I meant to publish a rant about Google and Chrome Web Store for a while now, and now it is out: https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
This details many of Google’s shortcoming at keeping Chrome Web Store safe, with the conclusion: “for the end users the result is a huge (and rather dangerous) mess.”
I am explaining how Google handled (or rather didn’t handle for most part) my recent reports. How they make reporting problematic extensions extremely hard and then keep reporters in the dark about the state of these reports. How Google repeatedly chose to ignore their own policies and allowed shady, spammy and sometimes outright malicious extensions to prevail.
There is some text here on the completely meaningless “Featured” badge that is more likely to be awarded to malicious extensions than to legitimate ones. And how user reviews aren’t allowing informed decisions either because Google will allow even the most obvious fakes to remain.
I’ve also decided to publish a guest post by a researcher who wanted to remain anonymous: https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
This post provides more details on BIScience Ltd., another company selling browsing data of extension users. @tuckner and I wrote a bit about that one recently, but this has been going on since at least 2019 apparently. Google allows it as long as extension authors claim (not very convincingly) that this data collection is necessary for the extension’s functionality. It’s not that Google doesn’t have policies that would prohibit it, yet Google chooses not to enforce those.
[#]google #cws #ChromeExtensions #privacy #ChromeWebStore
=> More informations about this toot | More toots from WPalant@infosec.exchange
@WPalant @tuckner that's kinda years late but very welcome entry in the long list of Google's "plausible deniability" strategy to consolidate control.
=> More informations about this toot | More toots from unexpectedteapot@social.linux.pizza
@unexpectedteapot As I say in the article, “the best time to do this was a decade ago. The second best time is right now” 🤷♂️
=> More informations about this toot | More toots from WPalant@infosec.exchange
@WPalant @tuckner Unfortunately stuff like this is all over the place and is only going to get worse right now. :-/
=> More informations about this toot | More toots from gudenau@fosstodon.org
@WPalant has anyone from the Chrome team reached out to you after this post? If not, I'd love to make some introductions
I worked on Chrome's extensions team for a few years and I always appreciated your posts. TBH during my time there I assumed you had a contact on the Trust & Safety team that worked on CWS
=> More informations about this toot | More toots from dotproto@toot.cafe
@WPalant On a related note, I'm currently working as a developer relations engineer on Firefox Add-ons. Consider my door open to chat about Firefox, AMO, or WebExtensions in general
For work purposes you can reach me at first initial, last name @ mozilla.com. I also have open office hours you can book: under the "Firefox for Android office hours" section on https://extensionworkshop.com/community/ you can click the "Book a session" to view the booking UI
=> More informations about this toot | More toots from dotproto@toot.cafe
@dotproto Yes, somebody from the Chrome team did reach out to me. Have yet to see how much this is worth.
As to Mozilla, I still know lots of people there should I need it – no issue here.
=> More informations about this toot | More toots from WPalant@infosec.exchange This content has been proxied by September (3851b).Proxy Information
text/gemini