Stylish (Chrome extension)

• Records the full URL of every page the user visits & sends it to SimilarWeb's servers, including data such as the query string of every Google search, password-reset and magic sign in links sent by email and any other URL which the user visits.^[4]
• Sends the captured URLs together with a per-user identifier that can be tied to a real-world identity through the userstyles.org login cookie, which is scoped to all userstyles.org subdomains.^[4]
• As of 2026, also captures user conversations with hosted AI assistants such as Character.AI, ChatGPT, & Claude.^[7]
• Wraps the captured data in a five-stage encoding chain ending in AES-256-CBC encryption whose key is hardcoded in the extension's own JavaScript, so the encryption protects the data only from outside observers, not from SimilarWeb.^[3]
• Carries Google's "Featured" & "Verified Publisher" badges on the Chrome Web Store despite the documented behavior.^[8][7]
• The open-source fork Stylus, maintained by the community after the 2017 SimilarWeb acquisition, is a drop-in replacement that caches styles locally & sends nothing to a server.^[9]

Stylish lets users apply user-written CSS to any website, replacing fonts, colors, & layouts with community-contributed "skins." It was created by Jason Barnabe as a Firefox extension; the earliest contemporaneous record in the source set is Jesse Ruderman's January 15, 2006 review on squarefree.com, which described it as "a Firefox extension by Jason Barnabe" that "lets you manage CSS rules to change the appearance of web sites."^[1] Barnabe also operated the userstyles.org community site where users uploaded & shared their styles.^[10]

For about a decade, Stylish operated as a small open-source project with no server-side telemetry: the extension fetched styles when the user asked for them & otherwise ran entirely locally. That changed when Barnabe stepped back from the project. In late September & early October 2016, ownership of both the Stylish extension & userstyles.org was transferred from Barnabe to a new operator named Justin Hindman.^[10] Three months later, Hindman announced that he had sold or partnered the project to SimilarWeb.^[2]

On January 4, 2017, BleepingComputer reported that Stylish "announced this week through the voice of its new owner a new data collection partnership with SimilarWeb, a digital market intelligence company," with Hindman explaining the deal as a resource problem.^[2] In a statement to the publication, Hindman wrote:

When I first started working on Stylish, I understood that this product is incredible, but in order to bring it to its full potential, it would require a tremendous amount of resources I just don't have.

^[2]

The new privacy policy added a data-collection feature labeled the "Suggested Web Styles" system. SimilarWeb's stated rationale was that recording each user's visited URLs let the extension recommend matching community styles. An opt-out toggle existed in the extension's settings panel, but BleepingComputer noted "[t]he anonymous data collection system comes turned on by default in all new installations"; unchecking it disabled the suggestion feature & excluded the user from the displayed install counts.^[2] At the time, Stylish had nearly two million users across Chrome & Firefox.^[2]

On July 2, 2018, software engineer Robert Heaton published a technical write-up titled "'Stylish' browser extension steals all your internet history." Working with the Burp Suite proxy, he had noticed that his browser was sending a steady stream of obfuscated POST requests to api.userstyles.org/stats. He described the encoding as plain base64 wrapped twice:

I noticed that the data blob contained only letters and numbers and ended in %3D, the URL encoding for an = sign. This made me suspect that the blob had been Base64 encoded. I tried Base64 decoding it... Still nonsense. But the decoded string also contained only letters and numbers, and also ended in an = sign. I tried Base64 decoding it a second time... Pyrrhic victory. When I looked at the contents of the decoded payload, I realized that Stylish was exfiltrating all my browsing data.

^[4]

Inside the decoded payload Heaton found a unique tracking identifier attached to each request. Because the same browser also held a userstyles.org login session, the tracking identifier could be linked to a registered account. As Heaton put it, "Stylish's session cookie is scoped to *.userstyles.org, so it gets sent to every userstyles.org sub-domain as well."^[4] He noted that the cookie expired at the end of each browser session, but pointed out that "it only takes one tracking request containing one session cookie to permanently associate a user account with a Stylish tracking identifier."^[4]

Heaton walked through the consumer-harm implications of recording full URLs rather than only domain names. Password-reset emails, one-time login tokens, & short-lived medical-record links from Amazon S3 all live inside URLs; capturing the full path & query string captures all of those secrets too.^[4] He also rejected the company's stated rationale, writing that if SimilarWeb only needed to suggest matching styles, "then they would only need to send themselves the current page's domain, not the full URL."^[4]

The disclosure was picked up by The Register on July 5, 2018, which independently summarized Heaton's findings & noted the gap between the privacy policy & the observed behavior: "While the SimilarWeb privacy policy for Stylish says it only collects anonymous data, Heaton found it was attaching an identifier to the data returned to the company."^[11] KitGuru ran a similar story the same day.^[12]

By July 4, 2018, both stores had pulled the extension. BleepingComputer reported that day:

Google and Mozilla have removed the Stylish browser extension from their respective add-on stores after the publication of a report this week that accused the extension of logging users' browser histories and sending the data to remote servers.

