Chrome and Firefox are very popular browsers. There are numerous add-ons available for both – such as ad blockers, tools for images, videos, downloads, screenshots, and much, much more. However, not all add-ons are well-intentioned tools that simply help you for free. Many of these tools spy on you and harm you without you even realizing it. The DataSpii report has now revealed what these add-ons know and what they do with the data they spy on.
Spying Browser Add-Ons: Over 4 Million Victims
8 sniffing browser add-ons were found – affecting over 4 million users (mainly in the USA). According to the DataSpii report, these add-ons read and store the entire browsing history as well as all links on a visited page. This is particularly critical when personal things have been searched for. Based on search queries and browsing history alone, this can provide insights into private life that we would not want to share with strangers.
Warning: Some links lead directly to private accounts
But it gets even worse: Many links that you would never find via websites or Google search, because they lead to hidden, protected, or private pages, actually become visible in this way. These links usually have a random and very long sequence of letters and characters somewhere in the URL and are either sent individually by email or generated after logging into a portal. Examples of extremely sensitive information found via these links, according to the DataSpii Report, include:
- Surveillance videos of homes and businesses, hosted on platforms like Nest or other security portals.
- Tax returns, invoices, and names of clients and their lawyers.
- Professional PowerPoint slides not intended for public viewing, temporarily stored on platforms such as Microsoft OneDrive, Intuit.com, or other cloud portals.
- Vehicle Identification Numbers (license plates, chassis numbers, etc.) published along with the address and name of new buyers.
- Names of patients, doctors, and other sensitive details listed on platforms like DrChrono.
- Private travel plans, routes, flights, and hotel bookings accessible on Priveline, Booking.com, or various airline websites.
- Attachments and photos from Facebook Messenger – even if the photos were tagged as private.
All this data collected by the add-ons ended up, among other places, at the company NachoAnalytics, where it was enriched with data and information from other sources and apparently resold completely legally.
Admittedly, in many cases, the sold links were unusable, being useless without re-entering a password; but not all of them. And the examples above show how much private information can be extracted in this way.
These are the affected add-ons
In extensive research, Sam Jadali, the father of the DataSpii Report, was able to identify eight add-ons that extract and resell the aforementioned data. These are:
- Fairshare Unlock (Chrome and Firefox)
- SpeakIt! (Chrome)
- Hover Zoom (Chrome)
- PanelMeasurement (Chrome)
- Super Zoom (Chrome and Firefox)
- SaveFrom.net Helper (Firefox)
- Branded Surveys
- Panel Community Surveys
If you have any of these add-ons installed, remove them immediately!
For Google Chrome: Simply type chrome://extensions/ into the URL bar. All your add-ons will then be listed.
For Firefox: Simply type about:addons into the URL bar. Here, click "..." and then you can remove any add-ons.
Legally spied on?
Whether the eight providers of the exposed spying add-ons or the reseller NatchoService face legal consequences is currently more than questionable, as most of the add-ons explicitly stated in their license terms that they would collect, review, and potentially share data. But who reads license terms? Chrome and Firefox have reacted to this by banning these add-ons from recommendation pages and their stores.
Generally speaking: Be careful with browser add-ons
In addition to these eight add-ons, we generally recommend that you uninstall all add-ons that you don't know or use. Users often don't even know what add-ons they have accumulated in their browsers over the years. But even if no other "suspects" like these eight were found in the DataSpii Report, it cannot be ruled out that there are more.
The selection of browser add-ons is too vast and confusing, and it's almost likely that there are other providers who collect and resell data without your knowledge. Because the browser operators themselves (Firefox, Google) are currently not doing enough to adequately check add-ons. So the risk of spying add-ons remains for now, and every user is forced to somehow solve this problem themselves.
If you want to surf securely, we recommend our Cyber Shield software.
