Go to the profile of Daniel Smilansky
Daniel Smilansky
Smi · lan · sky - Founder at Market Boost, Passionate Techie, Lean Startup enthusiast

Unknown Spectators

A friend of mine, who happens to be a recruiter, asked me if I could extract contact information from a LinkedIn contact into a Google Drive Sheet.

After a bit of brainstorming, I felt that using a Chrome extension could be an easy way to do that, especially if I was able to access the DOM.

DOM is technobabble for the Document Object Model, or in plain English: the code representing everything you see on a webpage.

Chrome extensions are fairly non-intrusive — harmless little buttons sitting above your bookmarks. You might be familiar with Adblock, the holy grail of extensions and one of my favorites, though Forbes might disagree with me. Sorry Forbes, I will never disable adblock for you.

After playing around for a bit, I quickly had a mini Eric Snowden epiphany: Chrome extensions can access to everything the user sees and does within the browser.

Adblock, one of the most popular extensions with over 50 million users, has access to your browsing history and the ability to view every single thing you do online.

From my conversations with Chrome users, I was unsurprised to find that few of them are aware of the amount of trust they grant to a Chrome extension when they install it.

Hell, most developers I spoke with were shocked to find out that every single Chrome extension can access a user’s browsing activity with such ease.

I went ahead and read through Adblock’s privacy agreement and found this:

AdBlock never has and never will sell your personal information to any third party without your consent. We sometimes share anonymized and aggregated information that cannot be associated with an individual with third parties or the public.

What does “sometimes” mean? I am not entirely sure, though I suspect such legalese opens the door for vague interpretations and a great defense case.

Yea, most credit card companies will reimburse you for those fraudulent $100 7/11 purchases at 4am on a Tuesday. Identity theft, however, can put you in a tight squeeze. I have seen it first hand and don’t wish that upon anyone.

People should know what they are agreeing to when using technology, yet many of my conversations with friends and others have shown me that few are aware of the security threats they could be exposed to.