I thought it couldn’t happen to me, that I would never see myself as a victim.

So the latest sleazy way to grind out a few dimes on the web is to browse the Chrome Web Store and contact the developers of apps with a lot of installs to offer them a deal, I imagine in bitcoin, for control and ownership of their app, after which they turn that app effectively into adware and spyware, with updates getting pushed out to all users.

And, to my chagrin, an irksome number of developers of rather popular extensions are taking the money or surreptitiously adding the likes of tracking of all sites you visit. Kind of like most Greasemonkey scripts, except hosted on Google’s store where you’d hope there’d be some kind of lid on this behavior.

I came across some Reddit thread, a running tally of such extensions, and noticed that at least one of the extension I have had installed for ages, Youtube Ratings Preview, had been spotted tracking searches after being granted permission to “all website data.” About 140K active users and a five star extension (140K is a lot), a helpful thing to the reputation of a budding developer, an odd thing to throw away for what many would perceive as betrayal. Not to mention Chrome’s reputation.

I checked my menu and saw that Chrome had apparently disabled the extension, waiting for me to approve new permissions for the extension – yeah, no thanks chief. But here, enjoy a screenshot of your work when it had five stars:


The moral of the story is, at least until Google can sort this mess out in a manner that restores user confidence, you may want to uninstall your Chrome extensions, at least those that aren’t fairly important to you, and consider not using any extensions (even with refuge from Chrome’s sandboxing), or Firefox add-ons for that matter and whatever Safari and IE might have, on machines you don’t only use exclusively for casual purposes.


Doug Simmons

Previous articleDebate: Olympics Already a Failure
Next articleT4NG0 D0WN R3P0RT
Biographical info.. hmm. I have a history of not being able to strike the balance between what is "safe" to put into these forms and what is, in my mind at least, funny. Can't do it.


  1. What’s also interesting (to me) is that this fear has created a market for anti-extension-malware extensions which I suspect are equally, if not more, likely than any other extension to contain such crap.

    At least there’s one line of defense, Google, with them pulling some extensions from the store and not updating extensions that ask for more permissions without your permission, but people are in the habit of just clicking Yes to anything without considering the potential ramifications. But Google’s gonna have to do better than that to restore my confidence.

    A major chilling effect in extension use.

  2. At the top of the post you called yourself a victim.
    Then you said you expected Google to keep a lid on bad behavior.
    Near the end you said Chrome had disabled the extension.
    How are you a victim? Sounds like Google kept a lid on the problem.
    Seems like needless Google bashing to me.

Comments are closed.