You installed a browser extension. It’s selling everything you do.


-Here’s an awkward call
to make to a colleague. Hey, Nick.
-Hey, Geoff. -So, I’ve got some bad news. Everything you’ve been clicking
on in your Web browser is for sale
on the open Internet, and I just bought it. -How could something
like that have happened? -Um, it’s actually pretty easy. -Okay, now, that’s scary.
-How did this happen to Nick? Through a browser extension. They’re little applications
you install in Chrome, Firefox, or Opera to make
browsing the Web better. But it turns out a distressing
number of extensions are covertly in the business
of spying on you and selling the data. Even more disturbing,
what happened to Nick has also been happening to
at least 4 million other people. Personal information
and corporate secrets leaking right
onto the Internet. And we can’t count
on our browsers to stop it. I had no idea how bad
the problem was until I heard from this guy —
Sam Jadali. He’s an independent researcher who’s been studying the secret
lives of Web browsers. A few months ago, Sam discovered
some of his clients’ data was available for sale on a
website called Nacho Analytics. Anyone who paid the site
at least $49 per month could get reports on websites, including exactly what people
were clicking in near-real time. I had to see it to believe it. What are we about to see now? -So, I’m about to show you data that we can find on
Microsoft OneDrive. -Microsoft OneDrive —
that’s like Dropbox or local drives
where people store all kinds of files
for work, for home. What kinds of files
have you found in there? -So, you can actually
search by page title. So you could just run a simple
search query for the word “tax.” And you can, potentially,
find people’s tax returns. And within that, you can see,
I’m sure, if you open it, I’m sure, all sorts of sensitive
financial information, personal information,
bank-account information. -Then Sam showed me
the links to medical records, exposing the names of patients,
doctors, and even medications,
which we blurred out here. We saw people checking in
to flights, exposing their names and IDs. We saw people booking Ubers, leaking their exact pickup
and drop-off locations. We did not click
on any of these links. Instead, we ran a test. I installed a leaky extension, then looked at a document
in my browser. Sam was able to find
and open it from Nacho in as little as an hour. Then I asked Sam
if he could find data from “The Washington Post.” That’s how we discovered
Nick clicking around in “The Post’s”
internal website. We watched him logging in and
checking out the summer interns. Over months, he’d likely
leaked much, much more. It’s shocking to be able
to trace data from the moment it gets grabbed
to the place it gets sold. Nacho Analytics
isn’t on the Dark Web. It isn’t technically
stolen data. Nacho bills itself as a
marketing intelligence service, helping businesses know
what competitors are up to. Nacho also claims
it’s 100% legal. Here’s how one of its employees
described Nacho in a Web video
a few months ago. -We are gathering data
from millions of opt-in users — individuals from around
the world that agreed to share
their browsing data anonymously. Nacho Analytics
scrubs this data, so all personal information
is deleted. -Is that really the case? With Nick, his data leaked from
an extension called Hover Zoom. Its stated purpose is
to enlarge photos on websites. Hover Zoom’s privacy policy does say it can read
your browsing history. By clicking “Agree,” you’re allowing it to view
every page you click. But the messages you see
while installing Hover Zoom hardly suggest
they’re in the data business. The extension’s maker
didn’t answer my e-mails. After Sam disclosed
his findings, Google, Mozilla, and Opera banned at least
six of the leaky extensions he had identified,
including Hover Zoom. If you had one of them
installed, it no longer works. Since the shutoff, Nacho
Analytics has told customers that it suffered
a permanent data outage and could no longer serve them. Nacho Analytics’ CEO told me
Sam had misused his site by looking up
personal information and that Nacho’s data came
from people who were informed, even if they hadn’t read every
detail in the privacy policies. Those six extensions had
about four million users before they were shut down. But just because they’re gone doesn’t mean your personal data
isn’t at risk. A recent academic study found
3,800 leaky extensions in the Google Chrome
Web Store. And the 10 most popular
have more than 60 million users. Who are you angry at about this?
-You. No, I’m just kidding. -[laughs]
I’m just the messenger! -Yeah, I can’t be mad
at the messenger. Well, I’m angry at Google,
maybe, for being permissive of certain things like this
and to promote a marketplace and a culture
that allows this to happen. -I think that’s right. -If I’ve fallen for using
this extension, I know hundreds of thousands of
other people, easily, have also.

