Just When You Thought It Was Safe…

I subscribe to, and look forward to an afternoon reading of Stephen Downes’ OLDaily.  Somehow, he manages to dig into parts of the web that I don’t know exist and his thoughts are always insightful.  Recently, he had commented about Yahoo’s intention to no longer honour “Do Not Track”.

So what we have here is a group of companies (Google, Facebook, Yahoo) creating standards confusion, and then using standards confusion as a reason not to implement a customer-friendly feature. I personally disable tracking at the browser level with a Firefox extension (I know a lot of people use Chrome – but do you really think it’s wise to use a browser provided by an advertising company?) and specifically one called DoNotTrackMe (there may be better out there) such as TrackerBlock (which also blocks tracking) or TrackMeNot (which doesn’t block, but instead sends out false information).

I always wondered about the Do Not Track feature because it’s more of a request than an order – I smile when I think about how well the “Do Not Call” list works for telephone solicitation.  Basically, Stephen has taken the proactive approach and added an extension or add-on to his browser to take the matter into his own hands.

But, if we can’t trust the website on the other end to honour a request, can we trust an extension that already has access to your computer?

That’s where one of this morning’s reads made for some interesting pondering whilst dog walking.  “Why Browser Extensions Can Be Dangerous and How to Protect Yourself


I’ll admit to being as guilty as the next person when it comes to installing extensions.  I like that I can add more features to my browsing experience.  I like that I can have an extension generate really involved passwords and then store them for me.  I like that I’m just a click away from a feature I want.  I like the fact that, if I’m not thrilled with a particular feature or functionality, I can just go and grab another one.  I don’t like the fact that I’m not really good at deleting the ones that I don’t use regularly.

There was one part of the article that really got me thinking as the rain started and the dog and I got drenched.  There are companies that will buy the extension from the original author and then take a good working extension and inject some malware into it.  It’s not a big leap in logic to think that your personal information that’s already in the browser could be shuffled off to somewhere else or that you might end up with some unwanted advertising in your face.  It’s also not a big leap in logic in thinking that the author of an extension does it to show off her/his skills with the hopes that a big company decides to offer a job.

Now, I try to do due diligence when I install an extension.  I will look to see who the author or authoring company is.  I will pay attention to the permissions that it’s asking for although it would be easier if it said “I’m here to steal your identity” or “I collect passwords” or …

But, I did use the article as a wakeup call to review the extensions that I do have installed.

Fortunately, the extensions do have a link back to the author’s website for some additional reading.  I was actually kind of pleased to note that nothing appeared to be sketchy although I did see a few things that I installed at one point and just don’t use.  I deleted them.  That could turn out to be best in the long run.  There should be fewer resources needed to support an extension that’s not being used.

You know, there was a time where stories like this would make for a good spy movie.  Now, it’s our everyday reality.

Just remember – even paranoids have enemies.  Have your checked your extensions lately?

OTR Links 05/08/2014

Posted from Diigo. The rest of my favorite links are here.