Browser extension AI chat exfiltration: Difference between revisions

(One intermediate revision by one other user not shown)

Line 89:

===Big Star Labs LP===

Big Star Labs LP is the publisher of Poper Blocker & CrxMouse. Arnott observed Poper Blocker exfiltrating ~~URLs~~ with character-mapping obfuscation & gated AI-chat scraping that activated after a 24-hour user-ID age, & observed CrxMouse exfiltrating URLs with base64 obfuscation & carrying the same remote-config infrastructure, however Arnott did not observe CrxMouse explicitly exfiltrating AI-chats during the period of testing.<ref name="aibp-wall" /> A name match exists with a 2018 AdGuard investigation by Andrey Meshkov, which documented a Delaware-registered ''"Big Star Labs"'' entity whose Chrome extensions & mobile apps were collecting browsing histories from more than 11 million users; AdGuard noted that ''"Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren't publicized."''<ref name="adguard">{{Cite web |url=https://adguard.com/en/blog/big-star-labs-spyware.html |title=Big Star Labs Spyware Campaign |last=Meshkov |first=Andrey |work=AdGuard Blog |date=July 24, 2018 |access-date=May 29, 2026}}</ref> Whether the 2026 ''"Big Star Labs LP"'' is the same legal entity is not established in cited sources; only the name match is.

Big Star Labs LP is the publisher of Poper Blocker & CrxMouse. Arnott observed Poper Blocker exfiltrating URLS<ref>{{Cite web |last=AmIBeingPwned |title=Poper Blocker URL + AI Chat Exfiltration |url=https://www.youtube.com/watch?v=jtExgNjBGMo |url-status=live |website=YouTube}}</ref> with character-mapping obfuscation & gated AI-chat scraping that activated after a 24-hour user-ID age, & observed CrxMouse exfiltrating URLs with base64 obfuscation & carrying the same remote-config infrastructure, however Arnott did not observe CrxMouse explicitly exfiltrating AI-chats during the period of testing.<ref name="aibp-wall" /> A name match exists with a 2018 AdGuard investigation by Andrey Meshkov, which documented a Delaware-registered ''"Big Star Labs"'' entity whose Chrome extensions & mobile apps were collecting browsing histories from more than 11 million users; AdGuard noted that ''"Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren't publicized."''<ref name="adguard">{{Cite web |url=https://adguard.com/en/blog/big-star-labs-spyware.html |title=Big Star Labs Spyware Campaign |last=Meshkov |first=Andrey |work=AdGuard Blog |date=July 24, 2018 |access-date=May 29, 2026}}</ref> Whether the 2026 ''"Big Star Labs LP"'' is the same legal entity is not established in cited sources; only the name match is.

===Owned it Ltd===

Line 120:

Arnott also documented a direct contradiction between the privacy disclosures of the Stylish extension & its Chrome Web Store listing. The Stylish privacy policy, per his reading, explicitly states the publisher sells personal data; the Chrome Web Store listing's larger-font homepage text states that the publisher does not sell personal data; & the Chrome Web Store's approved-use-cases policy itself prohibits the sale of user data.<ref name="aibp-stylish" />

File:Stylish_privacy_policy_categories_sold.png|Stylish (userstyles.org) privacy policy: section headed ''CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT, DISCLOSE, AND SELL'', with the categories itemised in the table below.

File:Stylish_privacy_policy_categories_sold.png|Stylish (userstyles.org) privacy policy, section headed ''CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT, DISCLOSE, AND SELL'', with the categories itemised in the table below. Verify at the source:<ref name="stylish-pp">{{Cite web |url=https://web.archive.org/web/20260216111355/https://userstyles.org/privacy-policy |title=Privacy Policy |work=userstyles.org (Similarweb Ltd) |date=February 16, 2026 |access-date=May 31, 2026 |archive-url=https://web.archive.org/web/20260216111355/https://userstyles.org/privacy-policy |archive-date=February 16, 2026}}</ref>

File:Stylish_chrome_web_store_data_not_sold.png|Stylish Chrome Web Store listing: larger-font block headed ''This developer declares that your data is'', first bullet ''Not being sold to third parties, outside of the approved use cases''.

File:Stylish_chrome_web_store_data_not_sold.png|Stylish Chrome Web Store listing, larger-font block headed ''This developer declares that your data is'', first bullet ''Not being sold to third parties, outside of the approved use cases''. Verify at the source:<ref name="cws-stylish-privacy">{{Cite web |url=https://chromewebstore.google.com/detail/stylish-custom-themes-for/fjnbnpbmkenffdnngjfgmeleoegfcffe |title=Stylish - Custom themes for any website (privacy disclosure block) |work=Chrome Web Store |access-date=May 31, 2026}}</ref>

