Slashdot Mirror
A Third of All Chrome Extensions Request Access To User Data on Any Site
More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website, a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed. From a report: The same survey also found that roughly 85 percent of the 120,000 Chrome extensions listed on the Chrome Web Store don't have a privacy policy listed, meaning there's no legally-binding document describing how extension developers are committing to handling user data. Additional survey findings include the fact that 77 percent of the tested Chrome extensions didn't list a support site, 32 percent used third-party JavaScript libraries that contained publicly known vulnerabilities, and nine percent could access and read cookie files, some of which are used for authentication operations.
So are these extensions up to something nefarious, or are they being forced to request this "all data / any web site" access because finer grained permissions aren't there?
Why do they still claim not to know that everything they do is being recorded? Why is there so much denial? Why the appeal to authority? Looking for preferential treatment perhaps? Hoping to be the last one to be eaten? What's up with these stupid fucks?
1/3rd of Chrome extensions request a required permission for the extension to actually do what it says.
Seriously... 1/3rd? I'm surprised it's that low.
More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website
But we were assured that Google takes our privacy seriously! Glad to see Google is really on top of this.
a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed.
What possible utility could there be in 120,000 different extensions? Who in the name of Thor's ugly sweater is actually using these things? I use about 5 extension on my browser of choice (Firefox for me), all fairly popular and I really cannot see any circumstance where I would use more than 10. There is no sane argument for that many extensions without a huge number of them being malware.
Until devs become clearer on privacy.
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
So are these extensions up to something nefarious, or are they being forced to request this "all data / any web site" access because finer grained permissions aren't there?
My guess would be that they ask because they can and because most users will not pay enough attention to choose some other option even if one is provided - which it won't be. Never mind that with 120,000 (!?!) extensions a HUGE number of these have to be malware of some description. There just isn't that much need for that many different extensions.
The title should be "A third of all chrome extensions request access to user data on all sites"
"Hello Mr Pigsy, part human and part pig.
As you know, we have already suspended your services, but we would be happy to get everything back up and running for you as soon as you have paid your overdue balance. The quickest way to make payment is with a debit or credit card. Simply register or sign in to your account at virginmedia.com/ymvirginmedia.
Alternatively you can call our automated payment service on 173 from your virgin media home phone or on 0345 142 4444*from any other phone and select option 1.
Paypoint is also a popular and easy way to pay. Simply take this letter to your nearest paypoint outlet and used the barcode above.
Just so you know, if your account is not brought up to date, it could affect your credit rating and you might find it difficult to get credit in the future.
Yours sincerely,
Karen Walker
customer services director
Please read the small print.
* For details on how much it cost to call our team visit virginmedia.com/callcosts".
My god I have credit?
And this company wants £106.33p well kiss my arse virginmedia you can send me £106.33p where do I send the demand? there is only telephone numbers and they are all in Pakistan call centers. I wonder how often they do this to people and do people actually pay them money?
Isn't most of it just legit ad blocking? You have to scan the page to remove ads and it seems like 75% of the extensions are somehow related to ad blocking or content manipulation or password management. They all need those permissions.
See subject: Hosts do more 4 less vs. 'souled-out' to ADVERTISERS (adblock) addons to NOT WORK by default & are EASILY DETECTED + BLOCKED by webmasters via native browser methods anyway!
Addons TRACK YOU TOO? See subject!
NATIVE (not "Bolt-on-'MoAr' ILLOGIC-LOGIC inferior methods) Hosts STOP 3rd party tracking scripts before NoScript EVEN BEGINS TO OPERATE (& no parse overhead in script src tags).
Addons = TERMINATED by Google per https://www.bleepingcomputer.c...
(Bye UBlock - IMITATING my use of hosts files & provides NO PROTECTION vs. DNS down/redirected & can't populate hosts itself - a redundant inefficient addon operating SLOWER in USERMODE vs. hosts in FASTER kernelmode)
P.S.=> APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p (remove spaces & download)
APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down... (DL link @ bottom)
See subject & results in https://tech.slashdot.org/comm... https://yro.slashdot.org/comme... https://it.slashdot.org/commen... https://linux.slashdot.org/com... https://news.slashdot.org/comm... https://apple.slashdot.org/com... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://search.slashdot.org/co... https://it.slashdot.org/commen... https://it.slashdot.org/commen... https://tech.slashdot.org/comm... https://tech.slashdot.org/comm... https://apple.slashdot.org/com... https://tech.slashdot.org/comm... https://it.slashdot.org/commen... https://tech.slashdot.org/comm... https://tech.slashdot.org/comm... https://science.slashdot.org/c...
* That's only recently while I've been on Linux (July 2018) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VERIFIABLE UNDENIABLE REALITY (see those links as proof). ... & that's ONLY what /. reported on (there's FAR more)
APK
P.S.=> "It's working: Neville... it's working!" - "I AM LEGEND" + HOSTNAME USE IS DOWN IN MALWARE https://unit42.paloaltonetwork... (my ACT OF FAITH is JUSTIFIED by fact)... apk
"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER
ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"
SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...
