• Home
  • About
  • Privates
  • Protection
  • Contact
Menu

Private Parts

Street Address
City, State, Zip
Phone Number

Your Custom Text Here

Private Parts

  • Home
  • About
  • Privates
  • Protection
  • Contact

Stay Skeptical with Browser Addons: A YouTube Blocker Example

October 4, 2018 Kiera Fightley
Image rendered from NoScript Icon, an adblocker for Mozilla-based browsers.

Image rendered from NoScript Icon, an adblocker for Mozilla-based browsers.

Addons, programs, and extensions for your browser can help you and still secretly steal more data than you realize. Sometimes, addons you trust upon first download can start stealing your private parts after an update. Here’s an example of a suspicious browser addon you might think would help you, but is still stealing your data after a recent update.

Mozilla Addon“YouTube Blocker” Steals Browsing Data

Upon using this YouTube blocker, you may think by its high rating that you are preventing yourself from incessant advertisements for YouTube videos. This is not always the case, unfortunately.

For example, the addon YouTube Adblock had…

  • 20k+ downloads over a span of three months

  • A ~5-star review rating with 42 reviews

  • Google’s TOS listed for YouTube

  • A clause that “No cookies or personal data is transmitted or saved.”

Do you think this is worth downloading?

tuadb.PNG

When this ad blocker updated in early October, new code was added that steals additional web traffic and sends it back to the author for analysis via vk-analytics[.]com.

You might not be able to read code, but any untrained eye can identify the pieced together vk + analytics[.]com + /youtube clause. Below is a portion of the code located in the ytembed.js script within the addon itself.

This function did not appear before the early October 2018 update.

the code.PNG

The plot thickens: Vk-analytics might look like it’s hosted by vk[.]com, a large, Russian-based social media networking service. But vk-analytics is actually hosted by enom, a Washington state-based domain hosting service. Either way, this does not appear to be legitimate behavior for a simple YouTube ad blocker.

Key Tips for Vetting your Addons

  • Investigate the Author. Has the addon creator also designed older addons? Is this person or company well known and vetted?

  • Check how long the Addon has existed. Not always, but newer addons have a higher likelihood of being shady addons.

  • Check the “Permissions” Section. If you think an addon asks for too much information, or lists too many inappropriate addons, don’t install the app!

  • Don’t always trust reviews. The program above was highly reviewed - it held a ~5 star rating. Just because programs are rated highly does NOT mean they keep your data safe.

  • Use a Script Blocker in your browser. NoScript, UBlock, or other vetted script blockers can help catch rogue addons from doing bad things on your browser.


In Protection 101, Privacy 101 Tags youtube, youtube blockers, youtube blocker, addons, mozilla firefox, firefox addons, addon, add-ons, extensions, browser extensions, safe browsing, browsers, browser, informaiton security, infosec
← PRIVACY 101: Privacy Concepts PRIVACY 101: PASSWORDS →

Hide your privates.