Amazon One-Click Chrome Extension Snoops On SSL Traffic

← Back to Stories (view on slashdot.org)

Amazon One-Click Chrome Extension Snoops On SSL Traffic

Posted by Soulskill on Friday July 12, 2013 @09:13AM from the you're-doing-it-wrong dept.

An anonymous reader writes "It turns out Amazon has its own sketchy method of snooping on all your browser traffic — even SSL traffic — through their one-click extension for Chrome. As designed, the extension reports every URL you visit, including HTTPS ones, to Amazon. It uses XSS to provide some of its functionality. It also reports contents of some website visits to Alexa. The Amazon extension has also been exploited to allow an attacker to gain access to SSL traffic on browsers that have it installed."

5 of 95 comments (clear)

Min score:

Reason:

Sort:

Common Sense Advice by Anonymous Coward · 2013-07-12 09:22 · Score: 5, Insightful

"through their one-click extension for Chrome"
Avoid Google.
Avoid Google services.
Avoid Google products.
All of them.
Forever.
1. Re:Common Sense Advice by maxwell+demon · 2013-07-12 10:38 · Score: 5, Informative
  
  Indeed, NoScript even has a surrogate script for Google Analytics.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
Re:uhh why does it have a browser extension? by The+MAZZTer · 2013-07-12 09:29 · Score: 5, Interesting

Here it is. Looks like it is a popup which displays various promos and has quick links.
Re:color me surprised by Anonymous Coward · 2013-07-12 09:31 · Score: 5, Funny

Here is the updated list:
1. You
Re:surprise by HornyBastard · 2013-07-12 10:19 · Score: 5, Insightful

Our economy has become the equivalent of a luxury hotel that makes its real profits by selling copies of your credit card swipes to hackers.
Wrong.
It is a sleazy motel with cameras in every room, and the profits come from selling videos of you having sex, showering, and going to the toilet.

--
Death has been proven to be 99% fatal in lab rats.