^[5]

BleepingComputer quoted Mozilla software engineer Andreas Wagner's bug-report comment: "We decided to block [Stylish] because of violation of data practices outlined in the review policy."^[5] Google did not issue a public explanation, but the Chrome Web Store listing began returning a 404 error.^[5] Heaton's own post records the same two-day window in an update line: "2 days after publication of this post, Stylish was removed from the Chrome and Firefox stores. 3 weeks later, a new version is back in the Firefox store."^[4]

Stylish v3.1.8 was visible in the Firefox add-on store by August 16, 2018. Heaton published a follow-up the same day. The new build had not removed the tracking; it had moved the tracking behind a startup screen. Heaton wrote:

It comes with a tastefully designed startup screen asking whether you would like to opt-in to having all your browsing history sent to the SimilarWeb servers. If you tick the boxes saying "no, obviously not" then it also features an aesthetically pleasing design dark pattern designed to trick you into accidentally changing your mind.

^[6]

His recommended response was unchanged from the original post: switch to the open-source fork. "[T]he Stylus browser extension is an exact substitute for Stylish," he wrote.^[6]

In February 2026, James Arnott, founder of Bay Area Labs ("Am I Being Pwned?"), revisited the extension. In a February 26, 2026 post titled "Stylish is Back, Back again!", Arnott reported that Stylish was still sending a POST request for every page visit, with the same payload structure as in 2018, but now wrapped in a far more elaborate obfuscation scheme.^[3]

Arnott listed five 2018 press articles confirming the original takedown, then noted that the current version of the extension carries both Google's "Verified Publisher" & "Featured" badges on the Chrome Web Store.^[3] A sample payload he captured contains the fields gp (current URL), klm (previous URL), & pxe (per-user identifier), among others.^[3] The payload Arnott published, captured from a single page visit, was:^[3]

{
    "gp": "https://userstylesapi.com/top/styles",
    "klm": "https://www.google.com/search?q=test+google&rlz=1C5OZZY_enGB1156GB1156&oq=test&gs_lcrp=Eg...",
    "ver": "https://www.google.com/search?q=test+google&rlz=1C5OZZY_enGB1156GB1156&oq=test&gs_lcrp=Eg...",
    "knl": "",
    "dig": "2008511158",
    "tmg": "link",
    "trp": "exthead",
    "st": "1772053130391",
    "ch": "9",
    "di": "a3e3e2a81",
    "pxe": "Lk85G2SeiETEPNOWlrR15mLsZDsC",
    "vmt": "6",
    "lav": "21",
    "wv": "1",
    "gr": "3.4.10",
    "craz": "AAEAAAAAAG0RCwIRdAAAAAAAAAAAAAAAAAAAAAAAAAA="
}

Arnott wrote:

Where gp is your current URL, klm was your previous URL and pxe is your unique identifier, amongst other data.

^[3]

On May 11, 2026, Arnott published "The AI Chat Scraping Extension Wall of Shame," a ranked list of seven Chrome extensions he observed scraping user conversations with hosted AI assistants. Stylish was entry #1, classified as "Confirmed" with "Extensive" obfuscation, & listed at 2,000,000 users. Arnott wrote:

Stylish has the most extensive obfuscation we've seen, as we covered here. They exfiltrate all URLs and AI chats from providers like Character AI, ChatGPT, Claude, etc.

^[7]

He noted that Stylish's Chrome Web Store listing prominently displays the line "We care about your privacy."^[7][8]

Plain English: the extension takes the URL of every page the user visits, scrambles it five different ways one after the other, & only then sends it to SimilarWeb's servers. The point of the scrambling is not to keep the data secret; SimilarWeb can unscramble it because the unscrambling instructions are inside the extension itself. The point is to make it hard for outside reviewers, including the Chrome Web Store's automated review process, to recognize what is leaving the browser.

According to Arnott's reverse engineering, the payload passes through these five stages in order:^[3]

URL encoding to a query string... Double base64 encoded JSON stringified, then base64 again... Columnar transposition cipher, the base64 string is split into 48-character rows, then read column-by-column instead of row-by-row, scrambling the text... AES-256-CBC encrypted using a symmetric key hardcoded in the extension source code... Base64 encoded one final time.

