SimilarWeb: Difference between revisions

Line 2:

|Founded=2007

|Industry=Digital market intelligence,Web analytics,Browser extensions

|Logo=SimilarWeb.png

|Logo=SimilarWeb logo.png

|ParentCompany=

|CompanyAlias=Similarweb,Similarweb Ltd.,SMWB

Line 10:

}}

'''SimilarWeb''' (legally Similarweb Ltd.) is an Israeli digital-market-intelligence company that owns two Chrome Web Store extensions independently documented exfiltrating their users' browsing data: [[Stylish (Chrome extension)|Stylish]], with roughly 2 million users, & a [[SimilarWeb (browser extension)|self-branded SimilarWeb traffic-rank extension]] with roughly 1 million users.<ref name="aibp-wos">{{Cite web |url=https://amibeingpwned.com/ai-chat-scraper-wall-of-shame/ |~~title~~=~~The AI Chat Scraping Extension Wall of Shame~~ |~~last~~=~~Arnott~~ |~~first~~=~~James~~ |~~publisher~~=~~amibeingpwned~~ |~~date~~=~~2026-05-11~~ |~~access~~-date=2026~~-05-30~~}}</ref><ref name="bc-2017">{{Cite web |url=https://www.bleepingcomputer.com/news/software/2-million-users-impacted-by-new-data-collection-policy-in-stylish-browser-add-on/ |~~title~~=~~2 Million Users Impacted by New Data Collection Policy in Stylish Browser Add-On~~ |~~last~~=~~Cimpanu~~ |~~first~~=~~Catalin~~ |~~publisher~~=~~BleepingComputer~~ |~~date~~=~~2017~~-01-04 |~~access~~-date=~~2026-05-30~~}}</ref> The company trades on the New York Stock Exchange under the ticker SMWB after a May 12, 2021 initial public offering.<ref name="smwb-ipo">{{Cite web |url=https://www.similarweb.com/corp/success-stories/similarweb-announces-closing-of-ipo/ |title=Similarweb Announces Closing of Initial Public Offering |publisher=Similarweb |date=2021-05-14 |access-date=2026-05-30}}</ref> Both extensions were classified as ''"Confirmed"'' AI-chat scrapers in security researcher James Arnott's May 11, 2026 audit, which documented chat content from ChatGPT, Claude, & Character.AI leaving users' browsers in network traffic.<ref name="aibp-wos" />

'''SimilarWeb''' (legally Similarweb Ltd.) is an Israeli digital-market-intelligence company that owns two Chrome Web Store extensions independently documented exfiltrating their users' browsing data: [[Stylish (Chrome extension)|Stylish]], with roughly 2 million users, and a [[SimilarWeb (browser extension)|self-branded SimilarWeb traffic-rank extension]] with roughly 1 million users.<ref name="aibp-wos">{{Cite web |last=Arnott |first=James |title=The AI Chat Scraping Extension Wall of Shame |url=https://amibeingpwned.com/blog/ai-chat-scraper-wall-of-shame |website=amibeingpwned |date=11 May 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://ghostarchive.org/archive/XRSUm |archive-date=2 Jun 2026}}</ref><ref name="bc-2017">{{Cite web |last=Cimpanu |first=Catalin |title=2 Million Users Impacted by New Data Collection Policy in Stylish Browser Add-On |url=https://www.bleepingcomputer.com/news/software/2-million-users-impacted-by-new-data-collection-policy-in-stylish-browser-add-on/ |website=BleepingComputer |date=4 Jan 2017 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20170627001535/https://www.bleepingcomputer.com/news/software/2-million-users-impacted-by-new-data-collection-policy-in-stylish-browser-add-on/ |archive-date=27 Jun 2017}}</ref> The company trades on the New York Stock Exchange under the ticker SMWB after a May 12, 2021 initial public offering.<ref name="smwb-ipo">{{Cite web |url=https://www.similarweb.com/corp/success-stories/similarweb-announces-closing-of-ipo/ |title=Similarweb Announces Closing of Initial Public Offering |publisher=Similarweb |date=2021-05-14 |access-date=2026-05-30}}</ref> Both extensions were classified as ''"Confirmed"'' AI-chat scrapers in security researcher James Arnott's May 11, 2026 audit, which documented chat content from ChatGPT, Claude, and Character.AI leaving users' browsers in network traffic.<ref name="aibp-wos" />

