Amazon is the latest company to come under fire for misusing its browser extension bar, with security researcher Krzysztof Kotowicz accusing the company of invading privacy via its 1Button extension for Chrome. The blogger, in a post entitled Jealous of PRISM? Use "Amazon 1 Button" Chrome extension to sniff all HTTPS websites …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 15th July 2013 02:11 GMT Anonymous Coward

Why do people install these things?

Seriously - I don't understand what motivates people to install these things.

Hell, I deny Amazon the right to set cookies or run Javascript until such time as I choose to make a purchase, then enable cookies and Javascript from Amazon only for the duration of the transaction, and then disable it when I am done. I know that any site I go to that has an Amazon ad can leak information to Amazon should I allow JS and cookies from Amazon normally.

10 0
1. Monday 15th July 2013 03:54 GMT Anonymous Coward
  
  Re: Why do people install these things?
  
  @DDH - There's probably no specific motivation. More like a lack of awareness and understanding.
  
  They're presented to punters in a nice friendly way leaning heavily on brand-awareness and the convenience.
  
  We all trade security for convenience on some level, otherwise we'd never use the internet at all. There's a number of measures I know I should take but frankly, I simply can't be arsed so I accept the risks.
  
  The average punter cares even less than I do.
  
  2 0
  1. Monday 15th July 2013 08:31 GMT VinceH
    
    Re: Why do people install these things?
    
    "@DDH - There's probably no specific motivation. More like a lack of awareness and understanding.
    
    They're presented to punters in a nice friendly way leaning heavily on brand-awareness and the convenience."
    
    I think in some cases they are offered as part of something else, so there's a tick box to clear if you don't want it, and the average punter seems to be incapable of reading things like that, let alone deciding to remove the tick.
    
    I've been asked to look at people's browsers on countless occasions because "it's slow" and/or "it doesn't show a lot of the page" and the reason "it's slow" and/or "it doesn't show a lot of the page" is because so much real estate in the window is taken up with stupid extension bars.
    
    I used to ask why they installed the bars, but the most common response was "I didn't know I had - it just appeared one day," so now I don't bother asking.
    
    1 0
    1. Tuesday 16th July 2013 15:31 GMT Fatman
      
      Re: Why do people install these things?
      
      I've been asked to look at people's browsers on countless occasions because "it's slow" and/or "it doesn't show a lot of the page" and the reason "it's slow" and/or "it doesn't show a lot of the page" is because so much real estate in the window is taken up with stupid extension bars.
      
      Do you mean like this?
      
      http://www.woosk.com/2008/08/friends-dont-let-friends-use-ie.html
      
      0 0
  2. Monday 15th July 2013 20:35 GMT Anonymous Coward
    
    Re: Why do people install these things?
    
    Yep, it's a trade-off that I am *explicitly* giving permission to do. I'm a manic control-freak on my systems, and any external system I get my grubbies on. IOW a bastard engineer from hell :). Farther down, someone points out that users are trained to implicitly give permission when they just click through all the pup-up requesters/windows. And that's where the whole thing is wrong.
    
    For instance, I spent most of a day uninstalling "trial" internet security packages off one system. It wasn't hard since I was doing other stuff, but four of these were installed, all live-scanning, and it'd take hours just to get to the desktop. After I zeroed them and installed a real, licensed, security package, I went through and updated all the software. There were a hell of a lot of them that wanted to put all those packages back on, and the user would likely click on through.
    
    Can't fault the users. And it ain't all to blame on the browser developers. Conditioning at its worst.
    
    0 0
2. Monday 15th July 2013 04:11 GMT Steve Knox
  
  Re: Why do people install these things?
  
  More to the point, why do browser publishers continue to allow these abortions to exist at all?
  
  "Browser extension bar" == GIANT SECURITY HOLE.
  
  7 0
  1. Monday 15th July 2013 09:57 GMT Destroy All Monsters
    
    Re: Why do people install these things?
    
    More to the point, what does Amazon think it is doing?
    
    Report back to Alexa or anywhere else? WHY!
    
    This should cost at least a 20000 grand of fine.
    
    3 0
  2. Monday 15th July 2013 12:28 GMT h3
    
    Re: Why do people install these things?
    
    The Oracle Java updater installing the Ask toolbar is worse at least this you need to manually install. (Even more annoying is it doesn't even try to install the toolbar on server based os's).
    
    0 0
3. Monday 15th July 2013 05:41 GMT Anonymous Coward
  
  Finally
  
  A story like this that isn't about Android!
  
  2 1
4. Monday 15th July 2013 10:31 GMT Nameless Faceless Computer User
  
  Re: Why do people install these things?
  
  +1
  
  Shopping toolbars are notorious for snooping and often buggy.
  
  0 0
Monday 15th July 2013 04:09 GMT Anonymous Coward

Offer it free and say it can save time or has a useful feature or two...

...there's always someone who will fall for it.

0 0
Monday 15th July 2013 07:13 GMT Anonymous Coward

Facebook buttons

Not on the same scale but more pervasive, most, if not all facebook links report your browsing back to face book " by the url they send, Just in case you want to like the page" I assume.

Redirect facebook somewhere else and create a browsing history from failed like button lookups.

If you don't have a facebook account when did you give them permission to watch your browsing?

3 0
Monday 15th July 2013 10:19 GMT Anonymous Coward

Deir Sir/ Madum,

I work fore Prince Bukshop IV of Nigeria. He is lucking for kind person like yuo to recieve wonderfuel gift. It is amazin offer. Pleeze find attached a wonderfuel button fore youre web browser. Install an it will safe you much time.

Best wishes,

Amazon.ng

2 0
Monday 15th July 2013 17:49 GMT Jamie Jones

This part is meaningless:

http://www amazon.com/gp/bit/toolbar/3.0/toolbar/httpsdatalist.dat

http://www.amazon.com/gp/bit/toolbar/3.0/toolbar/search_conf.js

“Yes. The configuration for reporting extremely private data is sent over plaintext HTTP. WTF, Amazon?”

They are common data files, accessible to anyone anyway. The only downside to not using https is that it is more susceptible to MITM modifications, not that a sniffer could read them.

1 0