[KoftaBob]

"Still, I was astonished to discover that Amazon built the perfect machinery to let them track any Amazon Assistant user or all of them: what they view and for how long, what they search on the web, what accounts they are logged into and more.

Amazon could also mess with the web experience at will and for example hijack competitors’ web shops. Amazon Assistant log with a borg eye Image credits: Amazon, nicubunu, OpenClipart

Mind you, I’m not saying that Amazon is currently doing any of this."

This goes for any browser extension you install if you don't limit which websites it's allowed to read data from.

In both the title and beginning paragraph, the author essentially describes the privacy risks that would apply to any browser extension, but words it in a way that implies Amazon is actively abusing those privacy holes, before finding any evidence for it.

I really wish people would stop giving views to blatantly manipulative and slimy clickbait like this.

[palant]

You could also read the article before commenting. It’s one thing when an extension could do something but its code can be inspected to verify that it doesn’t. It’s an entirely different thing if it delegates its privileges to a web service that could do anything and that nobody can inspect.

Note: I’m the author of this article.

[KoftaBob]

I stand corrected, I must not have read the article carefully enough my apologies!

[bagacrap]

This distinction seems somewhat meaningless in practice. Are you going to audit every line of every extension you install, assuming it's all local code? And are you going to do this again every time it's (automatically) updated?

[alisonkisk]

Yes. This is exactly what happened with Great Suspender, which led to Google being succesfully pressured to ban it.

[scubazealous]

This is a greater issue with the extension/app ecosystem.

This morning I wanted to find a android app which would help me time exercises, specifically planking.

It should be simple, set up countdown times for front and each side with 5 second breaks in between, playing a tone to let me know when I can move on or I am done with the exercise.

I looked through at least the top 20 apps on the play store and all of them require at least full network access and to run at startup. Many were so invasive as to request location and to be able to record audio and take pictures.

Being able to monetize these apps is an important thing for developers but it is becoming a real problem I do not see getting any better soon.

[bobthepanda]

Stronglifts has a nice app that I don’t remember being overly intrusive. I just wish it were easier to use for other lifting programs.

[tantalor]

> before finding any evidence for it

Did you see the screenshot with the Amazon ad popup obscuring Google ads?

[mritun]

You mean the screenshot that shows a browser window just about 400px wide in which page content is forced behind the notification window?

Yeah. I saw that too.

Disclosure: I work for Amazon but not anywhere close to the browser plugin team(s).

[palant]

That’s actually legitimate functionality of this extension. :-)

Note: I am the author of this article.

[tantalor]

Covering up your competitors ads with your own sounds a lot like "mess with the web experience at will and for example hijack competitors’ web shops".

Disclaimer: I work for Google Shopping, but not the ads part :)

[palant]

The whole extension is all about “let’s see when customers go to competition and try to bring them back.” That’s rather shady but it’s exactly the advertised functionality. And I’ve already got the first comment on the blog essentially saying “I don’t care what else they do, this extension gives great suggestions and I love that.” :-)

[alisonkisk]

Yes, but that part is with user consent, so it's an attack on Google and their partners, not an attack on the user.