DataSpii a new privacy issue which puts millions of people browsing histories under risk. The term was coined and researched by security researcher Sam Jadali, he discovered eight such browser extensions that harvested over 4 million Firefox and Chrome users data.
The browser extensions collect sensitive data in real-time, that includes personally identifiable information (PII) and corporate information (CI). The data primarily impact Firefox and Chrome users because of eight invasive extensions.
These extensions collect the URLs, webpage titles, LAN IPs, hostnames, web server technology data and even embedded hyperlink in the web pages. Dan Goodin at Ars Technica reported that these collected data are published to fee-based service called Nacho Analytics.
Links Published into Nacho Analytics
The investigation started after Jadali found a set of links published into Nacho analytics that associated with one of his client domains and the links appeared to private conversations.
Jadali suspected that these links will be collected by some browser extensions, he analyzed more than 200 extensions including Hover Zoom, but none of the extension sends data to Nacho analytics.
Later he compared the Nacho Analytics timestamp with his server logs that monitor client domains, which indicates that two of three users having Hover Zoom extension added to the browser.
Extension Analysis & Data Collection Activity
Later Jadali setup an extension analysis lab with the clean OS, Burp Suite to analyze the web traffic and FoxyProxy that proxies Chrome requests to Burp Suite. “Also performed a quantitative text and source code analysis of each ex ..
Support the originator by clicking the read the rest link below.
