Amazon One-Click Chrome Extension Snoops On SSL Traffic

An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."

Re:surprise

[Urza9814]

You are not getting this are you?

BOTH AFFECT PRIVACY. They have the same effect on privacy. It's not a question of how much you value privacy, because privacy is ENTIRELY IRRELEVANT to this comparison! Because it affects both equally. It's the same on both sides of the equation, so you can subtract it from both. Privacy + money > privacy. If privacy is 10 and money is 100, that statement is true. If privacy is 1000000000000 and money is 0.000001, that statement IS STILL TRUE.

To go back to the post I was replying to: This isn't the exact same thing as normal ad tracking, because this gives an attacker more power. We can debate all you want about which aspects of that power is more valuable, and I'd probably agree with you, but that's a completely different topic. More is by definition not "exactly the same". 1000000000000.000001 != 1000000000000.