Browser Extensions Are Undermining Privacy (vortex.com) 82
pizzutz writes: Chrome's popular Web Developer plugin was briefly hijacked on Wednesday when an attacker gained control of the author's Google account and released a new version (0.49) which injected ads into web pages of more than a million users who downloaded the update. The version was quickly replaced with an uncompromised version (0.5) and all users are urged to update immediately.
Lauren Weinstein has a broader warning: While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained. Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.
Lauren also warns about sites that "push users very hard to install these privacy-invasive, data sucking extensions" -- and believes requests for permissions aren't a sufficient safeguard for most users. "Expecting them to really understand what these permissions mean is ludicrous. We're the software engineers and computer scientists -- most users aren't either of these. They have busy lives -- they expect our stuff to just work, and not to screw them over."
Lauren Weinstein has a broader warning: While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained. Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.
Lauren also warns about sites that "push users very hard to install these privacy-invasive, data sucking extensions" -- and believes requests for permissions aren't a sufficient safeguard for most users. "Expecting them to really understand what these permissions mean is ludicrous. We're the software engineers and computer scientists -- most users aren't either of these. They have busy lives -- they expect our stuff to just work, and not to screw them over."
Re: (Score:2)
Data is not fact. Who fucking cares.
"Interesting! AC there doesn't seem to be capable of putting together a grammatical sentence. Let's steer some advertisements for grammar books his way. Slant the ads so he feels inadequate with his present, sad command of the language. Couldn't hurt."
Anti-extension Narrative Ramping Up? (Score:5, Interesting)
While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons
Not false, but it's also true that ad-blocking (ublock) and script-blocking (flashblock, noscript) extension have done more for user privacy and security than most any other software, sometimes by working against the aims of the browser makers. I fear this story may be part of an anti-extension (and anti-user-control in general) narrative.
Re: Anti-extension Narrative Ramping Up? (Score:4, Insightful)
Yup. Google wants browser users to have "privacy", so long as Google can still snoop everything they do.
Re: Anti-extension Narrative Ramping Up? (Score:4, Insightful)
This is _exactly_ right. The data is much more valuable to any one vendor of they have it and their competitors do not, especially if it can be used for monopoly control or even fraud.
Re: (Score:1)
But that would be evil*. Didn't they promise not to be evil?
* Our definition of evil can change at any time, without having to notify our users.
Re: (Score:1)
It's worth noting that extensions _can_ undermine your privacy though. I'm not anti-extension at all, but I seem to recall NoScript phoning back to some homesite (informaction.com) periodically. Like once an hour or something weird. That might not be the case anymore, but still, I definately do NOT expect privacy/security related plugins to do fishy crap like "beaconing".
Re: (Score:3)
Re: (Score:2, Informative)
You just don't remember correctly at all. Here's the developer discussing it with other people it made uncomfortable: https://forums.informaction.com/viewtopic.php?f=7&t=4743 [informaction.com]
I think NoScript is great, but I also think that kind of background network behavior is a very poor design feature in a privacy/security product.
Re: (Score:2)
Correcto mundo. I would claim that ad-blocking extensions of internet browsers are even more significant inventions than the internet itself. The impact of these two humble guys ADP and NS on my life is more than internet itself.
They completely eliminated advertisement
Re: (Score:2)
While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons
Not false, but it's also true that ad-blocking (ublock) and script-blocking (flashblock, noscript) extension have done more for user privacy and security than most any other software, sometimes by working against the aims of the browser makers. I fear this story may be part of an anti-extension (and anti-user-control in general) narrative.
Imagine if an aftermarket vendor offered a vehicle modification that disabled the air bags without telling the driver, which ultimately resulted in killing people. You would tend to want to not only go after the aftermarket vendor, but you would probably also question the automobile manufacturer, and their security mechanism that was undermined.
Quite often with shitty extensions or shitty apps, consumers are unaware that safety and security has been compromised. The narrative is not anti-user-control, it
Re: (Score:2)
Re: (Score:2)
Google does not appro
Re: (Score:2)
They can't take away open source software that we already have.
If they muck it up, we'll select a fork and be done with it.
Solved, easy.
