I meant to publish a rant about Google and Chrome Web Store for a while now, and now it is out: https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
This details many of Google’s shortcoming at keeping Chrome Web Store safe, with the conclusion: “for the end users the result is a huge (and rather dangerous) mess.”
I am explaining how Google handled (or rather didn’t handle for most part) my recent reports. How they make reporting problematic extensions extremely hard and then keep reporters in the dark about the state of these reports. How Google repeatedly chose to ignore their own policies and allowed shady, spammy and sometimes outright malicious extensions to prevail.
There is some text here on the completely meaningless “Featured” badge that is more likely to be awarded to malicious extensions than to legitimate ones. And how user reviews aren’t allowing informed decisions either because Google will allow even the most obvious fakes to remain.
I’ve also decided to publish a guest post by a researcher who wanted to remain anonymous: https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
This post provides more details on BIScience Ltd., another company selling browsing data of extension users. @tuckner and I wrote a bit about that one recently, but this has been going on since at least 2019 apparently. Google allows it as long as extension authors claim (not very convincingly) that this data collection is necessary for the extension’s functionality. It’s not that Google doesn’t have policies that would prohibit it, yet Google chooses not to enforce those.
[#]google #cws #ChromeExtensions #privacy #ChromeWebStore
=> More informations about this toot | View the thread | More toots from WPalant@infosec.exchange
=> View tuckner@infosec.exchange profile
=> View google tag | View cws tag | View chromeextensions tag | View privacy tag | View chromewebstore tag This content has been proxied by September (3851b).Proxy Information
text/gemini