Amazon One-Click Chrome Extension Snoops On SSL Traffic 95
An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."
color me surprised (Score:4, Insightful)
well, why the hell not I say? goog already captures your every move in chrome, so amazon may as well. not to mention NSA and China. I'll stick with Safari - at the very least Apple isn't monetizing my web surfing, so they don't have a per se motive for snooping around.
Common Sense Advice (Score:5, Insightful)
"through their one-click extension for Chrome"
Avoid Google.
Avoid Google services.
Avoid Google products.
All of them.
Forever.
Re:color me surprised (Score:5, Insightful)
well, why the hell not I say? goog already captures your every move in chrome, so amazon may as well. not to mention NSA and China. I'll stick with Safari - at the very least Apple isn't monetizing my web surfing, so they don't have a per se motive for snooping around.
Before too long, it's going to be easier to list the groups who don't have access to your data...
Re:uhh why does it have a browser extension? (Score:4, Insightful)
QUIET, CITIZEN!
Do not question the Corporation. Do not question progress. Do not question prosperity.
What are you, a Socialist?
Re:uhh why does it have a browser extension? (Score:5, Insightful)
ooh.. so it's like a modern browser bar extension. no wonder it snoops.
Re:intellectual property - security in the workpla (Score:4, Insightful)
My workplace just installed a chrome browser frame that does something like this to protect their intellectual property here.
I hope they're not expecting it to protect their IP from Google.
Re:surprise (Score:5, Insightful)
Wrong.
It is a sleazy motel with cameras in every room, and the profits come from selling videos of you having sex, showering, and going to the toilet.
Re:surprise (Score:5, Insightful)
For many, privacy has a value just like money does. Maybe not you. but many.
Re:surprise (Score:4, Insightful)
Well no shit. But I'm losing privacy with either vulnerability; but only one can drain my bank account. Therefore, the one that also drains my bank account is CLEARLY worse.
Re:color me surprised (Score:5, Insightful)
at the very least Apple isn't monetizing my web surfing,
Apple was also on that NSA slide, along with Google and Microsoft. I wouldn't trust them either.
There are no good guys anymore. Accept it, and act accordingly.