Video: A family of malicious extensions takes over Chrome Web Store.
Google and Mozilla have ejected the popular Stylish extension from their respective catalogs following a complaint that it collects data about website visits in a way that could be used to identify users.
The browser extension, which has about two million users, became a hit because it lets users put their own overlay on websites and hide features they don't want to see.
Software engineer Robert Heaton detailed the extension's demise from what he describes as a useful tool he'd used for several years to the privacy threat it is today.
In a blogpost[1] he argues that the "Stylish browser extension steals all your internet history" and collects enough information to identify individuals from historical web usage.
The data collection has been ongoing since January 2017[2] when its owner, who inherited Stylish in late 2016[3], sold the extension to Israel-based web-analytics firm, SimilarWeb, and rolled out a new privacy policy.
Some users weren't happy because the free app with no strings attached would collect data about their web usage, albeit anonymized.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)[4][5]
SimilarWeb's current policy outlines[6] that the extension collects HTTP requests, URLs used, anonymized IP addresses, and a range of search-engine data, including keywords, results, links, and ads displayed.
SimilarWeb says, "We are not aware of and cannot determine the identity of the users from whom the non-personal information is collected."
But, according to Heaton, that's wrong because the extension sends users' complete browsing history, along