Submitted via IRC for SoyCow1984
Have your tax returns, Nest videos, and medical info been made public?
When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people's browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head.
DataSpii begins with browser extensions—available mostly for Chrome but in more limited cases for Firefox as well—that, by Google's account, had as many as 4.1 million users. These extensions collected the URLs, webpage titles, and in some cases the embedded hyperlinks of every page that the browser user visited. Most of these collected Web histories were then published by a fee-based service called Nacho Analytics, which markets itself as "God mode for the Internet" and uses the tag line "See Anyone's Analytics Account."
[...] According to the researcher who discovered and extensively documented the problem, this non-stop flow of sensitive data over the past seven months has resulted in the publication of links to:
- Home and business surveillance videos hosted on Nest and other security services
- Tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive, Intuit.com, and other online services
- Vehicle identification numbers of recently bought automobiles, along with the names and addresses of the buyers
- Patient names, the doctors they visited, and other details listed by DrChrono, a patient care cloud platform that contracts with medical services
- Travel itineraries hosted on Priceline, Booking.com, and airline websites
- Facebook Messenger attachments and Facebook photos, even when the photos were set to be private.
(Score: 4, Informative) by deimtee on Sunday July 21 2019, @03:40AM (1 child)
A probably incomplete list from TFA of the extensions spying on you:
Fairshare Unlock
SpeakIt!
Hover Zoom
PanelMeasurement
Super Zoom
SaveFrom.net Helper
Branded Surveys
Panel Community Surveys
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by Runaway1956 on Sunday July 21 2019, @09:01AM
When I install, or manage, extensions into my browsers, I'm sure that I always get a warning. Something to the effect that "Extension Blahblah will have access to all of your browsing, including logins, blah blah blah. Are you sure you want to install Extension Blahblah?"
Most of the time, I'm NOT sure. Truth be told, I'm never really really sure. But, I do permit extensions from EFF, and a small handful of groups that I mostly trust.
Will I install an extension written by some individual whom I have never heard of, and have no idea what he's all about? Just because it has a cool name, maybe some cool artwork on the home page, and Author X says that his extension is cool? Nope. All of my extensions come from places and people that have earned some measure of trust and respect OVER TIME. There is history to look at. There are people to talk to. Comments, reviews, complaints, and bug reports to look at. The extensions I choose to use are developed, for the most part, in the *nix fashion.
I live as much as possible outside the Cathedral, in the Bazaar. I simply won't trust Joe Blow not to track me, and to use my data for profit, and/or to use my data against me.
TLDR: every extension has the potential to be used against your best interests. Choose wisely.