I'm in the market to hire a developer to help me out with a chrome browser extension that can read the content of web pages. Given that most extensions can read what your browse on the internet, what are the risks of going this route? Would a connection montitor/blocker like Little Snitch be successful in stopping any captured data from being transmitted to the 3rd party? I realize that I should ideally be able to trust a developer I'm working with, but I'm just trying to play it safe. Thanks for any advice.
I don't know much about Little Snitch but from what I have seen, it should be able to do that. But it would be more effective if you knew the server the developer uses. That way, you can simply block this server even from your hosts file
Perhaps a dumb question - should it be a red flag if the extension attempts to connect to a server? Can't all this be done locally? Or is it required for a browser extension to use a server?
No Not really. It depends on what exactly the extension does. An extension that needs some server side processing will need to connect to a server. If you are certain that the extension can work 100% locally, then connecting to a 3rd Party server is completely unnecessary. Though some developers might want to have a way to disable the extension remotely for payment validation too.