What about the privacy-undermining browser itself? (Score:2)
Because you know... Google.
I guess they don't like it when lose their data-sucking monopoly.
Re: (Score:3)
The ads stop with a nice selection of quality add ons.
The next step is to ensure the add ons are correct in what they offer and do.
Re: (Score:2)
Open source always means no privacy violations!
Just ask Canonical!
Re: (Score:2)
Ask systemd.
not properly restricted (Score:4, Interesting)
Part of the problem is that extensions are not properly restricted because they can get/send data to/from anywhere regardless of the permissions you give it. What they really need to do is restrict arbitrary URL requests. If the domain name isn't part of the [content of] requested page then it should require explicit permissions to access it.
Re: (Score:1)
If the domain name isn't part of the [content of] requested page then it should require explicit permissions to access it.
You know, there's an extension for that: Request Policy [github.io].
Re: (Score:2)
If the domain name isn't part of the [content of] requested page then it should require explicit permissions to access it.
You know, there's an extension for that: Request Policy.
Or you could use the all-in-one solution uMatrix [github.com]. It gives the user control over cookies, css, images, media files, scripts, XHR, frames, and other requests, by domain. It allows for conveinent whitelisting, blacklisting, and greylisting of domains as well as resource types. It even comes with lists of known-to-be-hostile domains which are blacklisted by default.
This functionality should be included by in all browsers. It would be included too, if the browser vendors considered the "user-agent" to be an
Re: (Score:2)
Re: (Score:2)
That defines which websites the extension will be enabled and which stored data it can access. When it's enabled, there are no restrictions on which sites it can communicate with.
Re: (Score:2)
Hey... why bother going through all that trouble when you can just force mandatory code signing to ENSURE things are safe, and then drop support for extensions altogether because the people in charge of the platform always know better?
Re: (Score:2)
I'm going to assume that is sarcasm because if it is not, GTFO.
Cant disable extension update in Chrome (Score:4, Interesting)
Chrome forces extension updates from the mothership. No way of disabling it. Even editing out update server address in extension .xml doesnt do it. = its all Googles fault in the end.
Re: (Score:3)
Being able to change the update server would just open the door for malware to infect your machine by issuing updates for all your extensions through their own server. Don't blame Google for a developer who fails to use provided security mechanisms like two factor authentication (at least, I don't see how the author's account could have been compromised so easily if he was using it, and using it properly).
Re: (Score:2)
The problem is that the user has no defense against whats on the update server. Full stop. It does not matter that you vetted adblock+ because the next time you run the browser it may be a different version throwing your data at the NSA/CIA/DNC
Google could potentially fix this (Score:2)
by requiring any extension developer to have 2FA enabled on their Google account, which will make it much harder to compromise accounts. That's really the only thing I see Google doing wrong here, ultimately it's the developer's responsibility to maintain control of the account used to publish updates.
That, and maybe requiring extension updates be signed with the developer's private key. I believe Android's Play Store requires this. Last I checked Chrome Web Store just accepted plain ZIP uploads? The thing
Score one for FF (Score:1)
"However, the Firefox version of both the extensions was unaffected."
The difference is that Chrome will automagically update things, while Firefox makes you manually update extensions.
Biggest issue I see is that all of the popular browsers are in an all-out war to include as many extensions in their core code, so that you don't need ones they don't control. This may be "more secure", but, it makes the browsers bloody slow for ALL users, instead of the few who need their browser to keep them connected to 145
Not the only one: Copyfish too (Score:2)
https://a9t9.com/blog/chrome-e... [a9t9.com]
Sounds more like a Chrome issue (Score:3)
Re:Sounds more like a Chrome issue (Score:4, Interesting)
Aside from the memory footprint an important reason to avoid that browser.
I sometimes use Chromiium for some multi media sites that just won't work in FF and assume it has better privacy than Chrome but would love to see an expert's view on this.
Re: (Score:2)
Funny (Score:2)
Most of the extensions I have installed are there for the express purpose of improving my privacy: privacy badger, sharemenot, ublock, etc.
What no rust (Score:2)
You mean they are writing these extensions in rust ???
Inconceivable !! Not only is in impossible to have insecure rust code, it will also bake and put an apple pie on your window sill :)