You probably knew there was something behind the browser extensions you use to add features to Chrome and Firefox, right? I mean, nobody really offers anything for free on the internet, there is always a charge. Well, you were right, and it's probably higher than you thought.
A New Survey Report from Washington Post Geoffrey Fowler, who previously shared how iPhone leaks personal information while sleeping, now details how the extensions you add to your browser not only capture an extraordinary amount of your personal information, but sell it online as market research.
Fowler says he reported the results of his research with an external security firm to both Google and Mozilla, the manufacturers of the affected browsers, and both immediately disabled the suspected plug-ins. Nevertheless, according to the report, as many as four million people's browsing history was available online as a result of these extensions alone.
More personal information than you might think.
You may think that browsing history alone is not as bad as having your personal credit card or bank information exposed, but for a moment see that the URL of the sites you visit often contains much more information than you might think.
Fowler, according to Fowler, could actually see medical information containing names of patients, doctors, and prescriptions. They also had access to flight verification numbers, cloud-based documents stored in Microsoft's OneDrive, and even some more sensitive work projects that employers probably aren't interested in having in the open.
There is a lot of personal information for a browser extension that is probably designed to make it easier to zoom in on images, as one of the examples called HooverZoom claimed its purpose.
Fowler worked with a researcher named Sam Jadali, which the report says identified six plugins that collect user data and then sell that information online. The six were called Hover Zoom, SuperZoom, SpeakIt !, SaveFrom.net Helper, FairShare Unlock and PanelMeasurement.
If you installed any of them, there is nothing to do now about the abusive extensions, they are already disabled by Google and Mozilla.
But what about your information? There is another question entirely. Unfortunately, the answer is not good news.
There are several bad news.
In addition to the six extensions, another report in the report said researchers from North Carolina State University found that as many as 60 million people are using browser extensions as leaking data. They may not be as genuine as selling your web history online, but they collect personal information, often without transparent information about exactly what they do.
This type of leakage of personal information is why Google says it changes the way extensions work in Chrome, so developers can't access your web traffic. Although fair, it is worth pointing out that Chrome still has access to that information, and Google certainly uses it for its own purposes.
What are you doing now?
The most obvious step to take is to make sure that if you add any kind of browser plugin or extension it is from a developer that you consider reliable. So, even when that is the case, see exactly what you accept when it comes to accessing your information. If a browser claims it needs access to view or change the weblog, it is probably best to remove it unless there is a good reason otherwise.
And if you've used extensions that sell your information, the bad news is that there's probably not much you can do about it. Most of the time, it is difficult to find out exactly where it went, and even if you do, you have enough agreement that someone has given them access. The very reason for considering this is a very difficult lesson in how the Internet works.
Digital marketers continue to look for new ways to identify and target relevant ads, and some of them are less than transparent about how they do what your job should be informed and vigilant. After all, if you don't want to protect your personal information, you can't count on your technology if you want.
The views expressed here by the Inc.com column are their own, not those of Inc.com.