36 thoughts on “You installed a browser extension. It’s selling everything you do.

  1. This is the issue..this isn't Google's fault,Microsoft's fault…this is YOUR FAULT! Nobody reads the terms of service and then is shocked when stuff like this happens! I knew 4 days ago that the Face App was Russian..how did I know..I read the terms of service for the app! You have got to read!!!

  2. I have to come one day please wait for.πŸŽ»πŸŽΆπŸŽ΅πŸŽΈπŸŽΈπŸŽΈπŸŽΈπŸŽΈπŸŽΈπŸŽΈπŸ›«πŸ›«πŸ›«πŸ›«πŸ›«πŸ›«πŸ›«πŸ›«

  3. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized

  4. The only extension I use is for Adblock plus.A couple of months ago, I bought a couple of smart plugs that said they would be compatible with my Alexa but decided not to use them because they required me to download an app from some dodgy looking Chinese company. Thinking of giving them to my brother-in-law because he's a douche.

  5. The internet is evil. I remember when the Internet was young. It was for research and email. Now it's just evil.

  6. No matter how much you try, Democrat party media, the American people are on to your advocacy for this corrupt, tr.easonous and plain evil party. All it has gotten you since 2016 is a few points off Trump's ratings and your complete credibility. So go ahead. Knock yourself out. We're smarter than you think!

  7. I doubt there is any software, paid or free, that you can TRUST is not mining and selling your data one way or another. There is no privacy or confidentiality these days – world wide. Anyone who is determined and has the resources to dig up your entire history since you were born can do so – like right from their computer… if you don't believe this is true, then you just aren't paying attention. I personally don't care… in fact, I get a chuckle thinking about some poor schmuck wasting his/her time combing through my data looking for something worth anything. Ha Ha Ha Ha Ha

  8. Nothing surprising here. Nothing is for free unless it’s open source and even then you must be careful of bad actors repackaging it for nefarious use. First question before installing anything is why it’s available. Follow the money. If it’s free then ask why.

  9. Thanks for that! I did some extensive research on Google Android and several major brands of Smartphones using Google Android operating systems and the tremendous amount of data being actively collected not only by third-party apps but built-in services and utilities installed from the manufacturers and being sent to servers around the world, including China, Russia and East Asia was astonishing. I've been using a Non-google Open Source version of Android for over a year now and find it more than adequate with three times the battery life 1/4 the amount of mobile data usage. I also use a separate Device for social media and youtube.

  10. Meanwhile, mainstream media is still providing cover for the widespread censorship of conservatives and the manipulation of news algorithms, all designed to unfairly manipulate US elections.

  11. At Least this is the best effort by WP in years put here otherwise it's just sad era of journalism !
    Helping common and unaware man from dangers they can not see or foresee !

  12. Great and important video, thanks for sharing this! Removed 95% fo my extensions 😁.
    I would like even more if you wouldn't add all the extra visuals πŸ˜‰. Remember, shorter videos lead to better engagement.

  13. Yeah, Google should block extension makers from misusing our data, and Google should vet extensions, but we should be angry at Nacho Analytics too! They should be penalized like Equifax for leaking sensitive data and misleading terms of service. If they were gonna sell our data, they at least should have anonymized it. Moral of the story, uninstall extensions and phone apps you don't really need. Try to use open source alternatives on Fdroid, or check descriptions and see if the website points to Github.

  14. This isn't new news, but a rehash of pre-dotcom info. Biggest spyware? Google analytics… free and can pretty much track everything any user is doing and cross-correlate it to personally identifiable information, but this isn't new news either.

Leave a Reply

Your email address will not be published. Required fields are marked *