The internet is an inseparable part of our daily lives now, and we all use our favorite browser to get to it. Edge, Firefox, Chrome, and Safari have come a long way from their early beginnings, some so far that they are nearly their own computer system by themselves. These systems have all sorts of plugins that can be added to them, like mini applications all doing their own thing. Maybe they’re removing ads from your pages, or adjusting the font so it’s easier to see, or maybe it’s just to make an image bigger when you hover over it because the website designer didn’t think they needed that feature!
Security researcher Sam Jadali is the researcher who discovered this, though this isn’t the first time browser extensions have been scrutinized for their security practices. He calls this type of “attack” DataSpii, a name which reflects the unseen collection of both internal corporate data and personally identifiable information (PII).
During his research he tested over 200 browser extensions, and identified a number of extensions that act as data collectors for services like Nacho Analytics. Jadali said he was concerned because some of the URLs Nacho Analytics published led to private forum conversations—and only the senders and recipients of the links would have known of the URLs or would have the credentials needed to access the discussion. So far the extensions that he has found to have collected browsing histories that later appeared on Nacho Analytics include:
- Fairshare Unlock, a Chrome extension for accessing premium content for free. (A Firefox version of the extension, available here, collects the same browsing data.)
- SpeakIt!, a text-to-speech extension for Chrome.
- Hover Zoom, a Chrome extension for enlarging images.
- PanelMeasurement, a Chrome extension for finding market research surveys
- Super Zoom, another image extension for both Chrome and Firefox. Google and Mozilla removed Super Zoom from their add-ons stores in February or March, after Jadali reported its data collection behavior. Even after that removal, the extension continued to collect browsing behavior on the researcher’s lab computer weeks later.
- SaveFrom.net Helper a Firefox extension that promises to make Internet downloading easier. Jadali observed the data collection only in an extension version downloaded from the developer. He did not observe the behavior in the version that was previously available from Mozilla’s add-ons store.
- Branded Surveys, which offers chances to receive cash and other prizes in return for completing online surveys.
- Panel Community Surveys, another app that offers rewards for answering online surveys.
If you have any of these installed in your favorite browser, we would strongly urge you to uninstall them as soon as possible. You can learn how to check your extensions by clicking one of these links: Chrome, Firefox, Edge.
If you want to learn more about this issue, you can read the in-depth Arstechnica article here.
ABOUT THE AUTHOR:
Joshua Eimer is a managing partner and Director of Northwestern Operations at LTB Computer Solutions Inc.
Joshua designs and builds technology systems that solve problems and objectives for small and mid-size businesses and organizations. Joshua has worked in the technology industry for over 15 years and has worked with companies including Microsoft, Smart Technologies, and Home Depot. Joshua provides solutions across many diverse spaces including healthcare, manufacturing, finance, not-for-profit, and the vibrant tourism and hospitality industry.