==Background==

SimilarWeb was founded in 2007 by Or Offer and is headquartered in Givatayim, Israel. Its core business sells web and app traffic intelligence to brands, investors, and publishers; a portion of the underlying panel data is sourced from a network of browser extensions, mobile applications, and user panels that the company owns or partners with.<ref name="bc-2017" />

SimilarWeb was founded in 2007 by Or Offer & is headquartered in Givatayim, Israel. Its core business sells web & app traffic intelligence to brands, investors, & publishers; a portion of the underlying panel data is sourced from a network of browser extensions, mobile applications, & user panels that the company owns or partners with.<ref name="bc-2017" />

The company priced its IPO on May 12, 2021, selling 8,000,000 ordinary shares on the New York Stock Exchange under ticker SMWB, with J.P. Morgan, Citigroup, Barclays, and Jefferies serving as joint book-running managers.<ref name="smwb-ipo" /> On May 13, 2026, the board announced that founder and CEO Or Offer would step down by mid-2027 and opened a formal succession process.<ref name="calcalist-succession">{{Cite web |author= |title=Similarweb begins CEO succession process as founder Or Offer plans to step down |url=https://www.calcalistech.com/ctechnews/article/h1nullf1mx |website=Calcalist Tech |date=13 May 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20260516110359/https://www.calcalistech.com/ctechnews/article/h1nullf1mx |archive-date=16 May 2026}}</ref>

The company priced its IPO on May 12, 2021, selling 8,000,000 ordinary shares on the New York Stock Exchange under ticker SMWB, with J.P. Morgan, Citigroup, Barclays, & Jefferies serving as joint book-running managers.<ref name="smwb-ipo" /> On May 13, 2026, the board announced that founder & CEO Or Offer would step down by mid-2027 & opened a formal succession process.<ref name="calcalist-succession">{{Cite web |url=https://www.calcalistech.com/ctechnews/article/h1nullf1mx |~~title=Similarweb begins CEO succession process as founder Or Offer plans to step down |publisher~~=Calcalist Tech |date=2026~~-05-13~~ |access-date=2026-05-30}}</ref>

==Browser extensions==

In January 2017, the then-owner of [[Stylish (Chrome extension)|Stylish]] announced a data-collection partnership tying the user-styles extension into SimilarWeb's analytics panel. At the time of the partnership, Stylish had approximately 2 million users across [[Chrome]], [[Firefox]], [[Opera]], and [[Safari]].<ref name="bc-2017" /> SimilarWeb itself was the named owner of the extension by the time Robert Heaton's July 2018 disclosure prompted Chrome and Firefox to remove it.<ref name="heaton-2018" /> The Chrome Web Store listing as of May 2026 still shows roughly 2 million users.<ref name="aibp-wos" />

In January 2017, the then-owner of [[Stylish (Chrome extension)|Stylish]] announced a data-collection partnership tying the user-styles extension into SimilarWeb's analytics panel. At the time of the partnership, Stylish had approximately 2 million users across Chrome, Firefox, Opera, & Safari.<ref name="bc-2017" /> SimilarWeb itself was the named owner of the extension by the time Robert Heaton's July 2018 disclosure prompted Chrome & Firefox to remove it.<ref name="heaton-2018" /> The Chrome Web Store listing as of May 2026 still shows roughly 2 million users.<ref name="aibp-wos" />

The company also distributes a self-branded [[SimilarWeb (browser extension)|SimilarWeb traffic-rank extension]] with roughly 1 million Chrome Web Store users, which serves both as a consumer-facing site-comparison tool and as a primary data-collection channel feeding SimilarWeb's panel.<ref name="aibp-wos" /> Neither extension's Chrome Web Store listing discloses, on the install page itself, the AI-chat exfiltration documented by independent researchers in 2025 and 2026.<ref name="aibp-wos" />

The company also distributes a self-branded [[SimilarWeb (browser extension)|SimilarWeb traffic-rank extension]] with roughly 1 million Chrome Web Store users, which serves both as a consumer-facing site-comparison tool & as a primary data-collection channel feeding SimilarWeb's panel.<ref name="aibp-wos" /> Neither extension's Chrome Web Store listing discloses, on the install page itself, the AI-chat exfiltration documented by independent researchers in 2025 & 2026.<ref name="aibp-wos" />

==Incidents==

This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].

