Created
May 26, 2014 17:17
-
-
Save mvirkkunen/89f61a06819530e48b53 to your computer and use it in GitHub Desktop.
Tracker-ish URLs found from "Awesome Screenshot" source code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://chrome.google.com/webstore/detail/awesome-screenshot-captur/alelhddbbhepgpmgidjdcjakblofbmce | |
| How many trackers does a single Chrome extension need? | |
| Seven. | |
| https://ssl.google-analytics.com/ (manifest.json, javascripts/cga.js) | |
| https://cdn.extensionanalytics.com/ (manifest.json, javascripts/feedback.js) | |
| https://pixel.getpaidfordata.com/ (manifest.json, background.html) | |
| https://tags.crwdcntrl.net/ (manifest.json) | |
| https://s.sitebeacon.co/ (javascripts/CDBC/CDBC.js) | |
| https://collector.dataferb.com/ (javascript/DCM/cr-dcm-client.js) | |
| http://lb.crdui.com/, http://t.crdui.com/ (javascripts/Tr/tr.js) | |
| Probably wouldn't even have noticed if that last one wasn't sending my browsing history over the internet /in plain text/. |
Thanks! If I had not read the reviews @chrome Web Store I might have installed "Awsome Screenshot App"- I have also sent a notification form through the webstore, since I find such app behaviour unacceptable.
Also seems to happen with the "Webpage Screenshot" extension.
Is this still the case with the "relaunched" Awesome Screenshot (https://www.awesomescreenshot.com)?
https://chrome.google.com/webstore/detail/awesome-screenshot-screen/nlipoenfbbikpbjkfpfillcgkoblgpmj
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It gets worse than that.
Some servers I manage were getting crawlers hitting urls with user-agent 'niki-bot'. The URLs were not publically accessible URLs - they were URLs of internal or administrative backend pages of various apps (such as Jenkins configuration URLs, which require staff authentication).
The nature of the URLs allowed us to pinpoint that they were all URLs visited by a specific user in the organisation. That user had installed this chrome extension 'awesomeschreesnot'.
In other words: not only is the extension tracking you, but they, or the advertisers they are selling the data to, return to conduct reconnaissance of all websites you visit, for who knows what purpose.
See another report of this by someone else: https://groups.google.com/forum/#!msg/google-appengine/jEihs3D7Gig/eM9xuJLfnRgJ