Jump to content

Does Clipper refuse to work if you set it to have access "on click only"? On my Ventura MacOS, it refuses until granted full continuous permission.

Recommended Posts

I have security concerns about granting continuous permission to web clippers and similar extensions to follow my every move on the internet. Even if I trust the company behind the extension, this is a fundamental, level zero, security no-no.

I'm coming back today to Evernote after a long hiatus. In the old days, if I set Chrome to only allow access to EN Clipper upon clicking the Clipper icon, Clipper played nice. Now, it refuses to clip anything until I grant full access to follow/record/change everything I do all day on the internet. (Yes, I know EN swears it won't use it that way, but that's just not reassuring. The reason Chrome provides levels of surveillance options like "on click only" is, you don't want to rely on what a third party swears they're doing... in perpetuity. )

What I cannot figure out is whether this is functioning as designed, or whether it's just a big bug. 

I deleted all cookies, uninstalled, reinstalled, logged out, logged in, etc. Nothing solved: Still normal functionality when EN Clipper is granted full spy privileges, and no functionality when spy privileges are demoted to a 'need to know basis' (spying only permitted upon my click).

What happens when set to 'need to know' is EN Clipper tells me I must reload the page. I do that, and then ...nothing. No saves are possible. The icon remains green/active, but saving a clipping just doesn't make anything happen, and the normal options like screenshot vs. bookmark are nowhere to be seen. 

Thanks for sharing your experience! 

Link to comment
  • Level 5

This restriction is placed by the browser or by the OS developer - in case of Safari it’s in both cases Apple.

Your concern is not bad, actually it is the very question the dialogue wants to point at. Before this dialogue was installed, the status WAS that you granted full access, on installation of the plugin.

If you give it full access today, nothing changes compared to before. A web clipper obviously needs full access to do it’s job.

You can cut this access (you could before, but you needed to do it actively yourself), and then it simply doesn’t work any more.

It all boils down to the simple question: Do you entrust the developer (in this case EN/BS) with your data ? If not, stop using a product or service.

In case of EN it is quite simple: Their business model is to get paid by their users, and only their users. Plus they operate under GDPR restrictions, the European data protection law. If I make a ranking, they are very solidly in the „can be trusted“ segment.

It is much more important to ask this question on services where „great“ features are offered without compensation. In these cases you resp. your data are the real product.

Link to comment

Hi, thanks for trying to address this. I'm not sure we are fully understanding each other yet:

The options for clipper access include one in which you can click on the Evernote icon while visiting a  specific website in order to allow the clipper to read/write on that website. Many web clippers and similar extensions like price trackers have worked fine that way: to my knowledge there's never been any restriction built into chrome OS that prevents a web clipper or similar extension from being turned on and off from site to site.

Permission to track you on all sites, including inside your bank accounts, client accounts, etc., is a whole different thing -- not necessary. 

So what I am describing sounds much more like either a bug in the extension or a deliberate decision by Evernote to disable the clipper unless continuous full access is granted. My question was about whether anybody knows which it is. 

To give a clearer use case: I might travel to a news site, see something that I need to clip, and click on the Evernote extension icon  in order to do so. That is supposed to provide full permissions to Evernote to interact with CNN for as long as I am on the website, and the extension is supposed to be capable of recognizing that permission and functioning normally on that website once I have click that button. if I then surf over to, say, Vanguard, Evernote would not automatically have access to read and write on that website,  so it would not be able to interact with the website, clip anything, connect that clipping to my account. That is an appropriate restriction, and not to my knowledge technologically complicated..

it is not  a matter of trusting Evernote's owners. it's a matter of reducing the number of unnecessary paths by which third party can gain access to sensitive information. Popular web clippers are a natural target of malicious third parties, precisely, because so many people grant them unlimited access to follow them everywhere around the Internet, reading and writing from all of their most sensitive accounts. The ownership of Evernote has changed repeatedly in the years that I have been a user,  and it's not possible for me to keep track of how good each owner is at preventing the insertion of malicious code into their extension. 

To summarize, many similar extensions have worked perfectly if turned on only for certain sites and left off for other sites. That is supposed to be how the "click to give permission " option works. It is how it used to work for the Evernote clipper. It doesn't work that way now. The desire to have it worked that way again doesn't imply any assumption that the current Evernote ownership is interested in spying or stealing data. Rather, it's just consistent with best practices if you are accessing highly secure information at some points as you move around the Internet.





Link to comment
  • Level 5

Simple answer: I don’t use Chrome.

And if you value your privacy, you shouldn’t either. Take a look at the balance sheet of Alphabet, the Google owner. The overwhelming part of their income is generated by „search“ - that is by companies paying Google to have their ads show first in search results. To make this valuable, it needs to be based on YOUR preferences. The same search from your neighbor will bring up different content, and different paid content.

Because Google knows you, better than yourself.

Your concern about a data protection popup is valid. But it is NOTHING compared to using products / services by one of the big data collectors that live from the insight they have: Alphabet (Google, YouTube, …), Meta (Facebook, Insta …) and Amazon. Apple collects as well for their own use (mainly app use), but they never sell the data to anybody.

This said: Just leave access for WebClipper set to always. It never does anything while it sits installed in your browser. It only activates when you click it - and you know on which sites this happens, because you are the one who makes it work.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...