There’s a story going around currently about a group of researchers who
claim to have de-anonymized a variety of browser users’ search data.
The fact that proper anonymization of data is a nontrivial task is quite well known. Sloppy “anonymization” can be effectively as bad as no anonymization at all.
But the interested observer might wonder … where did these researchers get their search data in the first place?
It turns out that the main source of this data are the individuals or firms behind third-party browser extensions and apps, which provide or sell the user data that they collect to data brokers and to other entities.
And so we open up a very big can of worms.
The major browsers (e.g., Google’s Chrome) provide various means for users to install extensions and applications (also known as “add-ons” or “plugins” or “apps”) to extend browser functionalities. While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by such add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained.
