Opt Out - send GDPR and CCPA data requests
Version 2.0 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension comes from yourdigitalrights.org, which appears to be a legitimate organization focused on digital privacy rights. The 5.0 rating from 6 reviews suggests positive user experiences, though the small sample size limits reliability. The extension's purpose - helping users send GDPR and CCPA data requests - aligns with legitimate privacy advocacy. However, the very low user count of 707 indicates limited adoption and testing in the wild.
The tabs permission is overly broad for an extension that should primarily facilitate data requests. This permission allows access to all browser tab information, which seems unnecessary for the stated functionality. The extension uses the older Manifest V2, which has weaker security protections compared to V3. The limited user base and lack of recent update information raise questions about ongoing maintenance and security patches.
Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activities. Before installation, verify the legitimacy of yourdigitalrights.org and their privacy practices. Monitor the extension's behavior and disable it when not actively needed for data requests. Look for alternative extensions with similar functionality that use Manifest V3 and have more restrictive permissions. Given the specialized nature of GDPR/CCPA requests, you might also consider using the organization's website directly instead of the extension.
Findings
Security Analysis Details
Required Permissions:
- tabs
- https://api.yourdigitalrights.org/companies*
Content Security Policy:
- default-src 'none'; script-src 'self'; frame-src https://yourdigitalrights.org/ ;connect-src https://api.yourdigitalrights.org/companies
Embedded URLs (8 total):
| https://api.yourdigitalrights.org/companies | https://yourdigitalrights.org/d/ | |
| https://fsf.org/ | https://www.gnu.org/licenses/ | |
| https://www.gnu.org/licenses/why-not-lgpl.html | https://clients2.google.com/service/update2/crx | |
| https://yourdigitalrights.org/ | https://yourdigitalrights.org/d/add/ |
Raw Manifest
{ "name": "Opt Out - send GDPR and CCPA data requests", "icons": { "48": "icon-48.png", "128": "icon-128.png" }, "version": "2.0", "background": { "scripts": [ "psl.min.js", "background.js" ] }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Get the websites you visit to send you a copy of, or delete the personal information that they have collected on you.", "permissions": [ "tabs", "https://api.yourdigitalrights.org/companies*" ], "browser_action": { "default_icon": "icon-16.png", "default_title": "Opt Out" }, "manifest_version": 2, "content_security_policy": "default-src 'none'; script-src 'self'; frame-src https://yourdigitalrights.org/ ;connect-src https://api.yourdigitalrights.org/companies" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.