===~~2018~~ Stylish data-exfiltration disclosure===

===Stylish data-exfiltration disclosure (''2018'')===

On July 2, 2018, software engineer Robert Heaton published a technical write-up showing that the SimilarWeb-owned Stylish extension was sending every URL its users visited, together with a persistent unique identifier, to <code>api.userstyles.org</code>. Heaton noted that for users who had also created a userstyles.org account, the identifier could be linked to a login cookie, tying browsing histories to real-world identities.<ref name="heaton-2018">{{Cite web |last=Heaton |first=Robert |title=Stylish browser extension steals all your internet history |url=https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ |website=Robert Heaton |date=2 Jul 2018 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20180703054616/https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ |archive-date=3 Jul 2018}}</ref> Within two days of publication, both [[Google]] and [[Mozilla]] removed Stylish from the Chrome Web Store and the Firefox add-ons store; The Register & BleepingComputer independently confirmed the removals.<ref name="heaton-2018" /><ref name="register-2018">{{Cite web |last=Chirgwin |first=Richard |title=Chrome, Firefox pull very unstylish Stylish invasive browser plugin |url=https://www.theregister.com/security/2018/07/05/chrome-firefox-pull-very-unstylish-stylish-invasive-browser-plugin/1162321 |website=The Register |date=5 Jul 2018 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20260508120025/https://www.theregister.com/security/2018/07/05/chrome-firefox-pull-very-unstylish-stylish-invasive-browser-plugin/1162321 |archive-date=8 May 2026}}</ref> A modified version was back in the Firefox add-on store by August 16, 2018 behind an opt-in startup screen.<ref name="heaton-back">{{Cite web |last=Heaton |first=Robert |title="Stylish" is back, and you still shouldn't use it |url=https://robertheaton.com/2018/08/16/stylish-is-back-and-you-still-shouldnt-use-it/ |website=Robert Heaton |date=16 Aug 2018 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20181128230120/https://robertheaton.com/2018/08/16/stylish-is-back-and-you-still-shouldnt-use-it/ |archive-date=28 Nov 2018}}</ref>

On July 2, 2018, software engineer Robert Heaton published a technical ~~writeup~~ showing that the SimilarWeb-owned Stylish extension was sending every URL its users visited, together with a persistent unique identifier, to <code>api.userstyles.org</code>. Heaton noted that for users who had also created a userstyles.org account, the identifier could be linked to a login cookie, tying browsing histories to real-world identities.<ref name="heaton-2018">{{Cite web |url=https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ |~~title~~=~~Stylish browser extension steals all your internet history~~ |~~last~~=~~Heaton~~ |~~first~~=~~Robert~~ |~~date~~=2018-07-02 |~~access~~-date=~~2026-05-30~~}}</ref> Within two days of publication, both Google & Mozilla removed Stylish from the Chrome Web Store & the Firefox add-ons store; The Register & BleepingComputer independently confirmed the removals.<ref name="heaton-2018" /><ref name="register-2018">{{Cite web |url=https://www.theregister.com/2018/07/05/~~stylish_browser_extension_dropped~~/ |~~title=Stylish browser extension dropped by Mozilla, Google over snooping |publisher~~=The Register |date=2018~~-07-05~~ |access-date=2026-05-30}}</ref> A modified version was back in the Firefox add-on store by August 16, 2018 behind an opt-in startup screen.<ref name="heaton-back">{{Cite web |url=https://robertheaton.com/2018/08/16/stylish-is-back-and-you-still-shouldnt-use-it/ |~~title="Stylish" is back, and you still shouldn't use it |last~~=Heaton ~~|first=Robert~~ |date=2018~~-08-16~~ |access-date=2026-~~05-30}}</ref> See [[Stylish (Chrome extension)]] for the full technical record.~~

=~~==2026 Stylish return & Wall of Shame===~~

On February 26, 2026, security researcher James Arnott of amibeingpwned documented that Stylish, by then carrying Chrome Web Store ''"Featured"'' & ''"Verified Publisher"'' badges, was again exfiltrating every URL its users visited, along with conversation content from AI chat sites including ChatGPT, Claude, & Character.AI. Arnott reverse-engineered a five-stage obfuscation pipeline: URL encoding, double base64 of JSON, columnar transposition, AES-256-CBC encryption with a symmetric key hardcoded in the extension source, & a final base64 wrap.<ref name="aibp-stylish-back">{{Cite web ~~|url=~~https://~~amibeingpwned~~.com/~~posts~~/stylish-is-back~~/ |title=Stylish is Back, Back again! |last=Arnott |first=James |publisher=amibeingpwned |date=2026~~-02-26 |~~access~~-date=~~2026-05-30~~}}</ref> On May 11, 2026, Arnott published an AI Chat Scraper Wall of Shame that classified Stylish as ''"Confirmed"'' with ''"Extensive"'' obfuscation, citing direct observation of chat content leaving the browser in network traffic.<ref name="aibp-wos" /> Full technical detail at [[Stylish (Chrome extension)]] & [[Browser extension AI chat exfiltration]].

