安全研究员发现某些Chrome扩展,如HoverZoom,收集用户的浏览历史和URL,甚至可能泄露敏感信息。这些数据被一家名为NachoAnalytics的公司用于潜在的广告目的。尽管此类行为不违法,但它揭示了用户对浏览器扩展隐私政策的忽视和扩展可能带来的隐私风险。谷歌已开始调查并移除了部分违规扩展。
chrome浏览器导出扩展
A security researcher revealed that some Google Chrome extensions, like HoverZoom, collected your browsing history, and in some cases, even embedded URLs. Then the extensions published them for a fee through a company called Nacho Analytics, potentially revealing personal data.
安全研究人员透露,某些Google Chrome扩展程序(例如HoverZoom)收集了您的浏览历史记录,在某些情况下甚至收集了嵌入式URL。 然后,这些扩展程序通过一家名为Nacho Analytics的公司收费发布,可能会泄露个人数据。
Sam Jadali, a security researcher and founder of Internet hosting service Host Duplex, noticed something surprising. A company called Nacho Analytics had published a series of links that listed one of his client domains. Those URLs let to private forum conversations, and only the senders and recipients should have those links and the necessary credentials to access the discussions.
安全研究人员和Internet托管服务Host Duplex的创始人Sam Jadali注意到了一些令人惊讶的事情。 一家名为Nacho Analytics的公司发布了一系列链接,列出了他的客户域之一。 这些URL允许进入私人论坛对话,只有发件人和收件人才应具有那些链接和必要的凭据才能访问讨论。
When he investigated how Nacho Analytics acquired the URL he discovered the culprit was the very extensions users were installing on their browsers. Extensions like HoverZoom, which expands images, requires access to the full webpage you browse to accomplish its function. But buried in its privacy policy is the statement that it can and will collect your browsing data and share it with 3rd parties for advertising purposes. Jadali discovered several other extensions with similar access and privacy policies.
当他调查Nacho Analytics如何获取URL时,他发现了罪魁祸首是用户在其浏览器上安装的扩展程序。 像HoverZoom这样的扩展程序可以扩展图像,需要访问您浏览的完整网页才能完成其功能。 但是,其隐私政策中隐含了一项声明,该声明可以并且将收集您的浏览数据并出于广告目的与第三者共享。 Jadali发现了其他几个具有类似访问和隐私策略的扩展。
Many (if not most) people don’t read privacy policies at all, so they not be aware of the extent to which a browser extension can track them. While mere browsing history might not seem like a major privacy violation at first blush, some URLs lead to private and personal information without the need to input a password.
许多(如果不是大多数)人根本不阅读隐私政策,因此他们不知道浏览器扩展可以跟踪这些隐私政策的程度。 乍一看,虽然浏览历史记录似乎并不像是对隐私的重大侵犯,但是某些URL不需要输入密码即可导致私人和个人信息。
When Jadali investigated further, he found Nacho Analytics published links to home and business surveillance videos from Nest and other security camera providers; tax returns and business documents hosted on OneDrive, Intuit, and other online services; Facebook messenger attachments and private Facebook photos; and other private data.
