Skip to content

[Chrome] Hover Zoom tracks and sells sites you visit to SimilarWeb #1

Open
terracatta opened this Issue Jan 30, 2014 · 1 comment

2 participants

@terracatta

Extension Details

Browser - Google Chrome
ID - nonjdcjchghhkdoolnlbekcfllmednb
Link - https://chrome.google.com/webstore/detail/hover-zoom/nonjdcjchghhkdoolnlbekcfllmednbl?hl=en

Rational

According to this source Hover Zoom by default tracks your browsing usage and sends it base64 encoded in the clear you a collection server associated with a company called Similar Web.

From the linked article...

Once you’ve successfully decoded that text, you’ll see exactly what is going on. They are sending back the current page that you are visiting, along with the previous page, and a unique ID to identify you, and some other information. The very scary thing about this example is that I was on my banking site at the time, which is SSL encrypted using HTTPS. That’s right, these extensions are still tracking you on sites that should be encrypted.

s=1809&md=21&pid=mi8PjvHcZYtjxAJ&sess=23112540366128090&sub=chrome
&q=https%3A//secure.bankofamerica.com/login/sign-in/signOnScreen.go%3Fmsg%3DInvalidOnlineIdException%26request_locale%3Den-us%26lpOlbResetErrorCounter%3D0&hreferer=https%3A//secure.bankofamerica.com/login/sign-in/entry/signOn.go&prev=https%3A//secure.bankofamerica.com/login/sign-in/entry/signOn.go&tmv=4001.1&tmf=1&sr=https%3A//secure.bankofamerica.com/login/sign-in/signOn.go

You can drop api28.webovernet.com and the other site into your browser to see where they lead, but we’ll save you the suspense: they are actually redirects for the API for a company called Similar Web, which is one of many companies doing this kind of tracking, and selling the data so other companies can spy on what their competitors are doing.

Additional Sources

@jm
jm commented Feb 1, 2014

Yeah this is one of the most annoying and worst offenders. :+1: Will PR this one tomorrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.