Chrome and Firefox are very popular. There are numerous add-ons available for both browsers, such as ad blockers, utility tools for images, videos, downloads, screenshots, and much, much more. But not all add-ons are well-intentioned tools that simply help you for free. Many of these tools spy on you and harm you without you even realizing it. The DataSpii Report has now shown everything that spying browser add-ons know and what they do with the spied-on data.
Over 4 Million Affected
8 sniffing, spying browser add-ons were found – over 4 million users (mainly in the USA) are affected. According to the DataSpii Report, these add-ons read and save the entire browser history and all links on a visited page. This is particularly critical if personal things have been searched for. Based solely on search queries and browser history, insights into private life are revealed that we would not want to share with any stranger.
Some links lead directly to private accounts
But it gets even worse: Many links that one would never find via websites or Google search, because they lead to hidden, protected or private pages, actually become visible in this way. These links usually have an arbitrary and very long sequence of letters and characters somewhere in the URL and are either sent individually by e-mail or generated after logging in to a portal.
Here are a few examples of extremely sensitive information that, according to the DataSpii Report, was found via these links:
- Surveillance videos of homes and businesses, hosted e.g. on Nest or other security portals.
- Tax returns, invoices, as well as names of clients and their lawyers.
- Professional PowerPoint slides that were not intended for the public and were temporarily stored on Microsoft OneDrive, Intuit.com or other cloud portals, for example.
- Vehicle identification numbers (license plates, chassis numbers, etc.) were published along with the address and name of the new buyers.
- Names of patients, doctors and other sensitive details listed on DrChrono, for example.
- Private travel plans, routes, flights and hotel bookings that could be retrieved from Priceline, Booking.com or the websites of various airlines.
- Attachments and photos from Facebook Messenger – even if the photos were tagged as private.
All of this data, collected by the spying browser add-ons, ended up with companies like NachoAnalytics, where it was enriched with data and information from other sources and apparently resold legally.
Admittedly: In many cases, the sold links were unusable, as they were useless without re-entering a password; but not all of them. And the examples above show how much private information can be obtained this way.
These are the affected spying browser add-ons
In extensive research, Sam Jadali, the father of the DataSpii Report, was able to identify 8 add-ons that extract and resell the aforementioned data. These are:
- Fairshare Unlock (Chrome and Firefox)
- SpeakIt! (Chrome)
- Hover Zoom (Chrome)
- PanelMeasurement (Chrome)
- Super Zoom (Chrome and Firefox)
- SaveFrom.net Helper (Firefox)
- Branded Surveys
- Panel Community Surveys
If you have one of these add-ons installed, remove it immediately!
For Google Chrome: Simply type chrome://extensions/ into the URL bar. Google Chrome will then list all your add-ons.
For Firefox: Simply type about:addons into the URL bar. Here you click "..." and can then remove any add-ons.
Legally spied on?
Whether the 8 providers of the unmasked sniffing add-ons or the reseller NatchoService face legal consequences is more than questionable, as most of the add-ons explicitly stated in their license terms that they collect, check and, if necessary, pass on data. But who reads the license terms? Here, Chrome and Firefox have reacted and banned these add-ons from recommendation pages and their stores.
Generally: Be careful with browser add-ons
In addition to these 8 add-ons, we generally recommend uninstalling all add-ons that you do not know or use. Users often do not even know what add-ons they have accumulated in their browsers over the years. But even if no further "suspects" like these eight were found in the context of the DataSpii Report – it cannot be ruled out that there are more of them. The selection of browser add-ons is too large and confusing, and it is almost certainly probable that there are other providers who collect data and resell it without your knowledge. Because the operators of the browsers themselves (Firefox, Google) are currently not doing enough to adequately check add-ons. So the risk of spying browser add-ons remains for now, and every user is forced to solve this problem themselves somehow.
