Skip to content
This repository has been archived by the owner. It is now read-only.

Privacy issue with mixpanel #101

Closed
super-kamil opened this issue Feb 6, 2018 · 13 comments
Closed

Privacy issue with mixpanel #101

super-kamil opened this issue Feb 6, 2018 · 13 comments

Comments

@super-kamil
Copy link

@super-kamil super-kamil commented Feb 6, 2018

image

Even with disabled option to send tracking data the mixpanel script is injected! This is not acceptable.

@mischkl

This comment has been minimized.

Copy link

@mischkl mischkl commented Feb 6, 2018

Same problem here.

@wrakky

This comment has been minimized.

Copy link
Owner

@wrakky wrakky commented Feb 6, 2018

I no longer have control over the distributed version of the extension through the Chrome Store so this is not something I can address I'm afraid. Whatever "mixpanel" is was not something that was included in the codebase when I was in control of it and all the extension used to do was send usage statistics of different features to Google Analytics (which the disabled tracking feature respected) so the new owner must have added this feature.

@siddarthvader

This comment has been minimized.

Copy link

@siddarthvader siddarthvader commented Feb 6, 2018

+1
facing this issue, had to uninstall all extensions in order to find out, is this burglary?

Mixpanel (an analytics service) was inadvertently collecting user passwords for months.l

@wrakky

This comment has been minimized.

Copy link
Owner

@wrakky wrakky commented Feb 6, 2018

No not burglary. It's been 3 years since I've had a chance to work on it so I passed it onto someone else who must have made these changes.

The original codebase is still available on the original_source_code branch so you can build it from there if you want to.

@shivanshu3

This comment has been minimized.

Copy link

@shivanshu3 shivanshu3 commented Feb 6, 2018

This is what was injected. Some of it looks kind of sketch. I have uninstalled it.
https://gist.github.com/shivanshu3/45817d2354e41ca858c915b556a7174a

@vteremasov

This comment has been minimized.

Copy link

@vteremasov vteremasov commented Feb 6, 2018

I reported abuse. It looks like a malware.

@Esteban-Rocha

This comment has been minimized.

Copy link

@Esteban-Rocha Esteban-Rocha commented Feb 6, 2018

@wrakky You should pass along the information of the new maintainer so the community can address this privacy issue directly, this behavior it's unacceptable.

@Esteban-Rocha

This comment has been minimized.

Copy link

@Esteban-Rocha Esteban-Rocha commented Feb 6, 2018

https://twitter.com/random_walker/status/960536723095719937

@wrakky You stated an update it's coming, just an easy and quick question then, ¿are you going to make the source code for it open source? I cannot trust anything that comes from you unfortunately as facts speak for themselves, I'm not a chrome js ext developer but hell I rather build a fork from this, too sad this was an incredible web developer tool but it's clear to me what the motivations behind this are.

@mildfuzz

This comment has been minimized.

Copy link

@mildfuzz mildfuzz commented Feb 6, 2018

unacceptable for a thing you didn't pay for to do a thing you're not happy with?

@wrakky

This comment has been minimized.

Copy link
Owner

@wrakky wrakky commented Feb 6, 2018

Ok clearly this isn't great and not what I wanted at all.

The new owner is currently replying to negative reviews on the extension page claiming that an option to disable the mixpanel stuff is coming soon - whether you want to believe him or not is up to you. He is also different to the person I passed the account onto as well so I don't know who he is.

The code was licensed under MIT and is fully open source and available, like I said above, on the [original_source_code)(https://github.com/wrakky/page-ruler/tree/original_source_code). If anyone wants to fork it they are free to do so and run that locally or even publish a new version themselves in the extension store.

There isn't anything else I can do about this unfortunately.

@Esteban-Rocha

This comment has been minimized.

Copy link

@Esteban-Rocha Esteban-Rocha commented Feb 6, 2018

It's clear to me that they selled it to someone related to mixpanel, that "Since at least March 2017, they've been (unintentionally) harvesting user passwords." it's just crap, they are not retarded to not know what they do.

At the very least you should make clear that your not longer the maintainer because you selled it or whatever, in the chrome store the support panel and the website goes all way back to you, so you better make "Frank" or the person in charge update that info as you are clearly not the person responsible for this, and you cannot do anything here to address this issue.

Thanks again for the info on the source code, I'll fork it and make a malware clean version of it, per se the tool it's quite handy so I'll try to publish a clean one and open source the code here on github

@wrakky

This comment has been minimized.

Copy link
Owner

@wrakky wrakky commented Feb 6, 2018

Let me know if you do publish a new version and I'll link to it from here.

@wrakky

This comment has been minimized.

Copy link
Owner

@wrakky wrakky commented Feb 7, 2018

@Esteban-Rocha I'm going to archive this project because people don't read things. Tag me in your repo if you publish a new version and I'll update the details here.

@wrakky wrakky closed this Feb 7, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
You can’t perform that action at this time.