Data leak warning issued to millions of Google Chrome and Firefox users

Geoffrey A. Fowler for The Washington Post:

I’ve watched you check in for a flight and seen your doctor refilling a prescription.

I’ve peeked inside corporate networks at reports on faulty rockets. If I wanted, I could’ve even opened a tax return you only shared with your accountant.

I found your data because it’s for sale online. Even more terrifying: It’s happening because of software you probably installed yourself.

My latest investigation into the secret life of our data is not a fire drill. Working with an independent security researcher, I found as many as 4 million people have been leaking personal and corporate secrets through Chrome and Firefox. Even a colleague in The Washington Post’s newsroom got caught up. When we told browser makers Google and Mozilla, they shut these leaks immediately — but we probably identified only a fraction of the problem.

The root of this privacy train wreck is browser extensions. Also known as add-ons and plug-ins, they’re little programs used by nearly half of all desktop Web surfers to make browsing better, such as finding coupons or remembering passwords. People install them assuming that any software offered in a store run by Chrome or Firefox has got to be legit.

Not. At. All.

North Carolina State University researchers recently tested how many of the 180,000 available Chrome extensions leak privacy-sensitive data. They found 3,800 such extensions — and the 10 most popular alone have more than 60 million users.

MacDailyNews Take: Once again, hopefully we’ll get to some real protection for U.S. consumers via comprehensive federal privacy legislation. Users should be asked for their consent upfront and have the ability delete their data at any time.

People who value privacy and security use Apple products.MacDailyNews, September 12, 2015

The more people are educated about unchecked data collection and the more who value their privacy, the better Apple’s sales will be. Today, it’s literally Apple against the world.MacDailyNews, July 14, 2017

[Attribution: Forbes. Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]


  1. How thoroughly does Apple vet the Safari Extensions on the App Store? What data are these extensions collecting and what is the company doing with that data? How secure is the extension? Does it open up security holes (intentionally or unintentionally)?

    On a different note, has anyone thoroughly assessed the performance and effectiveness of the different classes of Safari Extensions – ad blockers, etc.? Should I pay $3.99 for product A or $1.99 for product B or choose product C, which is free?

    One thing is certain – Apple has built its future around iCloud and the company must place top priority on keeping that data safe. A company culture that emphasizes consumer data privacy is only effective when it protects the repositories of that data. Perhaps the choice to outsource cloud services to other companies was unwise…

  2. Shithead Congress already set the Opt Out precedent with robocalls and phone marketers. It was via bribes AKA donations of course. No more Opt In. I don’t know which party controlled Comgress then but both need a constant infusion of corporate bribes to finance their campaigns. It should not be so. It should be illegal across the board.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.