Ensuring Your Browser Extension is Safe


Our goal at Beni is to make secondhand shopping simple. We do that by providing shoppers like you the best secondhand alternatives from the world’s leading resale sites with the click of a button.  In our case, that button is a browser extension.

Browser extensions are one of the most-loved and most-used features of the Chrome browser, and are increasingly becoming a staple feature of most major browsers that exist today. They can be hugely useful, solving a myriad of use cases for a diverse set of users. For example, extensions like Honey and Rakuten have helped millions of users save money while shopping online.

That said, even with all of the amazing browser extensions out there, when downloading any software it’s important to ensure that it is safe and built using best practices in security and privacy. Here are a few easy tips to ensure any browser extension is safe (Beni checks all of these boxes):

  1. Make sure that the extension you installed is coming from official repositories like the Chrome Web Store. All extensions on the Chrome Web Store go through a rigorous approval process, and Chrome (in addition to other browsers) is taking steps to increase security, privacy, and performance enhancements for their users (see Manifest V3).
  2. Review the extension’s website, the user reviews, its developer, and any linked privacy policy. What information can you find out about the company that created the extension by checking their website? Who might be behind the extension and how is it funded? Does all of this information look legitimate?
  3. On Chrome, you can check the data that the extension collects about you and your browsing history directly from the Chrome Web Store via the ‘Privacy Practices’ tab, or double check the permissions that an extension is asking for. In some cases they’ll be listed on the extension page on the web, in others you won’t see them until you’re installing the software. You’ll want to avoid any permission requests that seem unreasonable or strange given the purpose of the extension.

On this last point, let’s dive deeper into how Beni captures and protects your data.

Beni collects data only to build and improve your product experience.

When you downloaded Beni you may have seen this screen:

We totally get that this probably seems scary, but it’s only partially true. Here’s what we actually collect and why:

Info on the item you are looking at:

In order to provide you with the best resale alternatives, we analyze the page you’re looking at for information about the product. Beni only works on supported merchant sites, and therefore we do not collect any data from sites that are not within our list of supported merchants. Like many other extensions, we need to track your user activity and the website content on these sites only in order to function properly and serve our users.

Info on how we can improve the product:

Our goal is to provide you with a product that you will actually use. Since we’re a data-driven product development company, we collect limited information associated with your profile and how you interact with our product to ensure that our products are working correctly, and to allow us to continue to develop, improve, and market our services.

Profile info to help make your experience easier:

Your profile is associated with your Google user data, namely your name and email address, which we collect upon initial sign-on with our application. We only collect your name and email address for the purposes of storing your other profile data with you (this could include your sizes, saved items, and other default filters or style preferences). We do this because relying on Google for user authentication ultimately is more secure than storing a username and password associated with your profile, in case of a data breach.

That’s it!

You can always restrict extension access to certain pages that you browse. In Chrome, click on the three dots on the top right > More Tools > Extensions to get to your list of installed extensions.

Then click 'Details' next to any extension to reveal the browser permissions and site access.

You can change ‘On all sites’ on the dropdown menu to ‘On specific sites’ or ‘On click’ if you want to limit the extension to certain pages or have the extension ask for permission each time it needs access.

If you change access to ‘On specific sites’, you can add each site individually as you’re browsing by right-clicking on the extension > ‘This Can Read and Change Site Data > ‘On xxx.com’.

If you change access to ‘On click’, just be sure to login first to take advantage of all the great features that logging in has to offer, like adding a size profile or saving items for Beni! Some functionalities like logging may not work for your extension once you have the ‘On click’ permissions turned on. Then, with Beni, you can click on Beni as soon as you land on a site you want Beni to listen to, and start browsing!

Beni takes your privacy seriously, and cares deeply about transparency. If you have any issues, questions or comments about extensions generally or privacy at Beni, you can reach out to us at software@joinbeni.com.