Firefox 's popular add - on 'Stylish' secretly collected user' s Internet history

by Christoph Scholz

" Stylish " which is an add-on function of Firefox is an extension function which can change the site design freely by using CSS even if it is not a site operated by himself, and it is becoming popular as an extension function to make daily browsing comfortable It was. However, it turned out that it was collecting the user's Internet history behind it, and it evolved into the situation that it is deleted from the add-on list of Firefox.

"Stylish" browser extension steals all your internet history | Robert Heaton
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/

Popular Firefox extension "Stylish" blocked by policy violation, collected all browsing history - Foreign windows
https://forest.watch.impress.co.jp/docs/news/1131143.html

One day security expert Robert Heaton noticed the suspicious behavior of Stylish and investigated what it is doing. As a result, Stylish collected all browsing data, it turned out that it was transmitting to the company database.

In January 2017, Stylish was sold to Israel's site analysis company SimilarWeb , and as a new terms of use at that time, "Stylish collects only non-personal data for the purpose of improving the function" The word wording was added. However, according to Mr. Heaton, what Stylish collected and sent to SimilarWeb includes not only non-personal data but also information such as a URL with a token that can log in to a registered web site and information such as browser cookie It seemed to have been.

URLs with tokens and very long special URLs are assumed to be accessible only to people who know the URL, but once the URLs themselves are collected as data, anyone can retrieve it from the URL It will become accessible to the secret site. Mr. Heaton alarms that the likelihood that data collected in SimilarWeb will leak to the outside due to security lacking is not zero even if SimilarWeb does not sell personal identifiable data.

by Drunk Photographer

After Heaton accused Stylish 's data collection, Firefox announced that he added Stylish to the block list. From now on, you can not add Stylish as an add-on from Firefox, users currently adding Stylish will automatically disable Stylish and will not be available.