Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon One-Click Chrome Extension Snoops On SSL Traffic

Posted by Soulskill on from the you're-doing-it-wrong dept.

An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."

1 of 95 comments (clear)

  1. Re:Common Sense Advice by maxwell+demon · · Score: 5, Informative

    Indeed, NoScript even has a surrogate script for Google Analytics.

    --
    The Tao of math: The numbers you can count are not the real numbers.