Cautionary Tale of Using Browser Plugins and the Info They Can Collect

  • Thread starter Thread starter jedishrfu
  • Start date Start date
Click For Summary
SUMMARY

The DataSpii incident highlights a significant privacy breach involving browser extensions, primarily for Chrome, that collected browsing histories from approximately 4.1 million users. These extensions harvested URLs, webpage titles, and embedded hyperlinks, which were then sold to Nacho Analytics, a service that exposes this data. Sensitive information was accessible through non-password-protected links, raising serious concerns about data privacy and security practices. Users are urged to minimize their online footprint and utilize anonymizers to mitigate data collection risks.

PREREQUISITES
  • Understanding of browser extensions and their functionalities
  • Familiarity with data privacy concepts and regulations
  • Knowledge of URL structures and token-based authentication
  • Awareness of anonymization tools and techniques
NEXT STEPS
  • Research the security implications of browser extensions in Chrome and Firefox
  • Learn about data privacy laws and best practices for online security
  • Explore methods for implementing token-based authentication securely
  • Investigate various anonymization tools and their effectiveness in protecting user data
USEFUL FOR

This discussion is beneficial for web developers, cybersecurity professionals, privacy advocates, and anyone concerned about online data security and privacy practices.

jedishrfu
Mentor
Insights Author
Messages
15,606
Reaction score
10,369
https://arstechnica.com/information...a-from-apple-tesla-blue-origin-and-4m-people/
When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people’s browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head.

DataSpii begins with browser extensions—available mostly for Chrome but in more limited cases for Firefox as well—that, by Google's account, had as many as 4.1 million users. These extensions collected the URLs, webpage titles, and in some cases the embedded hyperlinks of every page that the browser user visits. Most of these collected Web histories were then published by a fee-based service called Nacho Analytics, which markets itself as “God mode for the Internet” and uses the tag line “See Anyone’s Analytics Account.”

Web histories may not sound especially sensitive, but a subset of the published links led to pages that are not protected by passwords—but only by a hard-to-guess sequence of characters (called tokens) included in the URL. Thus, the published links could allow viewers to access the content at these pages. (Security practitioners have long discouraged the publishing of sensitive information on pages that aren't password protected, but the practice remains widespread.)
 
  • Wow
Likes nuuskur and berkeman
Computer science news on Phys.org
This is a disturbing trend. Every internet service is mining your info in exchange for some convenience. The dishonesty is in not telling you that it’s being done and what they are grabbing. Now that we know this, we should just reduce our footprint on the internet as much as we can and use anonymizers to break this data collection chain that binds us.
 

Similar threads

Continuing Resolution for Fiscal Year 2007 - Your action is needed
  • · Replies 11 ·
Replies
11
Views
4K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K