Spawn

Administrator
Verified
Staff member
+10,000,000 people believe they can can get something for nothing, i.e. cheap with absolutely no down side. :LOL::LOL::LOL:
I don't think people are that stupid.

Here's a non-technical review that was also a good read.

And this is good for security and privacy reasons. They know what they do
The help page mentions it's prone to false positives for legitimate extensions.

Safari has a strict policy, and occasionally the adblocker gets disabled.

Edit: Honey is also available in Microsoft Edge for Android.
 
Last edited:

Wladimir Palant

New Member
Note: I am the author of the article above.
Here's a non-technical review that was also a good read.

I’m sorry but that’s a tad too non-technical. ;)

In order to determine whether the extension is spyware they could have taken a look at its network traffic (very easy for browser extensions). But they didn’t even do that. Instead, they measured the activity of the extension, assuming that spying is a processor-intensive task. That logic is, quite frankly, bullshit.

Either way, the conclusion of my article reads:

In the end, I found that the Honey browser extension gives its server very far reaching privileges, but I did not find any evidence of these privileges being misused.
In other words, it appears to be neither a spyware nor a malware – yet. But it can turn into one at any time, without anybody noticing and without leaving traces. Whether intentional or not (I’m leaning towards the latter), this extension provides the perfect infrastructure for spying on the user and possibly doing considerable damage as well. The article is very long and technical, so just read the “Why you should care” section at the end.
 

Spawn

Administrator
Verified
Staff member
Note: I am the author of the article above.


I’m sorry but that’s a tad too non-technical. ;)

In order to determine whether the extension is spyware they could have taken a look at its network traffic (very easy for browser extensions). But they didn’t even do that. Instead, they measured the activity of the extension, assuming that spying is a processor-intensive task. That logic is, quite frankly, bullshit.

Either way, the conclusion of my article reads:


In other words, it appears to be neither a spyware nor a malware – yet. But it can turn into one at any time, without anybody noticing and without leaving traces. Whether intentional or not (I’m leaning towards the latter), this extension provides the perfect infrastructure for spying on the user and possibly doing considerable damage as well. The article is very long and technical, so just read the “Why you should care” section at the end.
I read the whole article and didn't find it too alarming, as stated "However, at least Honey is open about their policies."

Non-technical can be more useful to the average reader. (y) Thanks for the article.

Everything has potential to be exploited, just as many other tools on the Web. Most recently Google Firebase Cloud Messaging solution, and Nano Defender sold to a nefarious group / adware company.

In January, Amazon notified users of their online shopping site with the Honey extension installed as Malware — after the PayPal acquisition.


For those looking for trouble will find it, and it will be issue for most users who are looking to get away from prying eyes.

Off-topic: Missed your post, did you discover this thread via Google Alerts?
 

Wladimir Palant

New Member
Non-technical can be more useful to the average reader.
That’s true. But my blog obviously isn’t meant for the average reader but for those who are interested in the technical details. That’s especially people who want to look for security issues themselves or defend against attackers.
Everything has potential to be exploited,
That’s the same as saying “security doesn’t matter.” Which is obviously wrong – what kind of security choices you make matters a lot. There isn’t only “totally safe” and “p0wned” but a lot of shades of grey. Security is about managing risk, and Honey introduces lots of risk. That’s what the article is about.
 

Spawn

Administrator
Verified
Staff member
That’s true. But my blog obviously isn’t meant for the average reader but for those who are interested in the technical details. That’s especially people who want to look for security issues themselves or defend against attackers.

That’s the same as saying “security doesn’t matter.” Which is obviously wrong – what kind of security choices you make matters a lot. There isn’t only “totally safe” and “p0wned” but a lot of shades of grey. Security is about managing risk, and Honey introduces lots of risk. That’s what the article is about.
Good to know, and it's available for those interested.

I never said that, but it's your interpretation of what I wrote.