Are Google+ and Facebook Extensions for Chrome Safe?

Over at LockerGnome’s new YouTube channel, Questions to Answer, Gnomie Morgan Ellis (MorganEqualsTech) asks: What Google Chrome extensions for Google+ do you use?

Brandon Wirtz responds:

“I don’t use them, because I don’t trust them. The way they work is basically by getting your user name and password, and then logging into Facebook and Google+, and moving information back and forth. They’re not using OAuth or one of the methods that you can revoke. So the only way you can break them if you decide that they’re no longer safe is to change your password in both systems.

Are Google+ and Facebook Extensions for Chrome Safe?“So I don’t do this.

“There’s also been some hinting that because these extensions are violating the Google terms of service by logging into its system in this way, and violating the Facebook terms of service by logging into its system in this way, that you could, in fact, get your account banned by using either of these extensions.

“No one has had that happen yet, but in a war between social networks, it’s not beyond the realm of possibility.”

So “safe” is a relative term, and not really applicable in this situation. The safest (and we would almost never say 100% “safe” when you’re doing anything on the Internet) way to use these networks is to play by the rules and use good password common sense (e.g., not sharing passwords with others, not using the same password across networks, and changing your passwords regularly). Of course it should go without saying that having a Post-It note stuck to your office monitor that visibly declares your password to the world isn’t the brightest way to ensure security, either. But you’re a LockerGnome reader, so we’re just going to assume that you know better. Right? Right?

If you have a question of your own, please smile for your Web cam, ask your question, and upload it to us!

Article Written by

Our resident "Bob" (pictured here through the lens of photographer Jason DeFillippo) is in love with a woman who talks to animals. He has a fondness for belting out songs about seafaring and whiskey (arguably inappropriate in most social situations). He's arm-wrestled robots and won. He was born in a lighthouse on the storm-tossed shores of an island that has since been washed away and forgotten, so he's technically a citizen of nowhere. He's never killed in anger. He once underwent therapy for having an alien in his face, but he assures us that he's now feeling "much better." Fogarty also claims that he was once marooned along a tiny archipelago and survived for months using only his wits and a machete, but we find that a little hard to believe.

  • http://twitter.com/bradhintze Brad Hintze

    Good article and you bring out some very important points about the safety/security of using browser extensions. However, these extensions are popular for a reason — they are extremely useful. The risks you mentioned are not problems caused by extensions, but by the development choices/architectures of individual developers building these extensions.

    Kynetx has built a platform for building browser apps that addresses the concerns you mentioned above. By providing developers with a platform for building browser applications that leverages web standards like OAuth, they can more easily create apps that safely and securely augment sites like Google+.

    The Kynetx architecture requires a single browser extension that can run multiple browser apps, reducing the overhead on the browser to truly customize the browsing experience.

    Also, Kynetx provides developers with intrinsic OAuth functions for Facebook encouraging developers to leverage the proper channels for handling user data. For instance, G+ to Facebook Share (http://apps.kynetx.com/installable_apps/4577-G+_to_Facebook_Share) uses standard Facebook OAuth to post into Facebook. The end user can revoke access at any point.

    Another feature of the Kynetx architecture is that applications can be globally disabled, so apps that violate user security/privacy can be immediately disabled, mitigating the risk to users.

    There is quite a list of applications available for Google+, you can see them all here: http://apps.kynetx.com/tags/Google+

    Also, these apps work on Firefox, Chrome and Safari.

    What is your reaction to this approach?

  • http://twitter.com/bradhintze Brad Hintze

    Good article and you bring out some very important points about the safety/security of using browser extensions. However, these extensions are popular for a reason — they are extremely useful. The risks you mentioned are not problems caused by extensions, but by the development choices/architectures of individual developers building these extensions.

    Kynetx has built a platform for building browser apps that addresses the concerns you mentioned above. By providing developers with a platform for building browser applications that leverages web standards like OAuth, they can more easily create apps that safely and securely augment sites like Google+.

    The Kynetx architecture requires a single browser extension that can run multiple browser apps, reducing the overhead on the browser to truly customize the browsing experience.

    Also, Kynetx provides developers with intrinsic OAuth functions for Facebook encouraging developers to leverage the proper channels for handling user data. For instance, G+ to Facebook Share (http://apps.kynetx.com/installable_apps/4577-G+_to_Facebook_Share) uses standard Facebook OAuth to post into Facebook. The end user can revoke access at any point.

    Another feature of the Kynetx architecture is that applications can be globally disabled, so apps that violate user security/privacy can be immediately disabled, mitigating the risk to users.

    There is quite a list of applications available for Google+, you can see them all here: http://apps.kynetx.com/tags/Google+

    Also, these apps work on Firefox, Chrome and Safari.

    What is your reaction to this approach?

  • Anonymous

    It is right which you mention in your article about security. But what I think that which any new technology there are some risks also come. As there is two side of a coin as of any new invention there are some advantages and disadvantages both. So we can not avoid some wonderful features of google plus due to some security purpose and it depends upon person whether he want to use it or not.
    article submission

  • http://www.blurbpoint.com/link-building-services.php Link Building Services

    It is right which you mention in your article about security. But what I think that which any new technology there are some risks also come. As there is two side of a coin as of any new invention there are some advantages and disadvantages both. So we can not avoid some wonderful features of google plus due to some security purpose and it depends upon person whether he want to use it or not.
    article submission

  • http://www.blurbpoint.com/link-building-services.php Link Building Services

    It is right which you mention in your article about security. But what I think that which any new technology there are some risks also come. As there is two side of a coin as of any new invention there are some advantages and disadvantages both. So we can not avoid some wonderful features of google plus due to some security purpose and it depends upon person whether he want to use it or not.
    article submission

  • http://www.blurbpoint.com/link-building-services.php Link Building Services

    It is right which you mention in your article about security. But what I think that which any new technology there are some risks also come. As there is two side of a coin as of any new invention there are some advantages and disadvantages both. So we can not avoid some wonderful features of google plus due to some security purpose and it depends upon person whether he want to use it or not.
    article submission