We are all in unanimous agreement that browser extensions are amazing, correct?  From adblockers to password lockers/ random password generators, browser extensions, also called add-ons, are too good to stop using.

Well, not all extensions and add-ons are amazing.  Sure, you got your top-tier extensions like uBlock and LastPass, but you also have some bad extensions.  I’m talking useless, almost-malware extensions.

Of these, 8 extensions have been found to have been responsible for one, giant data leak that has occurred the past week.  Have you used these?  Are you at risk?  Did you sell your soul to Google for a cool shopping extension?  Find out the answers on this week’s episode of “Whodunnit?”

Eight New Fears

Cybersecurity expert Sam Jadali and his team discovered a data leak that consisted of information from eight browser extensions from both Chrome and Firefox.  These extensions are as follows:

  • HoverZoom – Allowed zooming in of images on websites like Amazon.
  • Fairshare Unlock – Used to bypass security for premium content (Netflix, Hulu, etc.)
  • Branded Surveys – Found surveys for extra cash.
  • SpeakIt! – Allowed text-to-speech for most websites.
  • Panel Community Surveys –Found surveys for money.
  • PanelMeasurement – Used to find market surveys for extra money.
  • net Helper – Enabled downloading of content from YouTube, Soundcloud, etc.
  • SuperZoom – Same purpose as HoverZoom; was removed earlier this year.

To sum it all up, you have three survey extensions, two zooming tool extensions, a text-to-speech extension, illegal extensions, and a technically-legal extension.  Not the most trustworthy extensions in the first place, but they apparently had a sizable userbase, especially SpeakIt!,  which had over 1.4 million users.

All in all, over 4 million users are a victim of this data leak.  4 million. Are that many people looking for surveys?  A content mill offers better money, and they’re a lot less sketchy than a random market survey for homeowners.

Setting New Standards

When Digital Trends confronted Google about the leak, they responded by saying that “We want Chrome extensions to be safe and privacy-preserving and detecting policy violations is essential to that effort.”  You know, your generic corporate response.

However, I can’t discredit Google too much.  Last October, they gave users more control of what data browser extensions can access.  Google seems to be on top of the risks that extensions present.  What about Mozilla?

Mozilla responded by saying that they will be offering a personally-curated list of “Recommended Extensions” that are secure and safe to use.

It’s something, but hopefully, Mozilla will take more strides to vet all their extensions instead of simply offering users a list.  I’m not mad Mozilla, I’m just disappointed.

If you can’t trust a regular browser or the extensions on it, Tor is always the safest, most private browser to go for. For even better security and private, connect to a VPN before opening the browser. That way you are practically anonymous.

Starting from Scratch

Mozilla and Google have taken down the extensions, sparing others from the wrath of market surveys.  Oh, and data leaks.  That’s important, too.

Perhaps the scariest thing about this data leak is the fact that disabling them didn’t stop the extensions from tracking your data, a feature of the extensions that Jadali found.

This story highlights the dangers our privacy faces on the Internet, but that tidbit, in particular, is the true story.  Until Jadali went and actively looked for signs of data tracking—something that 95% of users don’t care about doing—he thought that disabling the extensions removed the tracking feature.

The point of that tidbit is just how easy it is to snoop on someone’s data.  All you need is the proper program or extension, and you can let it rip.  The average user won’t know!  The average user can’t tell!  All they know is that they can rake in some side money due to owning 2+ cars since a lot of surveys revolve around those cars.

Who knows what other extensions present a danger?  Maybe some of those password lockers are designed to archive your passwords for illegal use.  Maybe your adblocker is actually malware that’s good at its job.  It’s part of the world’s shortest horror story: we don’t know.