Have you used or heard of ‘Stylish?’ According to Ars Technica, its an extension with over two million downloads worldwide, which “allowed users to customize the look and feel of websites in a variety of ways” such as “remov[ing] clutter [on] Facebook or Twitter news feeds, chang[ing] normal pictures to black-and-white manga images,” and so on. As the numbers would suggest, Stylish was very popular – but now it has been removed from Chrome, Mozilla Firefox, and Opera platforms.
These browsers removed Stylish as an extension because it was “caught tracking every website its users visited—and sending the data to a remote server” says Ars Technica. This was discovered by software engineer Robert Heaton, who explained that “the extension started sending users’ complete browsing activity back to its servers by default, along with a unique identifier that in many cases could be used to correlate email addresses or other Internet attributes belonging to those users.”
Heaton was able to make this discovery using a security-testing software called Burp Suite. He tested his own experience using Stylish, and found that Stylish was tracking data including “every URL he visited” and “the actual Google search results from his browser window.”
Stylish has allegedly been collecting this information from Chrome since January of 2017, and from Firefox users since March of 2017.
This story shows the risk we take when utilizing these helpful, free extensions. However, safe alternatives to risk add-ons do exist. For example, Heaton recommends Stylus as a safer alternative to Stylish.
Source: arstechnica.com – “Stylish” extension with 2M downloads banned for tracking ever site visit
Published: July 6, 2018