February 04, 2019
Chrome Extensions have access to a wide range of native Chrome APIs, some which require special permission from the user, and some are "free" to request. (See here)
One of most hated permissions to be requested by a Chrome Extension, is the permission to read your data on websites you use. There might be legitimate reasons to request this permission, but in most cases I've found it requested because of:
Again, there might be valid uses for such broad permission, but in my experience, they are either rare, or come as part of what the extension is selling - safe browsing, or some utility to improve your browsing experience, in that case it's obvious why the extension wants access to your browsing data.
In any case, it's possible to limit the extension by yourself, if you still want to use it.
On click. This means the extension would work only if you click on it on the right hand icon bar.
On specific sitesand enter the sites your want the extension to work on. Sometimes the extension would run communications with it's background page and a 3rd party domain. This is acceptable as long as it's the service backend url, or a known analytics party (and the extension declared it). If the extension is mis-behaving you might need to find this backend url, it's sometimes found in JS errors, or in the background page (Click on the background page to inspect it).
That's it, hopefully this can make someone's life better, it surely did mine!