Slashdot Mirror
Chrome Extension Caught Hijacking Users' Browsers (softpedia.com)
An anonymous reader writes: Google has intervened and banned the Better History Chrome extension from the Chrome Web Store after users reported that it started taking over their browsing experience and redirecting them to pages showing ads. As it turns out, the extension was sold off to an unnamed buyer who started adding malicious code that would redirect the user's traffic through a proxy, showing ads and collecting analytics on the user's traffic habits. This same malicious code has also been found in other Google Chrome extensions such as Chrome Currency Converter, Web Timer, User-Agent Switcher, Better History, 4chan Plus, and Hide My Adblocker. At the moment, only Better History and User-Agent Switcher have been removed from the Web Store.
That really sucks, because basically it means malicious assholes can take control of these things.
But, I think it points to a broader problem: EULAs.
The notion that a product can be sold, have the EULA changed giving the new company the ability to ignore any limitations they don't like, and then have it be "too bad, it's in the license".
There need to be real privacy laws, with real penalties, and real restrictions about what you can do with it once you've collected it.
Shit like this should be illegal. And if people won't make it illegal (because lawmakers are on the payroll of large corporations who want this), then some of the black hats should be looking to burn you to the ground for being such douchebags.
Lost at C:>. Found at C.
The fact that they can auto update so silently without any easy way to disable that seems like the largest security hole.
Updates should be selectable and come with user comments/comment voting to allow for some self policing.