~~<!-- INCIDENT_SCORE: 85 | actively confirmed; verbatim cipher chain documented; AI chat content from ChatGPT/Claude/Character.AI exfiltrated; Featured + Verified Publisher badges --~~>

===~~SimilarWeb~~-~~branded~~ extension ~~confirmed exfiltration~~===

===Stylish return and Wall of Shame (''February 2026'')===

On February 26, 2026, security researcher James Arnott of amibeingpwned documented that Stylish, by then carrying Chrome Web Store ''"Featured"'' and ''"Verified Publisher"'' badges, was again exfiltrating every URL its users visited, along with conversation content from AI chat sites including ChatGPT, Claude, and Character.AI. Arnott reverse-engineered a five-stage obfuscation pipeline: URL encoding, double base64 of JSON, columnar transposition, AES-256-CBC encryption with a symmetric key hard-coded in the extension source, and a final base64 wrap.<ref name="aibp-stylish-back">{{Cite web |last=Arnott |first=James |title=Stylish is Back, Back again! |url=https://amibeingpwned.com/blog/stylish-is-back-back-again |website=amibeingpwned |date=26 Feb 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://ghostarchive.org/archive/JTVNg |archive-date=2 Jun 2026}}</ref> On May 11, 2026, Arnott published an AI Chat Scraper Wall of Shame that classified Stylish as ''"Confirmed"'' with ''"Extensive"'' obfuscation, citing direct observation of chat content leaving the browser in network traffic.<ref name="aibp-wos" />

Arnott's May 11, 2026 Wall of Shame separately classified the self-branded SimilarWeb extension (≈1 million users, carrying a Chrome Web Store ''"Verified"'' badge) as ''"Confirmed"'' for exfiltrating AI chat content & full URLs. Arnott noted that the data collection occurs ''"even when you're not using the extension"'' & that, unlike Stylish, the SimilarWeb-branded extension applies no obfuscation to the exfiltrated payload.<ref name="aibp-wos" /> ~~See [[Browser extension AI chat exfiltration]] for cross-extension analysis & detection methodology.~~ Arnott made a video<ref>{{Cite web |~~last~~=AmIBeingPwned |title=Similarweb - URL, OpenAI JWT and AI chat exfiltration demo |url=https://www.youtube.com/watch?v=-c5Jewuqrqw |url-status=live |~~website~~=~~YouTube~~}}</ref~~> documenting the behavior.~~

===SimilarWeb-branded extension confirmed exfiltration (''May 2026'')===

~~<!-- INCIDENT_SCORE: 60 | Confirmed exfiltration of URLs + AI chat content from ~1M users; no obfuscation; classified Confirmed in May 2026 Wall of Shame --~~>

Arnott's May 11, 2026 Wall of Shame separately classified the self-branded SimilarWeb extension (≈1 million users, carrying a Chrome Web Store ''"Verified"'' badge) as ''"Confirmed"'' for exfiltrating AI chat content and full URLs. Arnott noted that the data collection occurs ''"even when you're not using the extension"'' and that, unlike Stylish, the SimilarWeb-branded extension applies no obfuscation to the exfiltrated payload.<ref name="aibp-wos" /> Arnott made a video documenting the behavior.<ref>{{Cite web |author=AmIBeingPwned |title=Similarweb - URL, OpenAI JWT and AI chat exfiltration demo |url=https://www.youtube.com/watch?v=-c5Jewuqrqw |website=[[YouTube]] |date=31 May 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://preservetube.com/watch?v=-c5Jewuqrqw |archive-date=2 Jun 2026}}</ref>

==Products==

*[[Stylish (Chrome extension)]]: User-styles extension with SimilarWeb data-collection partnership announced January 2017

*[[Stylish (Chrome extension)]]: ~~user~~-styles extension with SimilarWeb data-collection partnership announced January 2017

*[[SimilarWeb (browser extension)]]: Self-branded traffic-rank extension

*[[SimilarWeb (browser extension)]]: ~~self~~-branded traffic-rank extension

==See also==

*[[Stylish (Chrome extension)]]

*[[SimilarWeb (browser extension)]]

Line 54:

Line 45:

==References==

[[Category:SimilarWeb]]

