Announcement

Join us on Discord: https://discord.gg/nf43FxS
SuperJail Warden
Gone Forever
+450|2618
So got an alert that a Chrome extension was infected with malware. Had the extension for years and the security report put out by Avast says the thing was probably created in order to put push malware. People have been complaining about the thing screwing with their Google search results in order to push advertising links. I would have never noticed since I have an adblocker. So I changed the three email addresses I use and my online banking. I guess at this point my TD Ameritrade, 2 Credit Cards, and student loan provider are the only other things that need to get changed? Anything beyond that is superfluous? I check my credit constantly so no worries there. I can only hope that the person who created the extension was just interested in pushing ad links.
RTHKI
mmmf mmmf mmmf
+1,708|5636|Oxferd Ohire
I find it amusing it was a chrome extension that got you and not the game hacks you were so afraid of
https://i.imgur.com/tMvdWFG.png
SuperJail Warden
Gone Forever
+450|2618
Yup. From my recent research it seems bad Chrome extensions is a common problem.
unnamednewbie13
Moderator
+1,888|5670|USA

According to Statista, desktop Chrome 87 and 88 currently have like a combined 23% market share. Android Chrome 35%. Not a mystery why major browsers would be frequently, specifically targeted by malware.

Opera used to be my go-to alternative, but there's some stuff that doesn't look good these days.

Give Brave a look?
SuperJail Warden
Gone Forever
+450|2618
There is no excuse for Chrome extensions to be malware infected. People getting extensions through the Chrome store or whatever it is called should have confidence in the reliability and safety of the stuff.
RTHKI
mmmf mmmf mmmf
+1,708|5636|Oxferd Ohire
I was looking for a one time use extension. I forget what for. I do remember after trying it out realizing that it asked to redirect search and I absentmindedly gave it that.
https://i.imgur.com/tMvdWFG.png
unnamednewbie13
Moderator
+1,888|5670|USA

SuperJail Warden wrote:

There is no excuse for Chrome extensions to be malware infected. People getting extensions through the Chrome store or whatever it is called should have confidence in the reliability and safety of the stuff.
In a perfect world.

I've intercepted malware from ads in the past, which is why I no longer allow them at all. Extensions can certainly open you up:

The real problem with extensions is if they are given too much access to the websites you visit, they have the power to do just about anything. They can act as a key-logger to capture your passwords and banking details, place ads on websites you visit, reroute your search traffic elsewhere and track everything little thing you do while you are online.

Having access to this info puts you and your identity at risk and leaves you vulnerable to more serious attacks. Chrome extensions, for example, have been criticized for secretly collecting and selling users data to the highest and often most shady bidder. Google is doing all it can to put a stop to this, but it’s not enough.
Chrome has been under constant attack and scrutiny because of its popularity, but Firefox is at even greater risk. Why? Simply because Firefox operates without system permissions, which means every extension you install automatically has access to everything.

Microsoft Edge is another example of a browser that comes with a permission system for extensions, but many require access to everything in order to work properly. Even an extension that only needs access to one website can be dangerous as well. In the end, it’s all about gathering as much info about you as possible and passing it along later.
https://www.komando.com/tech-tips/every … ns/584432/

This is the kind of stuff I get to lecture old people in the business about sometimes. Once they get a modicum of know-how, that's when they're at their most dangerous.
SuperJail Warden
Gone Forever
+450|2618
I am not too worried about this anyway. I don't expect whoever set this thing up to have been planning widespread mortgage fraud or draining bank accounts. Those are actually pretty hard to do and very illegal. The extensions have been around for like half a decade redirecting searches and links. I am not sure if that is even illegal but probably isn't very much since the extensions got away with it for so long.
unnamednewbie13
Moderator
+1,888|5670|USA

The data collection is really the more ever-present concern, and enables some of the fraud.

The aforementioned old folks used to rely on me for pretty much all the computer questions and issues. Now, apparently I don't know what I'm talking about and they're going to smile and nod and do stuff anyway. Like run ccleaner every single time a website loads two seconds too slowly. Call up the ISP to chew them out because no internet (because a batteryless router didn't come back online after a power outage), nevermind the ISP tech support asking if there was a router between the modem and the network on our end. It's the ISP's fault. Install like 80 shady driver finders on a 20 year old laptop to get it working so they can hook it up to the network.

Or install browser extensions without asking or even reading about them.
SuperJail Warden
Gone Forever
+450|2618
The browser extension that was infected had 4 and half stars with over 200,000 reviews and 2 million users. It also did the job that it was marketed to do. I just didn't download something randomly.

https://chrome.google.com/webstore/deta … mpil?hl=en
unnamednewbie13
Moderator
+1,888|5670|USA

Yeah, don't go off of download count and average reviews from the extension page.

Privacy practices

The publisher has not provided any information about the collection or usage of your data
Permissions requirements for this from the firefox extension page:

Permissions
This add-on needs to:

Download files and read and modify the browser’s download history
Access browser tabs
Access your data for all websites
E: These alone aren't particularly useful (so many extensions nowadays have these permissions), but they're a catalyst for digging up info on it from tech, programming, and privacy sites.
SuperJail Warden
Gone Forever
+450|2618
It was literally the top search result in the Chrome app store for video downloader. I guess I could have done better research but I feel like Google is largely at fault for putting this forward as one of their top recommended extensions. And why the thing is even still available in their system is another big question.
unnamednewbie13
Moderator
+1,888|5670|USA

If it's any comfort, questionable extensions are the tip of the iceberg. Scathing, if colorful:

Slouching towards dystopia: the rise of surveillance capitalism and the death of privacy
https://www.newstatesman.com/2020/02/sl … th-privacy

We're already aware that Google itself is less than up front about stuff. Meanwhile people are worried about thermal cams and contact tracing to help fight coronavirus, as they argue about it on facebook on devices full of tracking malware and vacantly-accepted clickwrap.
RTHKI
mmmf mmmf mmmf
+1,708|5636|Oxferd Ohire
dont you know posting that legal thing on your fb prevents them from selling info/media
https://i.imgur.com/tMvdWFG.png
KEN-JENNINGS
I am all that is MOD!
+2,906|5531|949

i own a domain and i want to start using an email address associated with that domain. I did a quick google search but what i found wasn't very straightforward. Anyone know how to set this up?
SuperJail Warden
Gone Forever
+450|2618
I think you actually need ti buy a email service from the web host before you can start getting emails
KEN-JENNINGS
I am all that is MOD!
+2,906|5531|949

Yes, that's absolutely something I need to do, but not necessarily from the web host (as far as I know). But I can't find a straightforward answer on how to set that up.
unnamednewbie13
Moderator
+1,888|5670|USA

Steps can vary depending on who you're hosting with. At the very least if you're paying for a webhosting service that does email there should be a help link for that.
SuperJail Warden
Gone Forever
+450|2618
What company did you go with? SquareSpace? GoDaddy?
KEN-JENNINGS
I am all that is MOD!
+2,906|5531|949

I own domains through both, actually. This particular one is through GoDaddy. I was told by their customer support that I could use any email client, but when I went to add the option, it tells me I have to use o365. The marathon continues...
unnamednewbie13
Moderator
+1,888|5670|USA

Did you click through these? Might be in here somewhere.

https://www.godaddy.com/how-to/course/setting-up-email

Board footer

Privacy Policy - © 2021 Jeff Minard