Why do you ask for permission to read and change all data on the websites I visit?

The extension doesn't actually reads, writes or changes any of your data, but it needs those permissions ("Read and change all your data on the websites you visit" and "Communicate with cooperating websites") because:

  • the extension needs to have access to the Google Analytics, Google Tag Manager, Google Data Studio pages in order to detect & inject Da Vinci features at the right time, and at the right place;
  • in the same way, the extension needs access to the pages you visit while using Google Tag Manager Preview mode in order to make the output looks better and do its magic;
  • and lastly, it also needs to detect if you have disabled tracking of specific GTM containers or specific GA properties; 
  • The Da Vinci Tools UI is created by adding HTML, CSS & JavaScript code to specific pages you visit. In order to do that, the extension needs access to modify a page's DOM (if you're not a developer, just know that the DOM represents the internals of a page), but, if it can access everything in the DOM (the data a page contains, the forms you submit or your browsing history on that tab) it doesn't mean it actually does read it or does anything with it. It just needs to access the body of a page and append a new element to it.
  • At its core, Da Vinci relaxes some strict security policies enforced by the GA, GTM and Data Studio interfaces. Technically, it reduces the Content Security Policy to allow execution of inline scripts which are required by Da Vinci. Da Vinci core injects its own GTM container so the power of GTM can be leveraged to improve Google's own products. Cool isn't it!

The permission "Modify data you copy and paste" is in fact only used to "copy" data in the clipboard, not read from it. For example, this permission is required when creating the GA API Request or when copying code from GTM Preview.


All in all - remember when you install a Chrome Extension - any extension - you open permissions for this extension to view and alter the pages you visit and the traffic between your browser and the interwebs. Only install browser extensions coming from trusted sources and those which offer transparency about what they do. 


Last update: 2018-05-11

Is this article helpful for you?