MY KOLKATA EDUGRAPH
ADVERTISEMENT
Regular-article-logo Thursday, 21 November 2024

Beware of free software

It is hard to believe that the software that tailor Chrome to your preferences (a.k.a. extensions) may be up to mischief

Surit Doss Published 05.07.20, 04:33 PM
Avast’s tracked data consisted of the device ID; the date, hour, minute and second

Avast’s tracked data consisted of the device ID; the date, hour, minute and second iStock

In January, the tech world was shaken by a major confidentiality breach when Avast was caught selling click information to third parties. Avast Online Security, rated as one of the better antivirus extensions, warned instantly if a page you were visiting is fake. However, Avast was collecting much more personal data than necessary, which put users at risk. The data was collected through its free Chrome browser extensions.

Avast’s tracked data consisted of the device ID; the date, hour, minute and second; the domain visited, and the details of the product bought. By itself it is anonymous. But companies that buy the data can compare it with their own click log of website activity and suddenly it is not anonymous anymore. Avast has since limited the data they collect.
It is hard to believe that the software that tailor Chrome to your preferences (a.k.a. extensions) may be up to mischief. Built on web technologies such as JavaScript, HTML and CSS, they track your online activity and harvest your data.

Data extensions collect

ADVERTISEMENT

The kind of data these extensions collect, and its sheer volume, is staggering. They collect usernames, passwords, credit card information, gender, personal interests, GPS location, tax returns, travel itineraries, genealogy and even genetic profiles. At your workplace, they could also collect data on your company, API keys and other data. They are then sold to companies which specialise in data analytics.

Extensions to uninstal

There are several Chrome extensions that you should uninstal immediately. These include Hola Free VPN Proxy Unblocker which unblocks websites blocked in your country, Hola Ad Remover that blocks annoying ads, malware and tracking, and Hola video accelerator. Though Hola offers useful services, it acts as a peer-to-peer proxy network, borrowing another user’s connection. It is also used as a giant botnet that uses some of your bandwidth and can be used to launch DDoS attacks on major websites.

FindMeFreebies sounds as though it will help you find free tools online but it just hijacks your homepage to show you ads and is potentially dangerous. Fair ShareUnlock, SpeakIt and Super Zoom are other extensions you should uninstal.

Free is not trustworthy

You may not know whether an extension is untrustworthy but go by the thumb rule — “there’s no such thing as a free lunch”. Anything that is free is dicey. This holds true for all “free” VPN extensions. They are providing a useful service so why should it be free? If you do not pay with money, you pay with your privacy. Likewise, all antivirus software monitor your web traffic. That is their job. There is no need to instal the free extensions. All of them are gathering your information for nefarious reasons. This “free” comes at the cost of your data.
Extensions need not start out to be untrustworthy. They may be perfectly safe to begin with, but later turn rogue if the extension is sold to an unscrupulous company and users do not get to know anything about it. “Hover Zoom” started off as an innocuous tool for enlarging images when the mouse hovered over them. But it was bought by a malicious company that turned this extension to spyware that tracks and sells your browsing data.

Check Chrome extensions

How do you check your extensions? Open Chrome. At the top right, click on the three dots. Click on More tools-Extensions. When your extensions are displayed, make your changes. Turn off all the extensions that are not essential. On any extension, you still want to use, click on “Details” and turn on “allow in incognito” mode. To ensure your peace of mind while using extensions, use CRXcavator (https://crxcavator.io), a web tool from the security firm Duo Labs. Type the name of the extension you want to check into CRXcavator’s search bar. You will get a detailed report as well as a security score.

Browser may be infected

In addition to tracking your data, your Chrome browser may be infected by a virus. To check, open Chrome and enter chrome://settings/cleanup in the address bar. Hit enter and the tool will be launched. Click on the “Find” button and the scanner will run.

On a Mac type chrome://settings. Under “Safety check” click on Check now.

Follow us on:
ADVERTISEMENT
ADVERTISEMENT