[ThePhysicist]

In 2016 we proved that the owner of "Web of Trust" was exfiltrating and illegally selling clickstream data to anyone who would pay. For Germany alone the data contained the browing information of more than three million people, often revealing highly intimate and sensitive details about their lives. Still, Chrome and Firefox reinstated the extension after less than four weeks, and to this day it keeps collecting clickstream data. It does so using dark patterns and I'm sure most of the users are not aware that a free extension they use to increase their safety while surfing the web surreptitiously sells their browsing data.

If the main selling point of your browser or OS is that you protect the privacy of your users you simply can't act like that, because most users are not aware of the data collection that is happening via these extensions.

With mobile apps we're in a similar situation, companies like X-Mode exfiltrate and sell location data via apps that claim to protect your privacy. Desktop software: Same story. Anti-virus software that is supposed to protect you actually exfiltrates personal data from your computer.

So yeah if you build an open platform there will be such abuse, but if you position yourself as a champion for privacy you simply can't allow that (or at least you should try to make it more difficult).

There are simple counter-measures that browser vendors could employ: Showing users how much data a given extension sends to a backend and ideally making that data transparent would be enough to stop most of these practices, because people would then realize that their free screenshot app somehow sends every single URL they open to a backend service. Right now this can happen entirely without the knowledge of the user. You can't control what you cannot see and understand.

[edjroot]

> Showing users how much data a given extension sends to a backend and ideally making that data transparent would be enough to stop most of these practices

Exactly! I find it abhorrent that not even Firefox has something straightforward like that as a “first-class” feature. Most of the extensions I use shouldn't need to communicate with any server at all to begin with, so having to just trust the author's words or manually audit the code on every update (or stop them altogether) and maybe fork the project (if that's even possible)... Doesn't make sense.

The one thing I'm aware of that these extensions could do to sidestep such a mechanism is to inject scripts on pages that then exfiltrate your data, but injection could also be blocked, and as a last resort I trust uMatrix would have me covered ;)

[sergeykish]

I am outsider interested in this topic, it would be great if you provided some links. I've found Web of Trust addon [1] and its Privacy Policy [2]:

> Automatically Collected Information

> Internet Protocol Address (trimmed to permanently remove specific location information other than country, city & postal code); device type; operating system and browser; Search engine results page (keyword, order/index of results, link of result, title, description, ads); web pages visited and time stamp of the visit; display ads; and WOT user ID.

That is awful [3] but that's what almost every web page wants to do. Privacy Respecting browser should not run javascript, ignore cookie, and block non 1st party resources. That's what my browser does. But this is not where consensus lies.

As I understand Mozilla allows to collect information if it is defined in Privacy Policy. It would be great to have badge "Collects Information".

[1] https://addons.mozilla.org/en-US/firefox/addon/wot-safe-brow...

[2] https://www.mywot.com/privacy

[3] https://www.pcmag.com/news/web-of-trust-browser-extension-ca...

[ThePhysicist]

Here's a talk from 33C3: https://media.ccc.de/v/33c3-8034-build_your_own_nsa

The data under "web pages visited and time stamp of the visit" is your clickstream data (you can check which data the extension sends using the network tab in the extension developer tools, though some extensions go to great lenghts to obfuscate it).

[sergeykish]

Danke schön. Schade, aber mein Deutsch ist nicht so gut.

Most of the users live in Privacy Nightmare and accept it. They also run closed source OS and applications. The truth is privacy has a cost - monetary (Apple ecosystem) or time/experience (Linux etc).

Apple can hire maintainers, Linux users can become maintainers. Those who live in free as beer land has free as beer support.

[ThePhysicist]

There's an English translation available btw!

[PeterisP]

The initial part perhaps falls into the widely accepted consensus of monitoring usage, but an extension collecting all"web pages visited and time stamp of the visit" crosses the boundary to totally unacceptable.

[U8dcN7vx]

Keep in mind that almost everything that is free is because you will be its product.