Michael Horowitz
Home => NBC News promotes a web browser extension that can spy on you
[Formatted for Printing] From the personal web site of  Michael Horowitz

Many organizations promote the Honey browser extension that can spy on you

The issue of promoting browser extensions that can read and update every web page, keeps getting worse. When this blog started, it focused solely on NBC news. But, it keeps expanding...

UPDATE: December 12, 2017.

Protecting Your Data When Using Browser Extensions a Tech Tip in the New York Times by J. D. Biersdorfer

- - - - - - - - - - - - - - - - - - -
UPDATE: November 29, 2017.

The Mozilla blog is promoting extensions to make online shopping better with Firefox.
Tackle Black Friday Shopping with the Help of Firefox Add-Ons November 20, 2017
Basically, this blog boils down to: it's all good. Save money. No privacy issues here.
READ AND UPDATE EVERY VISITED WEB PAGE? Nothing to see here, move along.

Here is what is says about Honey: "Coupon cutting never went out of style, it just went online! Honey is a very popular Firefox add-on that scours the internet for coupons relevant to the products you're shopping for. Searches coupons for over 100 stores in the US, UK and Canada"

And here is the "it's all good" intro to the piece: From ad blockers to password managers to smarter shopper applications, Firefox Add-ons really can add a lot of functionality to your web browser. They are very easy to install. And since more shopping happens online every year, it's super handy to have help finding the best deals and making it through Black Friday, Cyber Monday, and the entire rest of year with great gifts and more money in your pocket.

Then, after recommending some extensions, the blog ends with more "it's all good" verbiage promoting extensions: And if you haven't used add-ons much in the past, give them a try. Beyond just shopping, add-ons are one of the great ways to unlock more power in Firefox. And when it comes to getting all that shopping done, more power to you means more time to enjoy and less to stress! Firefox is fast for good, after all.

And, Honey, which is a featured extension, is not the only recommended one with super powers. Amazon Assistant for Firefox not only want to "Access your data for all websites" but all wants to "Read and modify bookmarks" and "Monitor extension usage and manage themes. YIKES! In the past, Firefox was promoted based on privacy. Clearly, those days are over. Now, like routers, it is marketed based on speed.



- - - - - - - - - - - - - - - - - - -
UPDATES: November 27, 2017.

To see the installed extensions in both Chrome and Opera, type the URL below in the address bar
   chrome://extensions
To see the installed extensions in Firefox, type the URL below in the address bar
   about:addons

CNET also promoted the Honey browser extension with no mention of privacy dangers.
Use Honey to save money on Amazon purchases by Rick Broida June 22, 2016
Quoting: Honey is a popular tool that can automatically dig up and apply coupon codes for thousands of online stores ... Honey is available for all major browsers (except Edge and Internet Explorer), and there's no charge to use it. Even if it saves you only a few bucks here and there, it does so quickly and easily. Seems like a no-brainer add-on to me!

How the mighty have fallen. Consumer Reports also endorses the Honey extension without mentioning the potential security issues.
Consumer Reports: Online shopping strategies to save money November 27, 2017
Quoting: Another free browser extension, Honey, sweetens your discount at checkout, automatically. "As long as you're shopping at one of the participating stores, Honey goes out and Honey finds discount codes for you and enters them automatically, when you check out," said Consumer Reports Money Editor Nikhil Hutheesing.

Original Story

NBC News promotes the Honey browser extension that can spy on you

November 26, 2017

Don't take computer advice from a business person, any more that you would take business advice from a computer nerd.

I mention this because of a report on NBC news tonight. The report was a seasonally mandatory one about shopping and retailing. It ended with Jo Ling Kent, an NBC Business correspondent, offering money saving tips from un-named "experts." One of her tips was to install the Honey web browser extension.

What is Honey? According to the people that wrote it, "Honey is a service that makes it ridiculously easy to save money and time. Honey automatically finds coupon codes for the site you're shopping at and applies them to your order when you check out, saving you money and coupon searching time."

This blog exists as a warning that the Honey browser extension can spy on every web page you see. And, secure (HTTPS) websites do not protect you from spying by web browser extensions. I am not claiming that it does spy on you. But it can.

Before installing Honey in Google's Chrome browser, you are warned (below) that it can "Read and change all your data on the websites you visit." By "data", Google means the entire web page.


Before installing Honey in Firefox, you are warned that Honey requires permission to "Access your data for all websites" and "Store unlimited amount of client-side data."


Opera also warns about Honey, saying "This extension can access your data on all websites."


There was no warning from Ms. Kent however. She said: "You might want to install an internet extension, on your internet browser, something like Honey. It can actually scour the internet for you to make sure you've got those coupons [un-intelligible] you might not even know about right now."

Again, don't let the term "data" in the above warnings fool you. If you do on-line banking, the makers of the Honey extension can, in theory, see how much money you have in the bank. No hacking needed, they were given permission when the browser extension was installed.

What are they doing? If you are willing to take total strangers at their word these days, then review their Terms of Use and their Privacy Policy. Think "total strangers" was harsh? Nowhere on the JoinHoney.com site do the developers of the Honey extension say who they are.

And, even if they are not doing any data collection other than what they claim today, their policy may change in the future. Or, the extension might be sold to someone else in the future. It has happened before. Heck, if I ran a spy agency, I would make them an offer they can't refuse. For a spy agency, a browser extension would be a perfect cover. Carte Blanche to spy on folks.

I have written about web browser extensions that can (not saying they are) spy on you before. See President Bannon Chrome Extension is a security problem, not a joke (February 2017) and Spyware on a Chromebook (January 2017).

For whatever reason, business people are more prone to offering computer advice than us nerds are to offering business advice.

- - - - - - - - - - - - - - - - - -
Note: All the browser screen shots were taken on Windows 7. The Firefox screen shot is from the just-released version 57.

 

 

 @defensivecomput TOP Home => NBC News promotes a web browser extension that can spy on you   
 michael--at--michaelhorowitz.com   Last Updated: December 12, 2017 4 PM  
  License Plate
Copyright 2001-2017
Copyright 2001-2017  
Printed at:   December 18, 2017 9:23am   ET
Viewed 489 times since November 26, 2017 (23/day over 21 days)