Terry Ganzi

Level 24
Security firm Detectify signed up for one of the third-party data services to find out what your browser is letting them harvest
By Brady Dale • 11/19/15 11:23am

Sundar Pichai, then senior vice president of Chrome, speaks at Google’s annual developer conference, Google I/O, in San Francisco on June 28, 2012. AFP PHOTO/Kimihiro Hoshino. (Photo: KIMIHIRO HOSHINO/AFP/Getty)

Swedish security firm Detectify, has found that even if users run popular tracking blockers such as Ghostery, their online behavior may still be tracked and watched by some Chrome extensions. To verify the vulnerability, the company first subscribed to a third party data service to see what they were collecting (and selling), and then it investigated how the extensions seemed to be getting around the tracking blockers.

The company has published its results in a blog post this morning. The post’s authors, Frans Rosén and Linus Särud, from the Detectify team, write:

Google, claiming that Chrome is the safest web browser out there, is actually making it very simple for extensions to hide how aggressively they are tracking their users. We have also discovered exactly how intrusive this sort of tracking actually is and how these tracking companies actually do a lot of things trying to hide it. Due to the fact that the gathering of data is made inside an extension, all other extensions created to prevent tracking (such as Ghostery) are completely bypassed.

Detectify was the company that warned Patreon about its security vulnerability before its recent breach. The Observer recently reported on the different privacy levels afforded by Firefox’s private mode over Chrome (though at the end of the post Detectify does not give Mozilla very high marks for its browser’s extension policy either).
Last edited by a moderator: