Amazon One-Click Chrome Extension Snoops On SSL Traffic 95
An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."
uhh why does it have a browser extension? (Score:5, Interesting)
someone using it explain, please? what does one click buying need a browser extension for?
Re:uhh why does it have a browser extension? (Score:5, Interesting)
Re:surprise (Score:5, Interesting)
Do you remember when companies made their profits by selling you products that you wanted, instead of just using their retail operations as a front end to upskirt your personal data and sell that to...whomever?
Our economy has become the equivalent of a luxury hotel that makes its real profits by selling copies of your credit card swipes to hackers.
Used to be, when a company sold products, their customers were the people who bought those products. Today, when a company sells products, their real customers are oily characters standing out back, waiting to buy copies of your credit cards. The products they sell, whether stuff on Amazon or Android games, or bandwidth are just a front for their actual, much sleazier, business.
Re:surprise (Score:5, Interesting)
At this point is anyone even shocked by this?
Well I was shocked when I heard that Amazon had a browser extension. I often shop Amazon, but never felt the need to install the extension. It serves no purpose.
But don't be so sure that Amazon is going to get away with it. If this is true, it could cost them millions.
They are not a common carrier, and have no safe harbor.