Beware the Browser Extensions Privacy Trap!

Beware the Browser Extensions Privacy Trap!

By | August 6th, 2017
No Comments on Beware the Browser Extensions Privacy Trap!

There’s a story going around currently about a group of researchers who

claim to have de-anonymized a variety of browser users’ search data.


The fact that proper anonymization of data is a nontrivial task is quite well known. Sloppy “anonymization” can be effectively as bad as no anonymization at all.

But the interested observer might wonder … where did these researchers get their search data in the first place?

It turns out that the main source of this data are the individuals or firms behind third-party browser extensions and apps, which provide or sell the user data that they collect to data brokers and to other entities.

And so we open up a very big can of worms.

The major browsers (e.g., Google’s Chrome) provide various means for users to install extensions and applications (also known as “add-ons” or “plugins” or “apps”) to extend browser functionalities. While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by such add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained.


Nisheeth Bhakuni