Author Topic: My Chrome extensions spying on me? (Read 4832 times)

polonus · « **on:** January 25, 2015, 01:26:23 AM »

Saw this in my monitoring tool, a5.61.2d.static.xlhost.com, IP https://www.virustotal.com/en/ip-address/173.45.97.165/information/
then read here: http://www.howtogeek.com/180175/warning-your-browser-extensions-are-spying-on-you/
These connections ran in Google Chrome. What tracking is going on here?

polonus

midnight · « **Reply #1 on:** January 25, 2015, 01:50:03 AM »

Sorry.....

polonus · « **Reply #2 on:** January 25, 2015, 02:07:27 AM »

Hi -midnight,

The spying is going on behind your back and what is going on is hidden in Eula's. Code is being injected with a fixed ID part to know from where you came from and where you are heading on the Interwebs all of the time, even on sites that are encrypted. The Internet is free space only because we, the users, are the product and all we do there is being sold and will land on some marketeer's desk to be resold again to another pimple face to earn some more cheap money on your browsing habits and history.
Not all extensions do this off course but it is known the hoverzoom add-on for instance is such an extension. Sometimes shady characters try to take over extensions from developers to start injecting these devious tracking codes. Google allows all this going on for as long as it is “clearly disclosed”. They already lost some ground in firefox, but I fear other parties are also deep into this tracking and fingerprinting.
Only through analyzing your Internet traffic you can see what is going on under the hood and with a monitoring tool like fiddler we can find them out.

polonus

polonus · « **Reply #3 on:** January 25, 2015, 02:16:16 AM »

OK denied and distrusted htxp://a5.61.2d.static.xlhost.com/ API site with ScriptSafe for Google Chrome.
No code will run from and towards it, also I have Disconnnect extension block it.
A list of tracking extensions: https://discuss.howtogeek.com/t/warning-your-browser-extensions-are-spying-on-you/12394
I haven't got any of these extensions, but again proof of the fact that you will be "free of privacy",
meaning privacy is non-existent.

pol

abruptum · « **Reply #4 on:** January 25, 2015, 12:57:23 PM »

Chrome

https://www.extensiondefender.com/database-chrome.php

Firefox

https://www.extensiondefender.com/database-firefox.php

polonus · « **Reply #5 on:** January 25, 2015, 04:50:28 PM »

Hi Abruptum,

Thank you so much for that link. This will help a great many users.
Getting harder and harder to circumvent ad-tracking now.
Besides what you advise here the last lines of defense are formed by a good script blocker and a third party request blocker.

polonus

Lisandro · « **Reply #6 on:** January 25, 2015, 06:03:23 PM »

Quote from: abruptum on January 25, 2015, 12:57:23 PM

Chrome

https://www.extensiondefender.com/database-chrome.php

Firefox

https://www.extensiondefender.com/database-firefox.php

Why doesn't Avast Browser Cleaner detect these extensions as adwares?

polonus · « **Reply #7 on:** January 25, 2015, 06:19:07 PM »

Hi Lisandro,

All flagged here: https://www.extensiondefender.com/database-chrome.php
and these should be flagged by Avast Browser Cleaner also i.m.h.o.
It also could be that these extensions go unnoticed because Google allows these adware, adware tracking & malware/adware extensions in the web store because notification has been given to the end-user in advance (Eula). But I guess most users are unaware of this "abuse".
There is also perisitent adware that is not being flagged by Avast because it is claimed to be innocent and easily uninstallable,
what you experience when you follow the removal thereof in the virus and worms, the pratice confirms just the opposite (Conduit, Ad-retargeting). It can be also that too few users are reporting such abuse to Avast and that is why no action is taken.
Mind you a lot of such tracking is going on stealthily and therefore unnoticed by the average end-user.

polonus

Lisandro · « **Reply #8 on:** January 25, 2015, 06:29:13 PM »

Quote from: polonus on January 25, 2015, 06:19:07 PM

All flagged here: https://www.extensiondefender.com/database-chrome.php
and these should be flagged by Avast Browser Cleaner also i.m.h.o.

But they aren't. An example? AutoCopy.
How to catch Avast developers attention?

polonus · « **Reply #9 on:** January 25, 2015, 06:32:15 PM »

Hi Lisandro,

How can I give feedback for Avast Browser Cleanup?
Avast Browser Cleanup allows you to provide feedback in two different channels:
From the Avast antivirus user interface:

Open the Avast antivirus user interface, which is installed on your computer. Right-click on the Avast icon in the task bar and choose ‘Open Avast user interface’.

Then proceed to the ‘Tools’ tab and choose ‘Browser cleanup’ from the list.

Click ‘Start Browser Cleanup’ on the right side of the window and Avast Browser Cleanup will appear.

Click the ‘SUPPORT’ button (question mark icon) and then select ‘Feedback'. You’ll be forwarded to a user forum where you may freely enter your questions or comments.

From the web:

Visit the AVAST support portal (support.avast.com) to contact the AVAST support team with your questions or comments.

So with this list in hand our users should start reporting if they have any of these dubious adware injected extensions running!

Because as it is avast browser clean-up depends on user ratings!

polonus

P.S. Just mailed avast and linked here.

Damian

midnight · « **Reply #10 on:** January 25, 2015, 07:14:58 PM »

Quote from: abruptum on January 25, 2015, 12:57:23 PM

Chrome

https://www.extensiondefender.com/database-chrome.php

Firefox

https://www.extensiondefender.com/database-firefox.php

I installed the extension defender on Firefox but so far I can't see that it's doing anything. Guess that means all of my other Firefox extensions are safe.

polonus · « **Reply #11 on:** January 25, 2015, 09:18:10 PM »

Hi -midnight,

That means you have none of the "baddies" installed. You can find a list of those "bad apples" here.
-> https://www.extensiondefender.com/database-chrome.php
Let us hope that avast! will add protection against them.

polonus

polonus · « **Reply #12 on:** January 26, 2015, 11:47:04 PM »

There is a free extension to protect us from this adware/spyware/malware extensions and websites shield for chrome:
https://chrome.google.com/webstore/detail/shield-for-chrome/gceighgadbamgchioaofojlblndjcggh
See for yourself: https://www.uploady.com/#!/download/0KyfEWzko6P/BWE~qtz44iIAlHs8
Again it is my opinion that Avast should also flag these.
Waiting for what Lisandro has found out about this issue at Avast base?
Credits for a report on this go to Preston Gralla: http://www.itworld.com/article/2699633/security/how-to-protect-yourself-against-chrome-extension-adware.html

polonus

polonus · « **Reply #13 on:** January 27, 2015, 12:07:55 AM »

Also read this story: http://www.itworld.com/article/2699338/security/spammers-buy-chrome-extensions-and-turn-them-into-adware.html
link article author: Lucian Constantin
With Shield for Chrome they are found out.
And then there is this extension: https://chrome.google.com/webstore/detail/spy-watch/dflhdldmjlapjlinehkeeopkibefgfkf
Detection should be brought into Avast Browser Cleanup as well.

polonus

Author Topic: My Chrome extensions spying on me? (Read 4832 times)

polonus

My Chrome extensions spying on me?

midnight

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?

abruptum

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?

Lisandro

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?

Lisandro

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?

midnight

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?

polonus

Re: My Chrome extensions spying on me?