Aryeh Goretsky/ESET/NOD32: hosts = good security https://it.slashdot.org/comments.pl?sid=7442373&.cid=49747129/
Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/
Spybot S&D uses hosts.
APK
P.S.=> Malwarebytes' hpHosts hosts & RECOMMENDS my program forum.hosts-file.net/viewtopic.php?f=5&t=4290
Companies that are only viable by violating user privacy can lie all they want.
Away with em.
... are finer grained permissions available? Or for many extensions, even logically possible?
If the extension is going to filter for ads, or change the colors, or inject user CSS, or tell you if products on the page are cheaper at Amazon, or whatever - it kind of needs to access the webpage data. Right?
Who did it 1st: China or me? I did - dates are my proof https://theregister.co.uk/2017... w/ the FACT China rampantly STEALS U.S. Intellectual properties & military secrets!
* IMITATION truly IS the SINCEREST FORM of FLATTERY!
(... & proves hosts work vs. DNS faults in tracking you via dns request logs (since you avoid it & resolve FASTER locally using hosts) + DNS being downed OR Kaminsky REDIRECT security flaw misdirected poisoned (or vs. DNSChanger))
US DHS issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war...
APK
P.S.=> Folks, It's NOT EASY being "World-Class" like me (lol - 200,000++ users prove it for me) - enjoy the fruits of my labors for FREE + going FASTER/SAFER/MORE RELIABLY online (w/ a bit more anonymity too via my program)... apk
Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016
his hosts program is actually pretty good by xenotransplant August 10 2015
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015
I like your host file system by Karmashock September 09 2015
that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015
I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient/better MERGE feature too - More coming... apk
Apk has the answer for that - really... kill automatic updates by adding a hosts file entry setting updates.steam.com or whatever to 127.0.0.1. You have to find the right hostname for each software you want to block updates on by raymorris (2726007) on Friday July 06, 2018
APK your posts on this and the hosts file posts, and more, have never been in error and/or bad advice by BlueStrat (756137) on Wednesday June 21, 2017
I support APK's stand on the hosts file and can't see why it's not used more than it is. My hosts file is 144247 lines long (4,332 Kb) it & a firewall serves me very well - by Trax3001BBS (2368736)
ABP is insufficient as a solid hosts file does everything APK reminds us about fast turtle September 17 2013
You need APK's hosts file - by Teun (17872) on Wednesday August 06, 2014
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience in this context. Of course, your phone has to be rooted, which isn't the case with Firefox + adblock." - by chihowa on Saturday May 16, 2015
APK solution STILL relevant Thud457 June 11 2015
In a footnote, I would like to note that I find your hosts file admirable - by vel-ex-tech (4337079) on Tuesday November 24, 2015
APK's monolithic hosts file is looking pretty good at the moment - by Culture20 on Thursday November 17
you're right about hosts files - by drinkypoo (153816) on Thursday May 26
APK, I know people give you a lot of shit regarding hosts, but please don't ever stop - by nasredin (958927) on Friday June 12, 2015 @03:34PM
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
APK is kinda right... I've given up on JS based adblocking and gone to blackholing in /etc/hosts, just like it was back in the 90s. The computational load has gotten intolerable for any ad-blocking using JS. I've tried his hosts file generating software. It works. - by bmo (77928) on Thursday October 15, 2015
get around to 'installing' a hosts file list, not sure which one, likely the one from someonewhocares.org. If it works as well as what I used for a while about ten years ago, I'll be happy. And grateful to APK for the lesson and the reminder. - by kermidge (2221646) on Wednesday March 27
I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster. - by gl4ss (559668) on Thursday November 17
dammit MS, you proved APK right about something by lgw
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature - More coming... apk
(APK) is still right a hosts file really does work. It even blocked a some of the video ads that were inserted into a stream OrangeTide February 10 2016
the Host File Engine performs exactly as promised - by mmell (832646) on Thursday February 16, 2017
I do use APK's host file on all my systems at home by OrangeTide December 01 2017
I've never tried to belittle (APK's work), I've flat out said it's good - by BronsCon (927697) on Thursday February 11, 2016 @06:48PM (#51491263)
(Toss on 100,000++ users worldwide too!)
* For the Win32/64 model!
APK
P.S.=> Linux model's faster/more efficient + BETTER merge feature... apk
HILARIOUS u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU have ISSUES, lunatic.
See subject & that's the "best ya got"? It proves You WISH you were ME (as your POOR imitation = the sincerest form of flattery).
* LASTLY - the ONLY time you start IMPERSONATING me vs. STALKING me by UNIDENTIFIABLE anon posts is WHEN YOU ARE OUT OF "downmodpoints" I can easily NULLIFY by REPOSTING my posts RUNNING YOU DRY of them after you ABUSE them - I must've already, lol!
