| Page 1 of 1 |
Invasor
Moderator
Posts: 7638
Location: On the road
|
 Posted: Sun, 19th Jan 2014 16:17 Post subject: Adware vendors buy Chrome Extensions to send ad- and malware |
|
 |
| Quote: | Once in control, they can silently push new ad-filled "updates" to those users.
One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome's extensions, which are updated by the extension owners. This means that it's up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.
To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension.
We ought to clarify here that Google isn't explicitly responsible for such unwanted adware, but vendors are exploiting Google's extension system to create a subpar—and possibly dangerous—browsing experience. Ars has contacted Google for comment, but we haven't heard back yet. We'll update this article if we do. |
|
|
| Back to top |
|
|
RatKing
Posts: 1212
Location: Nondescript cave in the land of the polar bears, Finland
|
| Posted: Sun, 19th Jan 2014 16:20 Post subject: |
|
|
Sticking to Firefox, thank you very much.
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 16:26 Post subject: |
|
|
Anyone who uses any kind of automatic update is a noob and deserves to get some ads in his face.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 16:32 Post subject: |
|
|
Any way to perhaps block these?
Without the obvious of turning off auto-updates.
|
|
| Back to top |
|
|
Invasor
Moderator
Posts: 7638
Location: On the road
|
| Posted: Sun, 19th Jan 2014 16:38 Post subject: |
|
|
I'm guessing the extensions in question would have to be removed, as the new ad/malware would be part of their code...
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 16:40 Post subject: |
|
|
| Invasor wrote: | | I'm guessing the extensions in question would have to be removed, as the new ad/malware would be part of their code... |
Is there a list of these extensions?  |
|
| Back to top |
|
|
Przepraszam
VIP Member
Posts: 14496
Location: Poland. New York.
|
| Posted: Sun, 19th Jan 2014 16:43 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 16:53 Post subject: |
|
|
Thanks, just removed hola. 
|
|
| Back to top |
|
|
Invasor
Moderator
Posts: 7638
Location: On the road
|
| Posted: Sun, 19th Jan 2014 16:54 Post subject: |
|
|
| Przepraszam wrote: | http://www.reddit.com/r/technology/comments/1vir7a/chrome_extensions_are_being_bought_out_by_malware/
Here are some popular extensions that did this? |
Thanks!
I was wondering though, if firefox extensions are not subjected to the same risk?
I'm using one of the extensions from the list on firefox (hola unblocker), but never noticed anything unusual...
|
|
| Back to top |
|
|
Przepraszam
VIP Member
Posts: 14496
Location: Poland. New York.
|
| Posted: Sun, 19th Jan 2014 16:57 Post subject: |
|
|
I did too, and HoverZoom. Replaced them with Imagus and ZenMate.
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 16:57 Post subject: |
|
|
Maybe Firefox's AMO process is different ? Do they validate each addon version/update ?
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 18:54 Post subject: |
|
|
| Invasor wrote: | | Przepraszam wrote: | http://www.reddit.com/r/technology/comments/1vir7a/chrome_extensions_are_being_bought_out_by_malware/
Here are some popular extensions that did this? |
Thanks!
I was wondering though, if firefox extensions are not subjected to the same risk?
I'm using one of the extensions from the list on firefox (hola unblocker), but never noticed anything unusual... |
Apparently Mozilla reviews them but found this article about Autocopy for FireFox which gives more insight on how ad companies are getting their crap into the Addon repository.
http://www.ghacks.net/2013/01/13/how-companies-take-advantage-of-mozillas-addon-repository/
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 20:38 Post subject: |
|
|
i was approached twice to sell my (now outdated) chrome plugin which had over 180,000 users
it was tempting but i knew it was going to be used for something like this
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 19th Jan 2014 21:43 Post subject: |
|
|
| RatKing wrote: | | Sticking to Firefox, thank you very much. |
same will happen for firefox's addons... the important message however is; START USING FREE OPENSOURCE SOFTWARE
some examples for firefox addons (never use chrome myself):
- do NOT use Ghostery but Disconnect
- do NOT use Adblock Plus but Adblock Edge
- ...
|
|
| Back to top |
|
|
RatKing
Posts: 1212
Location: Nondescript cave in the land of the polar bears, Finland
|
| Posted: Sun, 19th Jan 2014 22:48 Post subject: |
|
|
| skx7 wrote: | - do NOT use Ghostery but Disconnect
- do NOT use Adblock Plus but Adblock Edge |
You have my curiosity. Why is that?
Got both of 'em. |
|
| Back to top |
|
|
|
|
| Posted: Mon, 20th Jan 2014 08:46 Post subject: |
|
|
disconnect is opensource variant of ghostery which is closed source (we do not know what ghostery is doing besides showing nice notifications)
https://disconnect.me/
https://github.com/disconnectme
adblock edge is also opensource and does not accept money to allow certain ads to be shown like adblock plus is doing
https://bitbucket.org/adstomper/adblockedge/
try both and delete asap the others... closed source proprietary software cannot be trusted anymore, especially when its made available for free (gratis). only gratis software respecting our right is FOSS these days
|
|
| Back to top |
|
|
RatKing
Posts: 1212
Location: Nondescript cave in the land of the polar bears, Finland
|
| Posted: Mon, 20th Jan 2014 10:11 Post subject: |
|
|
Have to admit on my shame I never bothered to think that much on this subject. Cheers, mate.
Removed the aforementioned addons and replaced them with Edge and Disconnect.
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 20th Jan 2014 10:42 Post subject: |
|
|
Now I feel daft but how do I install the extension (adblock edge) into chrome?
Do I just drop the files into the library or somehow add them through chrome?
|
|
| Back to top |
|
|
RatKing
Posts: 1212
Location: Nondescript cave in the land of the polar bears, Finland
|
| Posted: Mon, 20th Jan 2014 10:52 Post subject: |
|
|
*cough use cough Firefox*
| RatKing wrote: | | Edge and Disconnect. |
Seem to be working fine. Edge's actually not interfering with a few of my favorite sites as much as AB+ did.
|
|
| Back to top |
|
|
Invasor
Moderator
Posts: 7638
Location: On the road
|
| Posted: Mon, 20th Jan 2014 21:48 Post subject: |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Mon, 20th Jan 2014 23:01 Post subject: |
|
|
| Quote: | | http://blogs.wsj.com/digits/2014/01/19/google-removes-two-chrome-extensions-amid-ad-uproar/ |
| Quote: | The practice likely isn’t limited to Google’s Chrome browser. A year ago, Martin Brinkmann, writing on Ghacks.net, pointed to an extension for the Firefox browser called “Autocopy” that had been purchased by Wips.com. Brinkmann said the company then added software that tracked users’ browsing habits.
Wips didn’t respond to an email seeking comment. Mozilla, which operates the Firefox browser, didn’t immediately comment on how code may be added to extensions in Firefox. |
Does that make any sense ? The author wants to know how code can be added to an extension ?
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
