User:Basicotter1919: Difference between revisions

(2 intermediate revisions by 2 users not shown)

Line 9:

In February 2019<ref name=":0">{{Cite web |last=Goodin |first=Dan |date=2019-07-18 |title=My browser, the spy: How extensions slurped up browsing histories from 4M users |url=https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/ |url-status=live |website=Ars Technica}}</ref>, Sam Jadali begins investigating suspicious browser extensions and the developers behind them. Over time he would find eight browser extensions, primarily for Chromium-based browsers, to be collecting sensitive data from unsuspecting users, which would then be sold for profit.<ref>{{Cite web |title=DataSpii |url=https://dataspii.com/ |url-status=live |website=dataspii.com}}</ref> This would compromise the private data of as many as 4 million Chrome and Firefox users. Also impacted were companies such as Bank of America, AT&T, and even the Pentagon.<ref>{{Cite web |last=Jadali |first=Sam |date=2019-12-05 |title=Tweet by Sam Jadali |url=https://x.com/sam_jadali/status/1202691665451864064 |website=X}}</ref> Each extension, as he reported them for their suspicious activity, would be removed from the Chrome Web store. However data collection '''continued for months after this'''. It's only in early July, when Google remotely disabled the extensions, that the data collection finally stopped.<ref name=":0" /> Though the disabled extensions had a notice saying, "This extension violates the Chrome Web Store policy.", the notice said nothing of the data collection or the selling of said data. At the same time the extensions could be forcibly re-enabled.<ref name=":0" />

In a statement responding to contact by Kate O'Flaherty, a cybersecurity and privacy journalist, a Google spokesperson says: "We want Chrome extensions to be safe and privacy-preserving, and detecting policy violations is essential to that effort."<ref>{{Cite web |last=O'Flaherty |first=Kate |date=2019-07-19 |title=Data Leak Warning Issued To Millions Of Google Chrome And Firefox Users |url=https://www.forbes.com/sites/kateoflahertyuk/2019/07/19/data-leak-warning-issued-to-millions-of-google-chrome-and-firefox-users/ |url-status=live |access-date=2025-11-22 |website=Forbes}}</ref> The spokesperson went on to mention, referring to Manifest V3, changes to extensions that "will mitigate or prevent this behavior," and "new policies that improve user privacy." Sam Jadali disagreed that Manifest V3 would make any meaningful change. <ref name=":1">{{Cite web |last=Miagkov |first=Alexei |last2=Gillula |first2=Jeremy |last3=Cyphers |first3=Bennett |date=2019-07-31 |title=Google’s Plans for Chrome Extensions Won’t Really Help Security |url=https://www.eff.org/deeplinks/2019/07/googles-plans-chrome-extensions-wont-really-help-security |url-status=live |access-date=2025-11-22 |website=EFF}}</ref> This is because Manifest V3 doesn't make changes to how "content scripts" work, or how extensions are allowed to observe data. According to the EFF, "The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code."<ref name=":1" />

In a statement responding to contact by Kate O'Flaherty, a cybersecurity and privacy journalist, a Google spokesperson says: "We want Chrome extensions to be safe and privacy-preserving, and detecting policy violations is essential to that effort."<ref>{{Cite web |last=O'Flaherty |first=Kate |date=2019-07-19 |title=Data Leak Warning Issued To Millions Of Google Chrome And Firefox Users |url=https://www.forbes.com/sites/kateoflahertyuk/2019/07/19/data-leak-warning-issued-to-millions-of-google-chrome-and-firefox-users/ |url-status=live |access-date=2025-11-22 |website=Forbes}}</ref> The spokesperson went on to mention, referring to Manifest V3, changes to extensions that "will mitigate or prevent this behavior," and "new policies that improve user privacy." Sam Jadali disagreed that Manifest V3 would make any meaningful change. <ref name=":1">{{Cite web |last=Miagkov |first=Alexei |last2=Gillula |first2=Jeremy |last3=Cyphers |first3=Bennett |date=2019-07-31 |title=Google’s Plans for Chrome Extensions Won’t Really Help Security |url=https://www.eff.org/deeplinks/2019/07/googles-plans-chrome-extensions-wont-really-help-security |url-status=live |access-date=2025-11-22 |website=EFF}}</ref> This is because Manifest V3 doesn't make changes to how "content scripts" work, or how extensions are allowed to observe data.<ref name=":1" /> According to the EFF, "The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code."<ref name=":1" />

