Amazon One-Click Chrome Extension Snoops On SSL Traffic

← Back to Stories (view on slashdot.org)

Amazon One-Click Chrome Extension Snoops On SSL Traffic

Posted by Soulskill on Friday July 12, 2013 @09:13AM from the you're-doing-it-wrong dept.

An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."

10 of 95 comments (clear)

Min score:

Reason:

Sort:

color me surprised by noh8rz8 · 2013-07-12 09:16 · Score: 4, Insightful

well, why the hell not I say? goog already captures your every move in chrome, so amazon may as well. not to mention NSA and China. I'll stick with Safari - at the very least Apple isn't monetizing my web surfing, so they don't have a per se motive for snooping around.

--
You want to upvote/downvote? Go back to Reddit! Here we mod up/mod down.
1. Re:color me surprised by CanHasDIY · 2013-07-12 09:23 · Score: 4, Insightful
  
  well, why the hell not I say? goog already captures your every move in chrome, so amazon may as well. not to mention NSA and China. I'll stick with Safari - at the very least Apple isn't monetizing my web surfing, so they don't have a per se motive for snooping around.
  Before too long, it's going to be easier to list the groups who don't have access to your data...
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
2. Re:color me surprised by Omestes · 2013-07-12 19:23 · Score: 4, Insightful
  
  at the very least Apple isn't monetizing my web surfing,
  
  Apple was also on that NSA slide, along with Google and Microsoft. I wouldn't trust them either.
  There are no good guys anymore. Accept it, and act accordingly.
  
  --
  A patriot must always be ready to defend his country against his government. -edward abbey
Common Sense Advice by Anonymous Coward · 2013-07-12 09:22 · Score: 5, Insightful

"through their one-click extension for Chrome"
Avoid Google.
Avoid Google services.
Avoid Google products.
All of them.
Forever.
Re:uhh why does it have a browser extension? by Anonymous Coward · 2013-07-12 09:28 · Score: 4, Insightful

QUIET, CITIZEN!
Do not question the Corporation. Do not question progress. Do not question prosperity.
What are you, a Socialist?
Re:uhh why does it have a browser extension? by gl4ss · 2013-07-12 09:32 · Score: 4, Insightful

ooh.. so it's like a modern browser bar extension. no wonder it snoops.

--
world was created 5 seconds before this post as it is.
Re:intellectual property - security in the workpla by Svartormr · 2013-07-12 09:50 · Score: 3, Insightful

My workplace just installed a chrome browser frame that does something like this to protect their intellectual property here.
I hope they're not expecting it to protect their IP from Google.
Re:surprise by HornyBastard · 2013-07-12 10:19 · Score: 5, Insightful

Our economy has become the equivalent of a luxury hotel that makes its real profits by selling copies of your credit card swipes to hackers.
Wrong.
It is a sleazy motel with cameras in every room, and the profits come from selling videos of you having sex, showering, and going to the toilet.

--
Death has been proven to be 99% fatal in lab rats.
Re:surprise by Nerdfest · 2013-07-12 13:19 · Score: 4, Insightful

For many, privacy has a value just like money does. Maybe not you. but many.
Re:surprise by Urza9814 · 2013-07-12 13:24 · Score: 3, Insightful

Well no shit. But I'm losing privacy with either vulnerability; but only one can drain my bank account. Therefore, the one that also drains my bank account is CLEARLY worse.