[[Category:Browser extensions]]

[[Category:Privacy]]

@@ Line 2: / Line 2: @@
 |Founded=2007
 |Industry=Digital market intelligence,Web analytics,Browser extensions
-|Logo=SimilarWeb.png
+|Logo=SimilarWeb logo.png
 |ParentCompany=
 |CompanyAlias=Similarweb,Similarweb Ltd.,SMWB
@@ Line 10: / Line 10: @@
 }}
-'''SimilarWeb''' (legally Similarweb Ltd.) is an Israeli digital-market-intelligence company that owns two Chrome Web Store extensions independently documented exfiltrating their users' browsing data: [[Stylish (Chrome extension)|Stylish]], with roughly 2 million users, & a [[SimilarWeb (browser extension)|self-branded SimilarWeb traffic-rank extension]] with roughly 1 million users.<ref name="aibp-wos">{{Cite web |url=https://amibeingpwned.com/ai-chat-scraper-wall-of-shame/ |title=The AI Chat Scraping Extension Wall of Shame |last=Arnott |first=James |publisher=amibeingpwned |date=2026-05-11 |access-date=2026-05-30}}</ref><ref name="bc-2017">{{Cite web |url=https://www.bleepingcomputer.com/news/software/2-million-users-impacted-by-new-data-collection-policy-in-stylish-browser-add-on/ |title=2 Million Users Impacted by New Data Collection Policy in Stylish Browser Add-On |last=Cimpanu |first=Catalin |publisher=BleepingComputer |date=2017-01-04 |access-date=2026-05-30}}</ref> The company trades on the New York Stock Exchange under the ticker SMWB after a May 12, 2021 initial public offering.<ref name="smwb-ipo">{{Cite web |url=https://www.similarweb.com/corp/success-stories/similarweb-announces-closing-of-ipo/ |title=Similarweb Announces Closing of Initial Public Offering |publisher=Similarweb |date=2021-05-14 |access-date=2026-05-30}}</ref> Both extensions were classified as ''"Confirmed"'' AI-chat scrapers in security researcher James Arnott's May 11, 2026 audit, which documented chat content from ChatGPT, Claude, & Character.AI leaving users' browsers in network traffic.<ref name="aibp-wos" />
+'''SimilarWeb''' (legally Similarweb Ltd.) is an Israeli digital-market-intelligence company that owns two Chrome Web Store extensions independently documented exfiltrating their users' browsing data: [[Stylish (Chrome extension)|Stylish]], with roughly 2 million users, and a [[SimilarWeb (browser extension)|self-branded SimilarWeb traffic-rank extension]] with roughly 1 million users.<ref name="aibp-wos">{{Cite web |last=Arnott |first=James |title=The AI Chat Scraping Extension Wall of Shame |url=https://amibeingpwned.com/blog/ai-chat-scraper-wall-of-shame |website=amibeingpwned |date=11 May 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://ghostarchive.org/archive/XRSUm |archive-date=2 Jun 2026}}</ref><ref name="bc-2017">{{Cite web |last=Cimpanu |first=Catalin |title=2 Million Users Impacted by New Data Collection Policy in Stylish Browser Add-On |url=https://www.bleepingcomputer.com/news/software/2-million-users-impacted-by-new-data-collection-policy-in-stylish-browser-add-on/ |website=BleepingComputer |date=4 Jan 2017 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20170627001535/https://www.bleepingcomputer.com/news/software/2-million-users-impacted-by-new-data-collection-policy-in-stylish-browser-add-on/ |archive-date=27 Jun 2017}}</ref> The company trades on the New York Stock Exchange under the ticker SMWB after a May 12, 2021 initial public offering.<ref name="smwb-ipo">{{Cite web |url=https://www.similarweb.com/corp/success-stories/similarweb-announces-closing-of-ipo/ |title=Similarweb Announces Closing of Initial Public Offering |publisher=Similarweb |date=2021-05-14 |access-date=2026-05-30}}</ref> Both extensions were classified as ''"Confirmed"'' AI-chat scrapers in security researcher James Arnott's May 11, 2026 audit, which documented chat content from ChatGPT, Claude, and Character.AI leaving users' browsers in network traffic.<ref name="aibp-wos" />
 ==Background==
+SimilarWeb was founded in 2007 by Or Offer and is headquartered in Givatayim, Israel. Its core business sells web and app traffic intelligence to brands, investors, and publishers; a portion of the underlying panel data is sourced from a network of browser extensions, mobile applications, and user panels that the company owns or partners with.<ref name="bc-2017" />
