The NotebookLM Web Importer promises to be a simple and efficient way to integrate online content into your NotebookLM account. But behind the convenience lies a set of significant privacy concerns that every user should understand before installing the extension. This review aims to analyse both the functionality and the potential risks involved, helping you make an informed decision.
NotebookLM Web Importer: Be Cautious. Be Very Very Cautious.
The privacy policy associated with NotebookLM Web Importer is dated 10 March 2023, raising a red flag.
The NotebookLM Web Importer is marketed as a convenient tool that allows users to import web pages into their NotebookLM account as Sources with a single click. However, the apparent ease of use masks serious privacy concerns that users must consider. In our non-technical evaluation, we found that the NotebookLM Web Importer extension works smoothly and even allows users to choose the Notebook to which the link should be added from a dropdown list. In fact, it’s a pleasant deviation from the not-so-user-friendly interface that Google has provided for adding Sources on NotebookLM. It only works with web links as Source, though: if the user tries to add a YouTube video link via the extension, NotebookLM will reject it. Video links can only be processed as a Source when entered through the dedicated field in the NotebookLM Source Interface.
With all its convenience, it is advisable to wait until Google releases a similar extension (which we expect to happen coinciding with the roll out of of NotebookLM Business), and not to rely on unverified third-party extensions like NotebookLM Web Importer if privacy is your concern.
Unlike most AI apps, including Google’s Gemini, NotebookLM stands out for its privacy-first design, which complements its source-grounded approach. However, the NotebookLM Web Importer extension, while undeniably convenient, raises privacy concerns. This is because the content added through the extension is routed through a third party before reaching NotebookLM. If you’re someone who doesn’t take privacy seriously, this trade-off might not seem alarming. But for those who value security, it’s worth considering the risks.
Users who prioritise control and security can add content manually by copying and pasting a link directly into NotebookLM. This method ensures complete oversight, with Google’s robust privacy policy fully in effect.
By contrast, the Web Importer extension for Google Chrome relies on a middleman. And not every middleman has honourable intentions.
Screenshot of the NotebookLM Web Importer extension notice on Google Chrome stating it can ‘read and change your data on notebooklm.google.com
This middleman—the Web Importer extension—can collect, process, and potentially store your data before it even reaches Google’s servers. Imagine handing your mail to a courier who reads and sorts through it before delivering it to Google. Worse still, they have the authority to rewrite parts of your letters before passing them on. Similarly, the extension can ‘read and change data’ on your NotebookLM workspace, giving it control over your content in ways you might not find acceptable. This shift fundamentally alters the privacy dynamics in several concerning ways:
- Violation of Direct Control: Instead of users directly adding content to NotebookLM, the NotebookLM Web Importer extension collects and processes this data first. This creates a layer of handling that users might not be fully aware of or have explicitly consented to.
- Contradiction with Google’s Own Policies: Google promises privacy-first services with clear user control. However, the NotebookLM Web Importer, with a privacy policy that predates NotebookLM (last updated 10 March 2023, as of 04 December 2024) , is not fully aligned with the privacy and security assurances users might expect. This discrepancy is particularly critical under privacy frameworks like GDPR, which emphasise data minimisation and explicit user consent. The extension potentially over-collects or mishandles data because of its intermediary role, which contradicts both Google’s promises and GDPR requirements.
- Limited Use Policy Loophole: Under the Chrome Web Store Limited Use Policy, extensions are generally prohibited from collecting browsing activity unless it’s ‘essential’ and ‘clearly described’. Here lies a grey area—the exact nature of what is ‘essential’ is ambiguous. Users might not be adequately informed about the extent of the data being accessed and how this aligns with Google’s privacy commitment. In most cases, responsible developers clearly outline what data is collected and why. But when privacy policies are unreliable or outdated, users can’t be sure whether the extension’s data collection truly aligns with privacy commitments—or if it even has any such restrictions at all.
- Risk to User Trust: The very fact that NotebookLM is associated with Google means users trust that their data will be handled in line with Google’s privacy-first principles. The introduction of an extension that acts as a middleman and lacks clear, up-to-date documentation and privacy assurances risks undermining this trust. Users might unknowingly expose browsing data to an additional party, which goes against the expectations set by Google.
Privacy Policy Oversight or Convenient Omission? A Serious Concern for User Privacy
The NotebookLM Web Importer shares similarities with content curation tools like Pocket, Delicious, and Flipboard, which aggregate content much like glorified RSS readers. These tools primarily focus on saving and displaying content for easy access, often with enhanced features like personalised recommendations or magazine-style layouts.