APK
P.S.=> I know WHY you do it though (out of "butthurt angst", lol): I've BLOWN YOU AWAY so many times under your MANY alter-ego SOCKPUPPET /. accounts FAKENAMES you're out for "revenge" only to have EGG ON YOUR FACE yet again... apk
I'm using Google [Cute cat GIF!!!] Chrome right now and I've [~~~ BUY XBOX ONE TODAY! ~~~] never had problems with [~~~You won't believe which celebrities use teeth whitener! ~~~] any of the 124 extensions I installed.
#DeleteFacebook
"We take your privacy seriously."
Sorry, our motto is missing a period. It should read:
"We take your privacy. Seriously."
#DeleteFacebook
Let's not forget these apps are flourishing in a Google-built ecosystem.
The surprising thing is that two thirds of them DON'T spend their time harvesting every bit of information they can from devices owned by you, your family, your friends, your workmates and probably every person you have had a random encounter with over the last six months.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
What extensions do you use that wouldn't require access to the whole page?
This. The whole POINT of running the few extensions I do is that I want them to be functional on any site I visit, and thus I have to trust them well enough to have access to all of my browsing data.
- uBlock Origin: absolutely essential for browsing these days, and I trust Raymond Hill. You just have to be careful of the various clones/forks out there, which are often NOT trustworthy.
- Noscript: Just as essential. I don't know much about the developer, but from what I've seen I do know that the community can vouch for them.
- Greasemonkey: Used to load a few scripts that I wrote myself, as well as some scripts from people I know personally, to change the functionality of some very specific pages.
- LastPass: Eh, I'm a bit leery of this one, but it's widespread enough that if there's some major privacy breech, I hope that news would spread quickly.
What extensions do you use that wouldn't require access to the whole page?
Permissions are more than just access to the whole page. Host permissions, API permissions, permissions per tab, clipboard access, storage access, cookie access, etc. Relatively few extensions need access to all of these and few bother to ask.
I actually like that there is a lot of choices or overlap for ad blockers, javascript blockers, etc.
Sure but 120,000 choices? Let's keep it real. That's not choices, that's spam.
I agree that there is a ridiculous number of extensions but I'm not forced to install them.
Not the point. The point is that there is no reason for most of these to even exist unless a LOT of them are malware of one form or another.
See subject: APK Hosts File Engine 1.0++ 64-bit for MacOS h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r M a c O S . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!
* ONLY 1 of its kind in GUI 4 MacOS!
(Better vs. Windows model in speed/efficiency)
APK
P.S.=> Protects against ALL known & unknown vulnerabilities. Now supports port filters in hosts. My work is world-class & China copied it because they can't do better. I am God's gift to Slashdot... apk
See subject: APK Hosts File Engine 1.0++ 64-bit for MacOS h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r M a c O S . z i p
Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!
Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!
* ONLY 1 of its kind in GUI 4 MacOS!
(Better vs. Windows model in speed/efficiency)
APK
P.S.=> Protects against ALL known & unknown vulnerabilities. Now supports port filters in hosts. My work is world-class & China copied it because they can't do better. I am God's gift to Slashdot... apk
MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen in my work https://news.slashdot.org/comm...
HILARIOUS u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU have ISSUES, lunatic.
See subject & that's the "best ya got"? It proves You WISH you were ME (as your POOR imitation = the sincerest form of flattery).
* LASTLY - the ONLY time you start IMPERSONATING me vs. STALKING me by UNIDENTIFIABLE anon posts is WHEN YOU ARE OUT OF "downmodpoints" I can easily NULLIFY by REPOSTING my posts RUNNING YOU DRY of them after you ABUSE them - I must've already, lol!
APK
P.S.=> I know WHY you do it though (out of "butthurt angst", lol): I've BLOWN YOU AWAY so many times under your MANY alter-ego SOCKPUPPET /. accounts FAKENAMES you're out for "revenge" only to have EGG ON YOUR FACE yet again... apk
MacOS model's not done: Stop IMPERSONATING me lying & proof portfilter err's can't happen in my work https://news.slashdot.org/comm...
HILARIOUS u ADMIT u have a /. acct & STALK me by UNIDENTIFIABLE ac https://hardware.slashdot.org/... - YOU have ISSUES, lunatic.
See subject & that's the "best ya got"? It proves You WISH you were ME (as your POOR imitation = the sincerest form of flattery).
* LASTLY - the ONLY time you start IMPERSONATING me vs. STALKING me by UNIDENTIFIABLE anon posts is WHEN YOU ARE OUT OF "downmodpoints" I can easily NULLIFY by REPOSTING my posts RUNNING YOU DRY of them after you ABUSE them - I must've already, lol!
APK
P.S.=> I know WHY you do it though (out of "butthurt angst", lol): I've BLOWN YOU AWAY so many times under your MANY alter-ego SOCKPUPPET /. accounts FAKENAMES you're out for "revenge" only to have EGG ON YOUR FACE again... apk