howtogeek at January 20th, 2014 03:00 — #1
Originally published at: http://www.howtogeek.com/180175/warning-your-browser-extensions-are-spying-on-you/
The internet exploded Friday with the news that Google Chrome extensions are being sold and injected with adware. But the little-known and much more important fact is that your extensions are spying on you and selling your browsing history to shady corporations. HTG investigates.
List of Tracking Extensions
List of Adware Extensions
It's worth noting that a lot of these extensions will end up temporarily removing their ads as a result of all the press coverage. They should not be trusted going forward though.
Make sure to read the original article:
Update: After a lot of back and forth with Hola, we are removing them from the list. We couldn't find ads within the code, and most of the complaining about them from users was because they tested using ads in december according to the founder. Please read his post on this topic for more.
geek at January 20th, 2014 03:02 — #2
I'm going to use this topic as a master list of all the extensions and add-ons that contain either spyware or adware. Feel free to contribute anything you know of.
ballyirish at January 20th, 2014 07:20 — #3
I use the paid version of Internet Download Manager (IDMan), which I set to notify me when a download has completed by letting rip a triumphant bird tweet!
For some reason Google Chrome stopped working on my XP Home a few days ago: a total uninstall and complete re-install made no difference; but Google Chrome gives me no problems whatever on my Windows 7. It's counterpart, Comodo Dragon works well on my XP but I do not have it installed on my W. 7. Dragon is synced to Google Chrome by means of Google+ Dashboard, and yesterday, when I opened Dragon Browser on my XP, my ear drums were assaulted by a continuous stream of frantic bird tweets, yet my IDMan showed no downloads taking place - very odd indeed. The tweeting continued unabated this morning - but only on my XP. My W. 7 IDMan, set to deliver the identical tweet, has remained silent. (Is this a harbinger of attacks on the old XP?)
I have never before heard this happening - it's something totally new. I disabled all the Google extensions on Dragon except for WOT, AdBlock Plus/Pro, Avast!, Page Rank and one or two others. The tweeting stopped immediately... and has not resumed whilst composing this reply on my XP. (Syncing takes place through my modem, as both my XP and W. 7 are connected to the internet through the same modem - my two PCs are not networked)
I take it Google is not responsible for this, what with it's DO NO EVIL policy, the available extensions in the Google Store all being third party stuff???
I am horrified by the information given us in your jolly good article, and I feel the same as you: no one, but no one has any shadow of right to spy on my PC activities - my PCs are my PRIVATE PROPERTY, and not available for public scrutiny or unauthorized use of any kind. Especially not for these advertisement vulture-boys, which is why I avoid freeware bundled with dreadful programs like Open Candy etc etc.
You have done us a GREAT service by your bringing this horrible development to our attention, and I hope the DO NO EVIL, Google, will take steps to remove offending extensions from its store - in keeping with the Google Policy.
Thank you for letting us know - I appreciate your efforts and resultant sleep deprivation very much, I'm sure I speak for ALL of us.
acid0057 at January 20th, 2014 08:24 — #4
Thanks for the article geek!
cikguprof at January 20th, 2014 08:45 — #5
I also use Smooth Gestures
ringhalg at January 20th, 2014 08:59 — #6
I must have a closer look at my addons for Firefox that I have installed. I have over 30 installed and some I rarely use. I installed them for their functionality and didn't check their privacy settings.
willrun4fun at January 20th, 2014 09:03 — #7
I hate to give up Hoverzoom. I am just going to turn off the tracking for now. I guess I could also block the two tracking sites in my host file.
geek at January 20th, 2014 10:33 — #8
jeriusbearius at January 20th, 2014 10:38 — #9
dreasura at January 20th, 2014 11:29 — #10
Something to think about is this: ANYTHING that can "guess" what your interests are is actually spying on you and the history of what you search for and link to. But that spying factor is simply electronics. It's all done by computers, but those computers also generate lists that real people use to then aim advertising at you. It's all a bunch of garbage and geared toward nothing but extreme capitalism. I have very eclectic tastes. I also am very particular about things I like and don't like within any particular category. That being said, none of these efforts will ever work on me. I also tend to boycott ANY advertising that I find irritating or annoying.
The part to be cautious about with these "second-guessers" is that they can be used against you in very inappropriate ways. A private investigation can reveal false leads that could cause a major problem for you. Think of all those people who have lost their jobs over something they "didn't do".... chances are they didn't, but the trail they left makes it look like they did.
It's completely reprehensible how advertising and marketing gets their fingers twisted in our lives to the point of slander. It's all about those nasty things in life: demographics, advertising, marketing, capitalism, stupidity, ignorance, statistics, and outright lying.
t11 at January 20th, 2014 12:03 — #11
Wow don't you all know that any web site you go to has your info as well might as well stop searching the internet hell just unplug the machine, better yet trash can it they all got your info know oh no it's a government conspiracy LOL get a grip people this is old news websites and people have had your info far longer then you all think hell the US government has it know as well.
marcycn at January 20th, 2014 12:25 — #12
Hey Geek..... HoverFree has the exact same warning as HoverZoom.
geek at January 20th, 2014 12:37 — #13
That's a good point. That extension was created by somebody that was upset about the ads, and took the source code and made his own version. It's probably safe, but who knows.
Hopefully Google and Mozilla will crack down on all this behavior.
speakers_86 at January 20th, 2014 14:05 — #14
You can actually view the code before installing the extension if you want. I use an extension called CRX viewer to do it. Of course, if you know how, you can simply copy the code and comment out the spyware lines.
geek at January 20th, 2014 14:08 — #15
Thanks for that... I'm working on a followup piece where we'll explain how to audit your extensions. I didn't know about CRX viewer, that's very helpful.
simimike at January 20th, 2014 14:44 — #16
Interesting that this topic came up again after reading this story I Sold a Chrome Extension but it was a bad decision
Looks like another area of concern to worry about. Everyone is going to have to have a 2nd identity just to be online soon.
foo at January 20th, 2014 15:08 — #17
Imagus is a great alt too. It's becoming more and more popular due to /r/Chrome going nuts over HZ's privacy concerns
willrun4fun at January 20th, 2014 16:23 — #18
Took me a while to figure out the block and allow rules for sites till I went and read the authors page. Not a quick click in the URL bar like on hover zoom. But workable.
soullessecho at January 20th, 2014 17:28 — #19
Something that must be fought for,much like your right to party.
john0904 at January 20th, 2014 20:03 — #20
Personally I am not sure what the big deal is. The Internet is public access and while you are not tracked in real life while you browse a store, the computer is easier to target for individuals.
It's just ads for Pete's sake. It is not like they are stealing your credit card numbers, social security number, DOB, cell/phone numbers, ect.
If someone is so paranoid about targeted ads, they should reconsider using the Internet. Not so surprising, this had been done for the past two decades. Cookies, super cookies and now browser extensions and it's a sure bet they will find new ways of tracking you in the future guaranteed.
And as far as banking and secure sites are concerned, there should be an end to end https secure connection otherwise it is no longer adware or trackware but malicious coding.
It should be noted, there are other agencies that are tracking you right now other than advertisers. NSA, CIA, FBI, other un-named government agencies, both domestic and foreign. Accessing the Internet is not a private affair.
Keep your nose clean and just ignore/block the ads and you'll be happier at the end of the day.
next page →