Is Your Chrome Browser Spying on You?
Many internet users have Google Chrome as their default browser. They enjoy the fast loading times, minimalist interface, website development toolkit, and trusted company behind the whole operation. Because Google is widely known as a privacy-friendly company, users may assume that the Chrome browser is entirely safe to use.
However, a new research paper published by Precog IIT-Delhi found otherwise. Although Google claims to ensure browser extensions in their extension library are free of spyware, the research paper concluded that at least 218 published browser extensions contained various types of spyware. This may come as a shock to users who assumed that their personal data was safe while using the Chrome browser.
While the research paper did not publish the exact extensions that contain spyware, it did mention that two out of the top ten app publishers had included spyware in their browser extensions. Some of this spyware includes browser history leakage, in which the extension pushes all of the user’s browsing history and other internet behavior to a private document. This includes social media posts. These browser extensions likely used successful Digital Marketing Schemes to rise to the top of the extension library.
Some of the more benign spyware includes geolocation monitoring. This information is then sold to Digital Marketing Company so they can display more relevant advertising to users, and therefore get more clicks than they would otherwise. Some people may argue that this is necessary to continue the online economy, while other users may believe this is an invasion of privacy, especially because these go against Google’s Terms of Service.
Perhaps the worst type of spyware found in these apps was the gathering of social media tokens. These are essentially privately stored pieces of data that allow anyone to log into users’ social media accounts without knowing the password. It allows more unscrupulous advertisers to illegally use their victims’ Facebook, Instagram, and other accounts to post links to products they are selling or scams. Using clever website development tricks, they can even link to phishing pages from trusted accounts in order to steal passwords for various services.
You may be wondering how you can defend against these extensions. Fortunately, Google offers a list of permissions that each extension requires. The permissions that were frequently associated with spying extensions include: “accessing user information”, “storing user information”, and “sending user information”. Perhaps one of the scariest parts is that only 12 out of the 218 extensions had been formally reported or had mentions of spyware in their reviews. That means that more than 94% of these extensions are still operating undetected.
If you use Google Chrome as your main web browser and have any extensions installed, you may want to think twice before opening it up and accessing any sensitive information.