However, the NotebookLM Web Importer differs in that it integrates directly with NotebookLM, allowing Google’s AI to actively analyse, transform, and generate insights from the saved content. Unlike traditional curation tools that are read-only, the Web Importer has the capability to read and change data within NotebookLM, which raises questions about the necessity and purpose of altering user content.
While it is important to provide flexibility in managing and enhancing the saved content, the real concern here is that the developer either conveniently avoided or unwittingly omitted updating the privacy policy. Both scenarios reflect poorly, suggesting a lack of attention to privacy concerns, which is a critical aspect of building and maintaining user trust.
The permission prompt for the NotebookLM Web Importer states that it can “read and change your data” on notebooklm.google.com. While such permissions could be justified for improving user experience—such as organising content, synchronising metadata, or enhancing integration—it is essential to be fully transparent about these permissions, especially when the tool is used in conjunction with a Google product like NotebookLM.
The issue is not simply about altering content; it is about the broader responsibility that comes with managing user data in a Google ecosystem, particularly given NotebookLM’s privacy-first approach. Users are entitled to understand why such permissions are necessary and how their data will be handled. A failure to update the privacy policy to specifically cover these aspects either signals a lack of preparedness or a disregard for user privacy—neither of which inspire confidence when dealing with a Google-integrated tool.
Therefore, users should be cautious and ask critical questions before integrating tools like this that require extensive permissions. If the privacy policy does not clearly explain the scope of data handling, it raises red flags about whether the tool can be trusted to maintain the privacy standards expected from Google products, especially considering Google’s longstanding emphasis on user data protection.
What We Know About NotebookLM Web Importer
| Aspect | Summary |
|---|---|
| The NotebookLM Web Importer Extension: What the Developer Claims | The NotebookLM Web Importer is a Chrome extension that allows users to easily import web pages and YouTube videos into their NotebookLM account with a single click. This functionality is designed for efficient saving and organisation of content. |
| Privacy Promises (Chrome Web Store) | The developer claims that the extension does not collect or misuse user data. Specifically, it is not sold to third parties, used outside of core functions, or for credit purposes. It refers only to plausible.io as third-party service providers. |
| Browser Extension Vulnerability | As a browser extension, the NotebookLM Web Importer introduces additional privacy risks. Browser extensions often have broad permissions that can access browsing activity beyond the intended functionality. This means that, apart from altering content within NotebookLM, the extension could also potentially access other data, adding a layer of vulnerability that users should be cautious of. |
| NotebookLM Web Importer Access and Content Alteration | The NotebookLM Web Importer has the capability to access and alter content within NotebookLM, which brings up genuine concerns about user privacy and control. The developer either conveniently avoided or unwittingly omitted updating the privacy policy, which fails to address this explicit capability, reflecting a lack of attention to privacy concerns—a critical aspect of user trust. |
| Developer Background | The NotebookLM Web Importer extension is ‘developed ‘offered by’ by wong2, known for creating browser tools like ‘ChatGPT for Google.’ This developer appears tobe the same person/entity as Wong2, a Shanghai-based developer, known for creating ChatHub, the ChatGPT for Google extension, and projects involving Emscripten and WebAssembly. The ChatHub app on the Chrome Web Store is attributed to Mediocre Apps, but it’s unclear whether this refers to a person or an entity. Another red flag is that the extension, like other tools by wong2, carries the disclaimer: ‘Non-trader: This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.’ |
| Caveat Emptor | The NotebookLM Web Importer, as part of the larger ChatHub ecosystem, attempts to bridge Google’s NotebookLM with a multi-model AI toolset. While the convenience of importing content from the web into NotebookLM is appealing, the lack of updated privacy documentation, unclear integration terms, and unnecessary data permissions suggest an implementation that was not thoroughly prepared. Users should proceed with caution, as the privacy guarantees from Google may not fully translate due to outdated policies and insufficient preparation. ChatHub app is sold on AppStore under the name of 2.5 HK Limited and in Google Play under the name of Mediocre Company. |
Governments in countries like the USA and India have legitimate reasons to demand transparency regarding the origin of apps and digital tools, especially when privacy, national security, and data sovereignty are at stake. Concealing an entity’s true origin to avoid scrutiny or regulatory actions not only raises suspicion but also potentially subjects such companies to stricter measures, as seen in past incidents involving Huawei and TikTok, and the ban on 59 Chinese apps in India.
Privacy Policy Concerns
The privacy policy associated with the NotebookLM Web Importer does not specifically mention the extension. Instead, it appears to be primarily intended for ChatHub, a product with broader applications beyond NotebookLM. As if this weren’t concerning enough, this privacy policy predates the release of NotebookLM, meaning it lacks specific provisions to address the unique privacy implications of interacting with NotebookLM. This outdated privacy coverage leaves users vulnerable to potential risks while they expect NotebookLM’s data handling practices to be trustworthy and transparent.