-SimilarWeb was founded in 2007 by Or Offer & is headquartered in Givatayim, Israel. Its core business sells web & app traffic intelligence to brands, investors, & publishers; a portion of the underlying panel data is sourced from a network of browser extensions, mobile applications, & user panels that the company owns or partners with.<ref name="bc-2017" />
+The company priced its IPO on May 12, 2021, selling 8,000,000 ordinary shares on the New York Stock Exchange under ticker SMWB, with J.P. Morgan, Citigroup, Barclays, and Jefferies serving as joint book-running managers.<ref name="smwb-ipo" /> On May 13, 2026, the board announced that founder and CEO Or Offer would step down by mid-2027 and opened a formal succession process.<ref name="calcalist-succession">{{Cite web |author= |title=Similarweb begins CEO succession process as founder Or Offer plans to step down |url=https://www.calcalistech.com/ctechnews/article/h1nullf1mx |website=Calcalist Tech |date=13 May 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20260516110359/https://www.calcalistech.com/ctechnews/article/h1nullf1mx |archive-date=16 May 2026}}</ref>
-The company priced its IPO on May 12, 2021, selling 8,000,000 ordinary shares on the New York Stock Exchange under ticker SMWB, with J.P. Morgan, Citigroup, Barclays, & Jefferies serving as joint book-running managers.<ref name="smwb-ipo" /> On May 13, 2026, the board announced that founder & CEO Or Offer would step down by mid-2027 & opened a formal succession process.<ref name="calcalist-succession">{{Cite web |url=https://www.calcalistech.com/ctechnews/article/h1nullf1mx |title=Similarweb begins CEO succession process as founder Or Offer plans to step down |publisher=Calcalist Tech |date=2026-05-13 |access-date=2026-05-30}}</ref>
 ==Browser extensions==
+In January 2017, the then-owner of [[Stylish (Chrome extension)|Stylish]] announced a data-collection partnership tying the user-styles extension into SimilarWeb's analytics panel. At the time of the partnership, Stylish had approximately 2 million users across [[Chrome]], [[Firefox]], [[Opera]], and [[Safari]].<ref name="bc-2017" /> SimilarWeb itself was the named owner of the extension by the time Robert Heaton's July 2018 disclosure prompted Chrome and Firefox to remove it.<ref name="heaton-2018" /> The Chrome Web Store listing as of May 2026 still shows roughly 2 million users.<ref name="aibp-wos" />
-In January 2017, the then-owner of [[Stylish (Chrome extension)|Stylish]] announced a data-collection partnership tying the user-styles extension into SimilarWeb's analytics panel. At the time of the partnership, Stylish had approximately 2 million users across Chrome, Firefox, Opera, & Safari.<ref name="bc-2017" /> SimilarWeb itself was the named owner of the extension by the time Robert Heaton's July 2018 disclosure prompted Chrome & Firefox to remove it.<ref name="heaton-2018" /> The Chrome Web Store listing as of May 2026 still shows roughly 2 million users.<ref name="aibp-wos" />
+The company also distributes a self-branded [[SimilarWeb (browser extension)|SimilarWeb traffic-rank extension]] with roughly 1 million Chrome Web Store users, which serves both as a consumer-facing site-comparison tool and as a primary data-collection channel feeding SimilarWeb's panel.<ref name="aibp-wos" /> Neither extension's Chrome Web Store listing discloses, on the install page itself, the AI-chat exfiltration documented by independent researchers in 2025 and 2026.<ref name="aibp-wos" />
-The company also distributes a self-branded [[SimilarWeb (browser extension)|SimilarWeb traffic-rank extension]] with roughly 1 million Chrome Web Store users, which serves both as a consumer-facing site-comparison tool & as a primary data-collection channel feeding SimilarWeb's panel.<ref name="aibp-wos" /> Neither extension's Chrome Web Store listing discloses, on the install page itself, the AI-chat exfiltration documented by independent researchers in 2025 & 2026.<ref name="aibp-wos" />
 ==Incidents==
+This is a list of all consumer-protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
-===2018 Stylish data-exfiltration disclosure===
+===Stylish data-exfiltration disclosure (''2018'')===