^[3]

Arnott characterized the construction as more elaborate than its purpose required. On the AES-256-CBC stage, he commented that a hardcoded symmetric key offers no real confidentiality against anyone who can read the extension's JavaScript, & noted that asymmetric encryption would have avoided shipping the decryption key inside the extension at all.^[3] He published the following JavaScript decoder, which uses the symmetric key extracted from the extension to reverse the entire chain & recover the original URL payload:^[3]

async function decodeStylish(blob) {
    const key = await crypto.subtle.importKey("jwk",
      {alg:"A256CBC",ext:true,
k:"MaQ2KBEEiYcOcSCfszxMBVrKsXK3hxGmxZ8Zjq50KZg",
key_ops:["decrypt"],kty:"oct"},
      "AES-CBC",false,["decrypt"]);
    const raw = Uint8Array.from(atob(blob), c => c.charCodeAt(0));
    const dec = await crypto.subtle.decrypt({name:"AES-CBC",iv:raw.slice(0,16)}, key, raw.slice(16));
    const rows = new TextDecoder().decode(dec).split("\n");
    let b64 = "";
    for (let col = 0; col < rows[0].length; col++)
      for (const row of rows) { const ch = row[col]; if (ch && ch !== " ") b64 += ch; }
    const obj = JSON.parse(atob(b64));
    const once = atob(obj.e.replace(/-/g,"+").replace(/_/g,"/"));
    const qs = atob(once.replace(/-/g,"+").replace(/_/g,"/"));
    return Object.fromEntries(new URLSearchParams(qs));
  }

The key string MaQ2KBEEiYcOcSCfszxMBVrKsXK3hxGmxZ8Zjq50KZg is the AES-256-CBC symmetric key that ships inside the extension's own JavaScript bundle, which is what Arnott meant when he commented that the hardcoded key makes his job as an outside reviewer "so much easier."^[3] Arnott summarized his read of the chain's motive:

This POST request is obfuscated, which in my opinion is to make it harder for people to see what it's doing or to get around the Chrome Web Store publishing review process, or perhaps even both.

^[3]

Stylish's current Chrome Web Store listing carries Google's standard data-handling disclosure block. Under that block, the developer has declared that the extension's collected data is "Not being sold to third parties, outside of the approved use cases" & "Not being used or transferred for purposes that are unrelated to the item's core functionality."^[8] The listing also states: "we collect anonymous browsing data as described in our privacy policy https://userstyles.org/privacy-policy."^[8]

Arnott reports that the linked userstyles.org privacy policy says the opposite. In his February 2026 post he wrote that the policy "states that they explicitly do sell personal data," contradicting the larger-font Chrome Web Store declaration on the same product.^[3] He further observed that the Chrome Web Store's "approved use cases" list does not include selling user data for business purposes & in fact prohibits it.^[3]

The Chrome Web Store's own User Data FAQ, which governs what extensions are allowed to do with user data, states that "Ad targeting or other monetization of this data isn't for a user-facing feature" & that a product collecting browsing activity for any non-user-facing purpose is not permitted.^[13]

Stylus is the open-source fork of Stylish maintained by the community after the SimilarWeb acquisition. It was forked from Stylish v1.5.2 with the stated goal of removing all tracking & restoring a simpler user interface.^[14] Both Heaton (in 2018) & Arnott (in 2026) recommended Stylus as the practical mitigation for Stylish users.^[6][3]

As of May 2026, the Stylus Chrome Web Store listing shows 1,000,000 users, version 2.3.28, updated May 26, 2026, with publisher [email protected].^[9] The listing describes its data practices in plain language: "Unlike other similar extensions, we don't find you to be all that interesting. Your questionable browsing history should remain between you and the NSA. Stylus collects nothing. Period."^[9] Chrome Web Store displays the disclosure "[t]he developer has disclosed that it will not collect or use your data."^[9] Functionally, Stylus reads userstyles.org's style libraries the same way the old version of Stylish did, caches the styles locally on the user's machine, & does not contact a server for each page visit.^[3]

As of May 2026, the Stylish Chrome Web Store listing (extension ID fjnbnpbmkenffdnngjfgmeleoegfcffe) shows:^[8]

• Publisher: Similarweb LTD, 33 Itzhak Rabin Rd., Givatayim 5348303, Israel; D-U-N-S 533122482; trader status declared for the European Union.
• User count: 2,000,000.
• Rating: 4.3 out of 5 from 22,200 ratings.
• Version: 3.4.14, updated March 19, 2026.
• Badges: "Featured" & a "Verified Publisher" indicator ("The publisher has a good record with no history of violations").
• Declared data collected: web history.
• Declared data uses: "Not being sold to third parties, outside of the approved use cases"; "Not being used or transferred for purposes that are unrelated to the item's core functionality."

Google describes the Featured badge as recognizing extensions that "follow our technical best practices and meet a high standard of user experience and design," including "respecting the privacy of end-users," with each badge assigned after manual review by Chrome staff.^[15]

• SimilarWeb
• Stylus
• Browser extension AI chat exfiltration
• Chrome Web Store