The Implausible Deflection: Uncovering the Real Scope of Third-Party Data Sharing
ChatHub deflects the question of third-party data sharing by merely mentioning Plausible.io, implying a minimal third-party relationship while potentially obscuring other connections. If you’re unaware of the kind of data residing on your browser, you might be surprised at how much information is accessible. Privacy Diagnostic Tools reveal just how much data is shared through your browser—from IP addresses to browsing habits to your computer’s battery status—highlighting why greater transparency in third-party data sharing is crucial for users to understand and control how their information is managed.
Terms of Dubious Service
The ChatHub Terms of Service lack specific clarity around important aspects, such as data ownership, liability, and what happens to user data if the service is discontinued or changes ownership. Moreover, there are no sections addressing dispute resolution, jurisdiction, or indemnification—common elements found in thorough Terms of Service agreements to safeguard both the user and the provider.
Key Concerns with ChatHub Terms of Service
- Data Ownership and Liability: The ChatHub Terms of Service fail to specify who owns the data once it is shared via the platform. This lack of clarity raises questions about the potential misuse of user-generated content and data, as well as liability in the case of a data breach or misuse.
- Dispute Resolution and Jurisdiction: A strong Terms of Service typically includes clauses about how disputes will be resolved and which legal jurisdiction applies. This is particularly important for services like ChatHub, which may be used across different regions. The absence of these clauses means that users are left vulnerable if legal issues arise, with no clear process to follow.
- Indemnification: There is no mention of indemnification, which usually provides legal protection for both users and the company. If a user inadvertently violates laws while using the platform or if a third party makes claims against the service, indemnification clauses can determine who bears the responsibility. The absence of such a clause means neither the user nor the company has protection in the event of legal complications.
- Alignment with Google’s Privacy Requirements: Google’s Chrome Web Store Developer Program Policies mandate that extensions follow privacy practices that respect user data. This means that developers must have a privacy policy that aligns with Google’s own standards, clearly disclosing data collection, use, and sharing practices. The ChatHub Terms of Service do not meet these requirements adequately, which could lead to violations of Google’s policies and undermine user trust.
- Transparency and Ambiguity: While the extension integrates with Google’s NotebookLM, its privacy policy and terms fail to match the level of transparency that Google advocates for its products. This includes adhering to the Limited Use Policy, which prohibits unnecessary data collection unless clearly described and essential. The ambiguity surrounding what is “essential” and the incomplete privacy details further weaken the trustworthiness of the service.
When a developer rushes to market with their tool without even bothering to update the privacy policy, it should immediately raise caution.
The Takeaway: Proceed with Extreme Caution
If you’re considering using the NotebookLM Web Importer Google Chrome Extension, understand that you are adding an additional layer of data handling—one that might not fully align with Google’s original privacy guarantees. The extension’s privacy policy is outdated and lacks explicit provisions on how user data is processed, which could mean your data is being accessed in ways you might not be fully informed of.
Despite the many issues discussed here, as of 06 December 2024, 3,000 users have added the extension to their Chrome browser. This underlines the need for personal responsibility, as each user must balance privacy concerns with convenience before deciding to install the NotebookLM Web Importer.
For those who value complete privacy and direct control over their data, it is advisable to manually add links and content to NotebookLM instead of relying on this intermediary tool. The introduction of this middleman fundamentally contradicts the privacy-first narrative that NotebookLM aims to promote, making it necessary for users to be extra vigilant about what they choose to share via the extension.
In summary, it is crucial to exercise a high level of caution. While the NotebookLM Web Importer offers convenience, the potential risks regarding data privacy cannot be overlooked. Until there are explicit updates to its privacy policy and alignment with Google’s data handling practices, it’s prudent for users to remain vigilant and consider whether the risks are worth the convenience.
The Verdict
The NotebookLM Web Importer earns a 2 out of 5 stars. While it offers convenience in adding Source content to NotebookLM, significant privacy risks and lack of transparency prevent it from being a recommended tool.
Transparency Statement: The author of this review and the organisation publishing it are not associated with any of the products, services, persons, or entities mentioned in the review, nor with any known competitors. For a broader disclosure, please refer to our editorial policies and disclosures.
Disclaimer: All trademarks, service marks, and company names are the property of their respective owners. Any mention of trademarks, product names, or brands is for informational purposes only and does not imply any endorsement or affiliation. The review and associated materials are for informational purposes only and do not intend to infringe on any intellectual property rights.
