A popular extension downloaded more than two million times has been pulled from browser app stores after a major security issue was discovered. The app, called Stylish, was used to modify the design of websites, such as altering images, turning bright backgrounds dark, and altering unwanted elements. Unfortunately, the browser extension was also extensively tracking users’ browsing habits and uploading the data to a remote server.
The security issue was discovered by software engineer Robert Heaton, who revealed the issue on his personal website. According to the post, the Stylish browser is tracking its users’ complete browsing activity and saving the information to a server alongside a unique identifier. Via the unique identifier, the company behind Stylish can keep records of an individual user’s data.
Stylish tracks a user’s total browsing history, according to the report; if the company behind the extension wants to, it may be able to use account details with a login cookie to tie the browsing data to the individual’s actual identification. The extension was available for Google Chrome, Mozilla Firefox, and Opera, but has been deleted from the extension stores following the security issue revelation.
Though the company says it tracks anonymous data, the scraping of one’s complete browsing history can reveal the user’s identity. Someone repeatedly visiting the same Facebook profile, for example, is likely the person the profile belongs to. The issue highlights one unfortunate fact: is something is both good and free, there’s a good chance the user is the product.
SOURCE: Robert Heaton