Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Chrome Privacy Security

Amazon One-Click Chrome Extension Snoops On SSL Traffic 95

Posted by Soulskill from the you're-doing-it-wrong dept.
An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."
This discussion has been archived. No new comments can be posted.

Amazon One-Click Chrome Extension Snoops On SSL Traffic More

Amazon One-Click Chrome Extension Snoops On SSL Traffic

Comments Filter:

  • uhh why does it have a browser extension? (Score:5, Interesting)

    by gl4ss ( 559668 ) on Friday July 12, 2013 @05:22PM (#44265153) Homepage Journal

    someone using it explain, please? what does one click buying need a browser extension for?

  • Re:uhh why does it have a browser extension? (Score:5, Interesting)

    by The MAZZTer ( 911996 ) <megazzt&gmail,com> on Friday July 12, 2013 @05:29PM (#44265217) Homepage
    Here it is. [google.com] Looks like it is a popup which displays various promos and has quick links.

  • Re:surprise (Score:5, Interesting)

    by PopeRatzo ( 965947 ) on Friday July 12, 2013 @06:01PM (#44265429) Journal

    Every company you interact with is recording and selling everything that can get their hands on.

    Do you remember when companies made their profits by selling you products that you wanted, instead of just using their retail operations as a front end to upskirt your personal data and sell that to...whomever?

    Our economy has become the equivalent of a luxury hotel that makes its real profits by selling copies of your credit card swipes to hackers.

    Used to be, when a company sold products, their customers were the people who bought those products. Today, when a company sells products, their real customers are oily characters standing out back, waiting to buy copies of your credit cards. The products they sell, whether stuff on Amazon or Android games, or bandwidth are just a front for their actual, much sleazier, business.

  • Re:surprise (Score:5, Interesting)

    by icebike ( 68054 ) on Friday July 12, 2013 @07:08PM (#44266001)

    At this point is anyone even shocked by this?

    Well I was shocked when I heard that Amazon had a browser extension. I often shop Amazon, but never felt the need to install the extension. It serves no purpose.

    But don't be so sure that Amazon is going to get away with it. If this is true, it could cost them millions.
    They are not a common carrier, and have no safe harbor.

Slashdot Top Deals

This file will self-destruct in five minutes.

Close