当Jadali进行进一步调查时,他发现Nacho Analytics发布了指向Nest和其他安全摄像头提供商的家庭和企业监控视频的链接。 在OneDrive,Intuit和其他在线服务上托管的纳税申报表和商业文件; Facebook Messenger附件和私人Facebook照片; 和其他私人数据。
For its part, Nacho Analytics stresses that collecting and publishing this data isn’t illegal, which is true. The company also downplayed the severity of the problem. The CEO of the company, Mike Roberts, told Ars Technica
就Nacho Analytics而言,它强调收集和发布此数据并非非法,这是事实。 该公司还淡化了问题的严重性。 该公司的首席执行官Mike Roberts告诉Ars Technica
Those pages are available. It’s just that you didn’t know how to discover them. This is just something that you’re now able to see that you weren’t able to see before. But we’re not creating a loophole. There’s no backdoor or anything. We’re just showing links that you didn’t know about before and maybe weren’t indexed, but they do exist…
这些页面可用。 只是您不知道如何发现它们。 这只是您现在可以看到的内容,而您以前看不到。 但是我们并不是在制造漏洞。 没有后门之类的东西。 我们只是在显示您以前不知道并且可能未编入索引的链接,但是它们确实存在……
Google is investigating and already removed some offending extensions. But this extensive report does illustrate that you should look at extensions closely when installing them. And that includes what data you’re giving access to and what the privacy policies say the extension can do with that data. [Ars Technica]
Google正在调查中,并且已经删除了一些令人讨厌的扩展程序。 但是这份详尽的报告确实说明,在安装扩展程序时,您应该仔细查看它们。 其中包括您要访问的数据以及隐私策略说扩展名可以使用该数据。 [ Ars Technica ]
在其他新闻中: (In Other News:)
Vienna’s Driverless Bus parked after hitting someone: In Vienna, Austria a self-driving bus trial is on hold after the bus collided with a pedestrian. The bus was traveling 7.5 miles per hour, and just clipped the person, so everyone is okay. But Navya, the startup behind the bus, wants to investigate thoroughly for the safety of everyone. Self-driving is hard. [The Verge]
维也纳的无人驾驶公交车在撞到某人后就停了下来:在奥地利维也纳,公交车与行人相撞后,自动驾驶公交车试验被暂停。 公共汽车每小时以7.5英里的速度行驶,并夹住了那个人,所以每个人都还好。 但公车背后的初创公司Navya希望对所有人的安全进行彻底调查。 自动驾驶很难。 [边缘]
Southwest Airlines gave free Nintendo Switches to passengers: A Nintendo Rep had a surprise for passengers on a Southwest Airlines flight to San Diego. Free Switches (with Maro Maker 2) for everyone. Bonus points if they yelled, “And you get a Switch, and you get a Switch…” [Digital Trends]
西南航空向乘客免费提供了任天堂转机服务:任天堂代表对西南航空公司飞往圣地亚哥的航班的乘客感到惊讶。 每个人都可以免费使用开关(使用Maro Maker 2)。 如果他们大喊大叫,“您将获得转换,而您将获得转换……” [数字趋势]
Plants vs Zombies 3 is in development: Six years after Plants vs. Zombies 2 dropped, a new sequel is in development. Better yet, you can try an early pre-alpha now on Android. But spots are limited so jump in now if you want to play. [Engadget]
《植物大战僵尸3》正在开发中:《植物大战僵尸2》掉落六年后,一个新的续集正在开发中。 更好的是,您现在可以在Android上尝试早期的pre-alpha 。 但是景点有限,所以如果您想玩的话,现在就加入吧。 [ Engadget ]
Google Stadia Controller won’t support Bluetooth headphones to start: Anyone hoping to game quietly on Google’s Stadia service will have to use wired headphones. Director of Andrey Doronichev, Product for Stadia, explained in an AMA that the controller wouldn’t support Bluetooth audio on day one. An update down the road will add the feature. Until then, at least it has a headphone jack. [9to5Google]
Google Stadia Controller不支持启动蓝牙耳机:希望在Google Stadia服务上安静地玩游戏的任何人都必须使用有线耳机。 Stadia产品的Andrey Doronichev主管在AMA中解释说,该控制器在第一天就不支持蓝牙音频。 后续更新将添加该功能。 在那之前,至少它有一个耳机插Kong。 [ 9to5Google ]
Dolphins aren’t like golf balls after all. You may have always known that, but scientists long theorized that dolphin skin was a lot like the dimpled texture of a golf ball. That texture helps a golf ball fly farther through the air by reducing drag.
海豚毕竟不像高尔夫球。 您可能一直都知道这一点,但是科学家长期以来就认为海豚的皮肤很像高尔夫球的凹陷纹理。 这种质地通过减少阻力帮助高尔夫球在空中飞得更远。
Scientists believed dolphin skin had similar ridges, leading to their great speed in the water, and previous tests seemed to support the thought. Unfortunately, those tests were flawed, and newer better techniques have shown dolphins have very smooth skin. Which is exciting because now we can examine new theories for how dolphins move through the water so quickly and perhaps find practical applications with that knowledge. [Phys.org]
科学家认为,海豚皮具有类似的脊,导致它们在水中的移动速度非常快,以前的测试似乎支持了这种想法。 不幸的是,这些测试是有缺陷的,新的更好的技术已经表明海豚的皮肤非常光滑。 令人兴奋的是,因为现在我们可以研究海豚如何如此Swift地在水中运动的新理论,并也许可以利用这些知识找到实际的应用。 [ Phys.org ]
chrome浏览器导出扩展
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
