Firefox and Chrome Pull Popular Browser Extension Stylish From Their Stores After Report Claimed It Logs and Shares Browsing History, Credentials

← Back to Stories (view on slashdot.org)

Firefox and Chrome Pull Popular Browser Extension Stylish From Their Stores After Report Claimed It Logs and Shares Browsing History, Credentials

Posted by msmash on Wednesday July 4, 2018 @10:00AM from the end-of-road dept.

sombragris writes: Stylish, a popular extension available for Chrome and Firefox which allows for easy customization of any website, now phones home and shares its users' browser history with its corporate parent, according to blogger Robert Heaton. This prompted Firefox to ban the extension from its addons site and prompt all users to disable it. The discussion can be seen in the relevant bug report. In Heaton's words:

Stylish is no longer a well-meaning product with your best interests at heart. If you use and like Stylish, please uninstall it and switch to an alternative like Stylus, an offshoot from the good old version of Stylish that works in much the same way, minus the spyware.

Google too has pulled the extension from its extension store. This is not the first time Stylish is at the centre of a privacy debacle

5 of 68 comments (clear)

Min score:

Reason:

Sort:

Bad - but not surprising or unexpected by Anonymous Coward · 2018-07-04 09:13 · Score: 5, Insightful

We now live in "The Internet Economy" where everything is based on "monetizing" the customer.
Re:We need an extention protection mechanism by Luthair · 2018-07-04 09:22 · Score: 3, Insightful

Not sure what one can really do, if a developer willing gives away the keys to the extension.
Spot the blame-jumping by Anonymous Coward · 2018-07-04 10:16 · Score: 0, Insightful

Sure, this is clearly a shitty thing for an extension to do - but the real blame lies squarely with the FF devs. On what fscking planet is there justification for ALLOWING an extension to access history in the first place?! They were perfectly happy to permanently break thousands of legitimate and useful extensions a year ago by refusing to support existing functionality in the "new" APIs, but utter retardedness like this passed their "merit" test?
(For the Chrome devs it's understandable, since the entire point of that browser is to spy on users in the first place).
1. Re:Spot the blame-jumping by jaa101 · 2018-07-04 14:36 · Score: 2, Insightful
  
  the real blame lies squarely with the FF devs.
  Wrong.
  
  On what fscking planet is there justification for ALLOWING an extension to access history in the first place?!
  For examples, try searching for Firefox extensions involving history.
  Maybe there needs to be some kind of permissions system for extensions so that the user is prompted to grant access to things like history, credentials, form fields, user key-strokes, etc. Until there is, understand that you need to trust your extensions just as much as you have to trust the browser itself. This shouldn't be a surprise to anyone.
Re:We need an extention protection mechanism by Waccoon · 2018-07-04 14:23 · Score: 3, Insightful

While we're at it, could we also have a mechanism to override auto-updating? It sucks when a developer sells his extension, and then everything auto-updates to the all-new system without appropriate disclosure. One of many reasons I don't want ANYTHING to auto-update anymore.