@@ Line 9: / Line 9: @@
 In February 2019<ref name=":0">{{Cite web |last=Goodin |first=Dan |date=2019-07-18 |title=My browser, the spy: How extensions slurped up browsing histories from 4M users |url=https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/ |url-status=live |website=Ars Technica}}</ref>, Sam Jadali begins investigating suspicious browser extensions and the developers behind them. Over time he would find eight browser extensions, primarily for Chromium-based browsers, to be collecting sensitive data from unsuspecting users, which would then be sold for profit.<ref>{{Cite web |title=DataSpii |url=https://dataspii.com/ |url-status=live |website=dataspii.com}}</ref> This would compromise the private data of as many as 4 million Chrome and Firefox users. Also impacted were companies such as Bank of America, AT&T, and even the Pentagon.<ref>{{Cite web |last=Jadali |first=Sam |date=2019-12-05 |title=Tweet by Sam Jadali |url=https://x.com/sam_jadali/status/1202691665451864064 |website=X}}</ref>  Each extension, as he reported them for their suspicious activity, would be removed from the Chrome Web store. However data collection '''continued for months after this'''. It's only in early July, when Google remotely disabled the extensions, that the data collection finally stopped.<ref name=":0" /> Though the disabled extensions had a notice saying, "This extension violates the Chrome Web Store policy.", the notice said nothing of the data collection or the selling of said data. At the same time the extensions could be forcibly re-enabled.<ref name=":0" />
-In a statement responding to contact by Kate O'Flaherty, a cybersecurity and privacy journalist, a Google spokesperson says: "We want Chrome extensions to be safe and privacy-preserving, and detecting policy violations is essential to that effort."<ref>{{Cite web |last=O'Flaherty |first=Kate |date=2019-07-19 |title=Data Leak Warning Issued To Millions Of Google Chrome And Firefox Users |url=https://www.forbes.com/sites/kateoflahertyuk/2019/07/19/data-leak-warning-issued-to-millions-of-google-chrome-and-firefox-users/ |url-status=live |access-date=2025-11-22 |website=Forbes}}</ref> The spokesperson went on to mention, referring to Manifest V3, changes to extensions that "will mitigate or prevent this behavior," and "new policies that improve user privacy." Sam Jadali disagreed that Manifest V3 would make any meaningful change. <ref name=":1">{{Cite web |last=Miagkov |first=Alexei |last2=Gillula |first2=Jeremy |last3=Cyphers |first3=Bennett |date=2019-07-31 |title=Google’s Plans for Chrome Extensions Won’t Really Help Security |url=https://www.eff.org/deeplinks/2019/07/googles-plans-chrome-extensions-wont-really-help-security |url-status=live |access-date=2025-11-22 |website=EFF}}</ref> This is because Manifest V3 doesn't make changes to how "content scripts" work, or how extensions are allowed to observe data. According to the EFF, "The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code."<ref name=":1" />
+In a statement responding to contact by Kate O'Flaherty, a cybersecurity and privacy journalist, a Google spokesperson says: "We want Chrome extensions to be safe and privacy-preserving, and detecting policy violations is essential to that effort."<ref>{{Cite web |last=O'Flaherty |first=Kate |date=2019-07-19 |title=Data Leak Warning Issued To Millions Of Google Chrome And Firefox Users |url=https://www.forbes.com/sites/kateoflahertyuk/2019/07/19/data-leak-warning-issued-to-millions-of-google-chrome-and-firefox-users/ |url-status=live |access-date=2025-11-22 |website=Forbes}}</ref> The spokesperson went on to mention, referring to Manifest V3, changes to extensions that "will mitigate or prevent this behavior," and "new policies that improve user privacy." Sam Jadali disagreed that Manifest V3 would make any meaningful change. <ref name=":1">{{Cite web |last=Miagkov |first=Alexei |last2=Gillula |first2=Jeremy |last3=Cyphers |first3=Bennett |date=2019-07-31 |title=Google’s Plans for Chrome Extensions Won’t Really Help Security |url=https://www.eff.org/deeplinks/2019/07/googles-plans-chrome-extensions-wont-really-help-security |url-status=live |access-date=2025-11-22 |website=EFF}}</ref> This is because Manifest V3 doesn't make changes to how "content scripts" work, or how extensions are allowed to observe data.<ref name=":1" /> According to the EFF, "The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code."<ref name=":1" />
 <references />