For about 5 months I have been using a Chrome extension called Limitless as my default “new tab”. During installation, Limitless requested my GMAIL credentials, which I I declined to provide. It works fine without them. However, in light of the recent Equifax data breach, I was curious to see what exactly Limitless was asking for.
As I suspected, the extension wants the ability to have total control of your email. Specifically:
View, manage, and permanently delete your mail in Gmail
They do state that data is stored locally, and looking at their code, this appears accurate. However, they also state they may change this policy at some point in the future…
Sure, you could use a dummy gmail login, or none at all. However in principle, I’m tired of extensions asking to be trusted with information they simply cannot guarantee to remain secure. So I changed my feedback to negative 2 (out of 5) on chrome store and am going to drop the extension completely.
To be fair, Limitless is just one of MANY extension offenders wanting total access to your email. The point of this post is just to encourage people to drop these extensions, even if you don’t provide or even if they are semi-useful. If Limitless adjusts their policy I’ll change my Chrome extension feedback and followup with this post saying so.
As a side note, I feel like the “new tab” extension market is kind of weak. I may tinker with making my own. Maybe I’ll call it “LIMITED” as in the amount of data I’ll seek to collect from users!