Researchers find multiple Chrome extensions secretly tracking users

Google Chrome logoAnalytics code deeply hidden in popular Google Chrome extensions is being used to track users across the Web, in different browser tabs, and without user consent.

Swedish company Detectify Labs made this discovery, and its researchers are pointing the finger at popular extensions like HooverZoom, SpeakIt, ProxFlow, Instant Translate, FB Color Changer, SafeBrowse, JavaScript Error Notifier, SuperBlock AdBlocker, and more.

According to Detectify researchers, the extensions that engage in such practices are doing it without obtaining user consent, have the tracking feature enabled by default, and also have dodgy user privacy policies to begin with.

Detectify's team has observed Chrome extensions track not only the user's browser history but also data from cookies, secret access tokens from Facebook Connect and links to private Dropbox or Google Drive files.

While it is understandable for analytics providers to be interested in getting their grubby little hands on user details through any means they can, the methods employed via Chrome extensions are bordering criminal activity.

The analytics providers where all this information ends up are providing anyone with an open wallet access to the sensitive data. The researchers even signed up for one such service and after sifting through the warehoused data, they were able to find internal PDFs uploaded to AWS servers, Intranet URLs that could compromise a company's internal network structure, and common URLs used by employees on targeted competitors.

Researchers even observed one sneaky analytics SDK that included a self-updating functionality that would work even if the extension was never updated. This allowed the analytics company to update the tracking code and add new functionality, even if the extension's author abandoned his project.

Detecting such extensions is also tricky since most of them use a separate extension process in the browser's background to carry out their snooping activities.

Above all, researchers blame the extensions' authors who, in their quest to monetize their code, allow such snakes to nestle in their add-ons.

"We’ve seen some indications on Chrome Extension-forums that it’s around $0.04 per user/month," says Linus Särud and Frans Rosén of Detectify Labs. "For plugins with over tens and hundreds of thousands of users that equals [to] a substantial amount of monthly income."

As for Firefox add-ons, the researchers analyzed only one extension and found it to have a similar functionality.

Source: Softpedia

Tags: browsers, Chrome, Google, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)