+On July 2, 2018, software engineer Robert Heaton published a technical write-up showing that the SimilarWeb-owned Stylish extension was sending every URL its users visited, together with a persistent unique identifier, to <code>api.userstyles.org</code>. Heaton noted that for users who had also created a userstyles.org account, the identifier could be linked to a login cookie, tying browsing histories to real-world identities.<ref name="heaton-2018">{{Cite web |last=Heaton |first=Robert |title=Stylish browser extension steals all your internet history |url=https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ |website=Robert Heaton |date=2 Jul 2018 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20180703054616/https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ |archive-date=3 Jul 2018}}</ref> Within two days of publication, both [[Google]] and [[Mozilla]] removed Stylish from the Chrome Web Store and the Firefox add-ons store; The Register & BleepingComputer independently confirmed the removals.<ref name="heaton-2018" /><ref name="register-2018">{{Cite web |last=Chirgwin |first=Richard |title=Chrome, Firefox pull very unstylish Stylish invasive browser plugin |url=https://www.theregister.com/security/2018/07/05/chrome-firefox-pull-very-unstylish-stylish-invasive-browser-plugin/1162321 |website=The Register |date=5 Jul 2018 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20260508120025/https://www.theregister.com/security/2018/07/05/chrome-firefox-pull-very-unstylish-stylish-invasive-browser-plugin/1162321 |archive-date=8 May 2026}}</ref> A modified version was back in the Firefox add-on store by August 16, 2018 behind an opt-in startup screen.<ref name="heaton-back">{{Cite web |last=Heaton |first=Robert |title="Stylish" is back, and you still shouldn't use it |url=https://robertheaton.com/2018/08/16/stylish-is-back-and-you-still-shouldnt-use-it/ |website=Robert Heaton |date=16 Aug 2018 |access-date=1 Jun 2026 |url-status=live |archive-url=https://web.archive.org/web/20181128230120/https://robertheaton.com/2018/08/16/stylish-is-back-and-you-still-shouldnt-use-it/ |archive-date=28 Nov 2018}}</ref>
-On July 2, 2018, software engineer Robert Heaton published a technical writeup showing that the SimilarWeb-owned Stylish extension was sending every URL its users visited, together with a persistent unique identifier, to <code>api.userstyles.org</code>. Heaton noted that for users who had also created a userstyles.org account, the identifier could be linked to a login cookie, tying browsing histories to real-world identities.<ref name="heaton-2018">{{Cite web |url=https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/ |title=Stylish browser extension steals all your internet history |last=Heaton |first=Robert |date=2018-07-02 |access-date=2026-05-30}}</ref> Within two days of publication, both Google & Mozilla removed Stylish from the Chrome Web Store & the Firefox add-ons store; The Register & BleepingComputer independently confirmed the removals.<ref name="heaton-2018" /><ref name="register-2018">{{Cite web |url=https://www.theregister.com/2018/07/05/stylish_browser_extension_dropped/ |title=Stylish browser extension dropped by Mozilla, Google over snooping |publisher=The Register |date=2018-07-05 |access-date=2026-05-30}}</ref> A modified version was back in the Firefox add-on store by August 16, 2018 behind an opt-in startup screen.<ref name="heaton-back">{{Cite web |url=https://robertheaton.com/2018/08/16/stylish-is-back-and-you-still-shouldnt-use-it/ |title="Stylish" is back, and you still shouldn't use it |last=Heaton |first=Robert |date=2018-08-16 |access-date=2026-05-30}}</ref> See [[Stylish (Chrome extension)]] for the full technical record.
-<!-- INCIDENT_SCORE: 70 | major historical incident: confirmed exfiltration of every URL from approximately 2M users, prompted Chrome & Firefox takedowns within two days -->
-===2026 Stylish return & Wall of Shame===
-On February 26, 2026, security researcher James Arnott of amibeingpwned documented that Stylish, by then carrying Chrome Web Store ''"Featured"'' & ''"Verified Publisher"'' badges, was again exfiltrating every URL its users visited, along with conversation content from AI chat sites including ChatGPT, Claude, & Character.AI. Arnott reverse-engineered a five-stage obfuscation pipeline: URL encoding, double base64 of JSON, columnar transposition, AES-256-CBC encryption with a symmetric key hardcoded in the extension source, & a final base64 wrap.<ref name="aibp-stylish-back">{{Cite web |url=https://amibeingpwned.com/posts/stylish-is-back/ |title=Stylish is Back, Back again! |last=Arnott |first=James |publisher=amibeingpwned |date=2026-02-26 |access-date=2026-05-30}}</ref> On May 11, 2026, Arnott published an AI Chat Scraper Wall of Shame that classified Stylish as ''"Confirmed"'' with ''"Extensive"'' obfuscation, citing direct observation of chat content leaving the browser in network traffic.<ref name="aibp-wos" /> Full technical detail at [[Stylish (Chrome extension)]] & [[Browser extension AI chat exfiltration]].