</gallery>

@@ Line 89: / Line 89: @@
 ===Big Star Labs LP===
-Big Star Labs LP is the publisher of Poper Blocker & CrxMouse. Arnott observed Poper Blocker exfiltrating URLs with character-mapping obfuscation & gated AI-chat scraping that activated after a 24-hour user-ID age, & observed CrxMouse exfiltrating URLs with base64 obfuscation & carrying the same remote-config infrastructure, however Arnott did not observe CrxMouse explicitly exfiltrating AI-chats during the period of testing.<ref name="aibp-wall" /> A name match exists with a 2018 AdGuard investigation by Andrey Meshkov, which documented a Delaware-registered ''"Big Star Labs"'' entity whose Chrome extensions & mobile apps were collecting browsing histories from more than 11 million users; AdGuard noted that ''"Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren't publicized."''<ref name="adguard">{{Cite web |url=https://adguard.com/en/blog/big-star-labs-spyware.html |title=Big Star Labs Spyware Campaign |last=Meshkov |first=Andrey |work=AdGuard Blog |date=July 24, 2018 |access-date=May 29, 2026}}</ref> Whether the 2026 ''"Big Star Labs LP"'' is the same legal entity is not established in cited sources; only the name match is.
+Big Star Labs LP is the publisher of Poper Blocker & CrxMouse. Arnott observed Poper Blocker exfiltrating URLS<ref>{{Cite web |last=AmIBeingPwned |title=Poper Blocker URL + AI Chat Exfiltration |url=https://www.youtube.com/watch?v=jtExgNjBGMo |url-status=live |website=YouTube}}</ref> with character-mapping obfuscation & gated AI-chat scraping that activated after a 24-hour user-ID age, & observed CrxMouse exfiltrating URLs with base64 obfuscation & carrying the same remote-config infrastructure, however Arnott did not observe CrxMouse explicitly exfiltrating AI-chats during the period of testing.<ref name="aibp-wall" /> A name match exists with a 2018 AdGuard investigation by Andrey Meshkov, which documented a Delaware-registered ''"Big Star Labs"'' entity whose Chrome extensions & mobile apps were collecting browsing histories from more than 11 million users; AdGuard noted that ''"Every document that contains the company name is an image (in other words, you cannot simply Google their name), they use different accounts in extension stores, and the domain owners aren't publicized."''<ref name="adguard">{{Cite web |url=https://adguard.com/en/blog/big-star-labs-spyware.html |title=Big Star Labs Spyware Campaign |last=Meshkov |first=Andrey |work=AdGuard Blog |date=July 24, 2018 |access-date=May 29, 2026}}</ref> Whether the 2026 ''"Big Star Labs LP"'' is the same legal entity is not established in cited sources; only the name match is.
 ===Owned it Ltd===
@@ Line 120: / Line 120: @@
 Arnott also documented a direct contradiction between the privacy disclosures of the Stylish extension & its Chrome Web Store listing. The Stylish privacy policy, per his reading, explicitly states the publisher sells personal data; the Chrome Web Store listing's larger-font homepage text states that the publisher does not sell personal data; & the Chrome Web Store's approved-use-cases policy itself prohibits the sale of user data.<ref name="aibp-stylish" />
-<gallery mode="packed" heights="280px" caption="Contradiction between the Stylish privacy policy and the Stylish Chrome Web Store listing, documented by Arnott.">
+<gallery mode="packed" heights="280px" caption="Contradiction between the Stylish privacy policy and the Stylish Chrome Web Store listing.">
-File:Stylish_privacy_policy_categories_sold.png|Stylish (userstyles.org) privacy policy: section headed ''CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT, DISCLOSE, AND SELL'', with the categories itemised in the table below.
+File:Stylish_privacy_policy_categories_sold.png|Stylish (userstyles.org) privacy policy, section headed ''CATEGORIES OF PERSONAL INFORMATION THAT WE COLLECT, DISCLOSE, AND SELL'', with the categories itemised in the table below. Verify at the source:<ref name="stylish-pp">{{Cite web |url=https://web.archive.org/web/20260216111355/https://userstyles.org/privacy-policy |title=Privacy Policy |work=userstyles.org (Similarweb Ltd) |date=February 16, 2026 |access-date=May 31, 2026 |archive-url=https://web.archive.org/web/20260216111355/https://userstyles.org/privacy-policy |archive-date=February 16, 2026}}</ref>
-File:Stylish_chrome_web_store_data_not_sold.png|Stylish Chrome Web Store listing: larger-font block headed ''This developer declares that your data is'', first bullet ''Not being sold to third parties, outside of the approved use cases''.
+File:Stylish_chrome_web_store_data_not_sold.png|Stylish Chrome Web Store listing, larger-font block headed ''This developer declares that your data is'', first bullet ''Not being sold to third parties, outside of the approved use cases''. Verify at the source:<ref name="cws-stylish-privacy">{{Cite web |url=https://chromewebstore.google.com/detail/stylish-custom-themes-for/fjnbnpbmkenffdnngjfgmeleoegfcffe |title=Stylish - Custom themes for any website (privacy disclosure block) |work=Chrome Web Store |access-date=May 31, 2026}}</ref>
 </gallery>