Thanks. When I install chrome pushbullet extension on my pc, it tells me that it can
“access your data on all websites”
“access your tabs and browsing activity”
I believe that means it can access passwords typed into the browser (on any page) after the extension is installed. Since google periodically confirms passwords, it’s just a matter of time until my google password is typed into chrome.
web browser - Worst case scenario, what can a Chrome extension do with "Your data on all websites" and "Your tabs and browsing activity"? - Information Security Stack Exchange
Worst case, yes, it could be maliciously stealing your data - but PushBullet
does legitimately need those permissions in order to be useful. It really comes down to how much you can trust a service like this - the same goes for
any online service. Android Forums
could sell the email address that you registered with to spammers; you trust them not to do so. Google
could sell the contents of your inbox to the highest bidder; you trust them not to do so. PushBullet
could collect my passwords and compromise my accounts; I trust them not to do so.
It's okay (and healthy!) to have a certain amount of skepticism and concern over how your personal information is used online, and it's also okay to opt for the risk-free path of not using a service instead of taking advantage of the convenience that it may offer. It's a trade-off, and we each get to choose our own decision about how to proceed. To that end,
thank you for raising these security concerns - it's important that we are able to make an informed decision based on what the risks actually are. :thumbup:
(BTW, touching back on the 2-factor authentication concerns you mentioned in an earlier post: I use the Authenticator app on my phone (and one on my watch) to generate the codes; they never arrive via SMS, so even if PB
did know my Google password, they would still never be able to actually access my account.)