Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
tuckner Profile picture
tuckner
@tuckner
Finding bad software extensions at https://t.co/dhLUjMRP1I

Feb 11, 5 tweets

This report contains 287 browser extensions tracking 37 million+ users. These were identified using methodology of sandboxing extensions, automatically browsing to URLs, and measuring a data ratio transferred. Real companies, fake services, well established, it's a mixed bag.

For many of these extensions, it isn't just an incidental leak that might be tracking your browsing session. They add methods to encrypt payloads before sending to their callback services.

Others abuse well known services like Google Analytics as an exfil destination. What should likely only be approved for extension usage analytics ends up capturing full browsing behaviors.

We've identified ~12 of these by the same publisher which has a history of buying extensions and adding tracking behaviors to them. These ownership transfer events have been included in @secureannex for over a year.

The full list below. Browsing tracking can be a grey area, but obviously poor for user privacy. What is clear is how pervasive it can be in extensions that advertise 'ad blocking', 'mouse gestures', 'chatgpt sidebars' and other benefits.

github.com/qcontinuum1/sp…

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling