HTTP
-
Blog
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
From the extensions Guo mentioned, SEMRush Rank and PI Rank transmit users’ full browsing domains in plaintext to rank.trellian.com, effectively exposing their web activity. MSN New Tab/Homepage sends a persistent Machine ID, OS version, and extension version using an unencrypted SendPingDetails request, data that can be used to track users across sessions. Additionally, DualSafe Password Manager, while not leaking passwords,…
Read More »