(no title)

Worth distinguishing from extensions that are genuinely client-side. A basic test: check the extension's manifest for network permissions (host_permissions). If it only requests the active tab and has no background network access, it physically cannot phone home. The inspection is 30 seconds in chrome://extensions.

The more insidious problem is that users can't easily distinguish between "this extension processes data locally" and "this extension processes data locally and also sends it somewhere." Same UI, very different behavior.