-<!-- INCIDENT_SCORE: 85 | actively confirmed; verbatim cipher chain documented; AI chat content from ChatGPT/Claude/Character.AI exfiltrated; Featured + Verified Publisher badges -->
-===SimilarWeb-branded extension confirmed exfiltration===
+===Stylish return and Wall of Shame (''February 2026'')===
+On February 26, 2026, security researcher James Arnott of amibeingpwned documented that Stylish, by then carrying Chrome Web Store ''"Featured"'' and ''"Verified Publisher"'' badges, was again exfiltrating every URL its users visited, along with conversation content from AI chat sites including ChatGPT, Claude, and Character.AI. Arnott reverse-engineered a five-stage obfuscation pipeline: URL encoding, double base64 of JSON, columnar transposition, AES-256-CBC encryption with a symmetric key hard-coded in the extension source, and a final base64 wrap.<ref name="aibp-stylish-back">{{Cite web |last=Arnott |first=James |title=Stylish is Back, Back again! |url=https://amibeingpwned.com/blog/stylish-is-back-back-again |website=amibeingpwned |date=26 Feb 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://ghostarchive.org/archive/JTVNg |archive-date=2 Jun 2026}}</ref> On May 11, 2026, Arnott published an AI Chat Scraper Wall of Shame that classified Stylish as ''"Confirmed"'' with ''"Extensive"'' obfuscation, citing direct observation of chat content leaving the browser in network traffic.<ref name="aibp-wos" />
-Arnott's May 11, 2026 Wall of Shame separately classified the self-branded SimilarWeb extension (≈1 million users, carrying a Chrome Web Store ''"Verified"'' badge) as ''"Confirmed"'' for exfiltrating AI chat content & full URLs. Arnott noted that the data collection occurs ''"even when you're not using the extension"'' & that, unlike Stylish, the SimilarWeb-branded extension applies no obfuscation to the exfiltrated payload.<ref name="aibp-wos" /> See [[Browser extension AI chat exfiltration]] for cross-extension analysis & detection methodology. Arnott made a video<ref>{{Cite web |last=AmIBeingPwned |title=Similarweb - URL, OpenAI JWT and AI chat exfiltration demo |url=https://www.youtube.com/watch?v=-c5Jewuqrqw |url-status=live |website=YouTube}}</ref> documenting the behavior.
+===SimilarWeb-branded extension confirmed exfiltration (''May 2026'')===
-<!-- INCIDENT_SCORE: 60 | Confirmed exfiltration of URLs + AI chat content from ~1M users; no obfuscation; classified Confirmed in May 2026 Wall of Shame -->
+Arnott's May 11, 2026 Wall of Shame separately classified the self-branded SimilarWeb extension (≈1 million users, carrying a Chrome Web Store ''"Verified"'' badge) as ''"Confirmed"'' for exfiltrating AI chat content and full URLs. Arnott noted that the data collection occurs ''"even when you're not using the extension"'' and that, unlike Stylish, the SimilarWeb-branded extension applies no obfuscation to the exfiltrated payload.<ref name="aibp-wos" /> Arnott made a video documenting the behavior.<ref>{{Cite web |author=AmIBeingPwned |title=Similarweb - URL, OpenAI JWT and AI chat exfiltration demo |url=https://www.youtube.com/watch?v=-c5Jewuqrqw |website=[[YouTube]] |date=31 May 2026 |access-date=1 Jun 2026 |url-status=live |archive-url=https://preservetube.com/watch?v=-c5Jewuqrqw |archive-date=2 Jun 2026}}</ref>
 ==Products==
+*[[Stylish (Chrome extension)]]: User-styles extension with SimilarWeb data-collection partnership announced January 2017
-*[[Stylish (Chrome extension)]]: user-styles extension with SimilarWeb data-collection partnership announced January 2017
+*[[SimilarWeb (browser extension)]]: Self-branded traffic-rank extension
-*[[SimilarWeb (browser extension)]]: self-branded traffic-rank extension
 ==See also==
 *[[Stylish (Chrome extension)]]
 *[[SimilarWeb (browser extension)]]
@@ Line 54: / Line 45: @@
 ==References==
+{{Reflist}}
-{{reflist}}
 [[Category:SimilarWeb]]
 [[Category:Browser extensions]]
 [[Category:Privacy]]