The extension doesn't actually reads, writes or changes any of your data, but it needs those permissions ("Read and change all your data on the websites you visit" and "Communicate with cooperating websites") because:
- the extension needs to have access to the Google Analytics, Google Tag Manager, Google Data Studio pages in order to detect & inject Da Vinci features at the right time, and at the right place;
- in the same way, the extension needs access to the pages you visit while using Google Tag Manager Preview mode in order to make the output looks better and do its magic;
- and lastly, it also needs to detect if you have disabled tracking of specific GTM containers or specific GA properties;
- At its core, Da Vinci relaxes some strict security policies enforced by the GA, GTM and Data Studio interfaces. Technically, it reduces the Content Security Policy to allow execution of inline scripts which are required by Da Vinci. Da Vinci core injects its own GTM container so the power of GTM can be leveraged to improve Google's own products. Cool isn't it!
The permission "Modify data you copy and paste" is in fact only used to "copy" data in the clipboard, not read from it. For example, this permission is required when creating the GA API Request or when copying code from GTM Preview.
All in all - remember when you install a Chrome Extension - any extension - you open permissions for this extension to view and alter the pages you visit and the traffic between your browser and the interwebs. Only install browser extensions coming from trusted sources and those which offer transparency about what they do.
Last update: 2018-05-11
Customer support service by UserEcho