Google has recently removed two ad blocker extensions from the Chrome Web Store.
Both extensions had tens of thousands of installs and were pulled off due to concerns over data collection.
Let’s see what really happened.
Adblockers with malicious intentions
In the past few years, adblocking software has become a staple in our daily online browsing.
Plenty of websites now rely on ads for funding, free apps allow them for revenue, video content creators depend on monetization, and social media platforms are also plastered with commercials.
It can be a nuisance, and targeted advertisement makes the whole thing even creepier.
This was the perfect storm for adblockers. But not all of them are created equally, and malicious parties were quick to ride this popularity wave.
Most ad blockers primarily target pop-ups and banner ads. But to do this, the app needs user permission to read and change data on browsers. However, this process can also be hijacked to reroute data or even record it.
And this is why Google stepped in.
Nano Adblocker and Nano Defender
Nano Adblocker and Nano Defender are the two extensions Google took down.
When they were pulled off the Chrome Store, Nano Adblocker had over 50,000 installs, while Nano Defender ranked in more than 200,000 installs.
They both had been around for more than a year. But their data gathering habits were not a thing from the very beginning.
In October 2020, an announcement on GitHub stated that a team of Turkish developers bought the extensions.
Shortly after, they added data collection code snippets. The change didn’t go unnoticed.
The extension is now designed to lookup [sic] specific information from your outgoing network requests according to an externally configurable heuristics and send it to https://def.dev-nano.com.Raymond Hill, author of uBlock Origin ad blocker
The malicious collected a lot of user data, including:
- IP addresses
- OS details
- Website URLs
- Timestamps for web requests
- HTTP methods used (POST, GET, HEAD, etc.)
- Size of HTTP responses
- HTTP status codes
- Time spent on each web page
- Other URLs clicked on a web page.
As you can imagine, adblockers need none of these details to work correctly.
This whole situation didn’t stop at data mining.
Extension users noticed they were automatically giving likes to Instagram posts, and their user accounts were randomly accessed. This led to speculation that the adblockers were abusing authentication cookies.
This was enough to catch Google’s eye. They forbid such extensive data collection for apps in the Chrome Web Store, so they took down the adblockers.
The Nano extension had about 100,000 users, but it’s unclear how many were impacted.
Stay safe from invasive data collection
This was the tale of two trusted extensions that became the very thing they were supposed to prevent.
In all seriousness, this incident is just the latest example of someone acquiring an established product and later using it to pry on the large user base already acquired.
It’s hard to prevent this, and it’s quite a challenge for regular users to figure out that something has drastically changed.
The best thing you can do now, aside from deleting the Nano extensions, is to try and routinely review the software you most frequently use.
Reading privacy policies is also a good idea, even if it’s hardly fun. That’s how you can get relevant information and what the developers are doing to protect (or intrude on) your privacy.
What’s more, here are 10 things you can do to stay safe online.
Until next time, stay safe and secure!