My browser, the spy: How extensions slurped up browsing histories from 4M users

Discussion in 'privacy problems' started by mood, Jul 19, 2019.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,159
    My browser, the spy: How extensions slurped up browsing histories from 4M users
    Have your tax returns, Nest videos, and medical info been made public?
    July 18, 2019

    https://arstechnica.com/information...a-from-apple-tesla-blue-origin-and-4m-people/
    Report: DataSpii: The catastrophic data leak via browser extensions (SUMMARY) / Full Report
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,159
    More on DataSpii: How extensions hide their data grabs—and how they’re discovered
    July 18, 2019
    https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/
     
  3. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,169
    Wow this is pretty creepy.
    Edit: I'm less than 1/2 way through the documentation but it's well worth the long read.
     
    Last edited: Jul 19, 2019
  4. rseiler

    rseiler Registered Member

    Joined:
    Dec 22, 2003
    Posts:
    88
    Which naturally brings to mind: has anyone around here or elsewhere ever put together a vetted list of top extensions?
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,722
    The recommended extensions on AMO.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,126
    Location:
    The Netherlands
    But it's not anything new though. I have always known that installing extensions is a huge risk, that's why I would rather see browsers makers integrating certain features. I also wonder if there is a way for them to limit extension rights, without crippling them.
     
  7. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,169
    That's right, it's not new, but as the comment below says - it's dirty. The implications of this thing run far and wide, compromising massive amounts and wide ranging personal imformation like health records, business secrets, ssn, and so on. It's especially the insidious nature of those 8 (known) extensions and the extremely devious way they've been coded to hide/ delay/ morph etc making detection extremely difficult.
    When the heat comes on, these scammers tried to single out Sam Jadali - " but you're the only one"
    Not many people put their life on hold for months and spent 30K nailing this stuff down.
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    20,159
    Still available via Google Analytics: Data slurped from 4 million browsers
    Customers allowed to hold on to existing data as long as they keep accounts open
    July 24, 2019

    https://arstechnica.com/information...rowsers-still-available-via-google-analytics/
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,126
    Location:
    The Netherlands
    Yes exactly, but what I meant is that ALL extensions are capable of doing this stuff, and we have browser developers (Mozilla, Google, M$) to blame.
     
  10. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,169
    For sure when you get a partnership (browsers devs and extension devs) there's going to be two possible culprits. Yes there's always the worry that extensions have the capability to leak stuff, so I agree and I do see the dilemma with that, so much so, I'm taking a fresh look at weeding out more of mine. The pure nature of these 8 extensions though, just can't be considered on the same level as, say, uBO and other extensions that are well known and well respected.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.