Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Tracker-ish URLs found from "Awesome Screenshot" source code
https://chrome.google.com/webstore/detail/awesome-screenshot-captur/alelhddbbhepgpmgidjdcjakblofbmce
How many trackers does a single Chrome extension need?
Seven.
https://ssl.google-analytics.com/ (manifest.json, javascripts/cga.js)
https://cdn.extensionanalytics.com/ (manifest.json, javascripts/feedback.js)
https://pixel.getpaidfordata.com/ (manifest.json, background.html)
https://tags.crwdcntrl.net/ (manifest.json)
https://s.sitebeacon.co/ (javascripts/CDBC/CDBC.js)
https://collector.dataferb.com/ (javascript/DCM/cr-dcm-client.js)
http://lb.crdui.com/, http://t.crdui.com/ (javascripts/Tr/tr.js)
Probably wouldn't even have noticed if that last one wasn't sending my browsing history over the internet /in plain text/.

fuzaylov commented Jun 9, 2014

Thank you for posting this, I was wondering what collector.dataferb.com is. I was able to confirm it is initiated by chrome extension awesomescreenshot. As soon as I uninstalled it, requests to this domain have stopped.

Using Skitch, which is also a Chrome screenshot extension, I noticed frequent connexion requests to this domain. I'm keen to get some more info about it.

This helped me too. Thanks!

(I would not have noticed if not for the Chrome extension "Postman Intercepter")

mig5 commented Aug 10, 2014

It gets worse than that.

Some servers I manage were getting crawlers hitting urls with user-agent 'niki-bot'. The URLs were not publically accessible URLs - they were URLs of internal or administrative backend pages of various apps (such as Jenkins configuration URLs, which require staff authentication).

The nature of the URLs allowed us to pinpoint that they were all URLs visited by a specific user in the organisation. That user had installed this chrome extension 'awesomeschreesnot'.

In other words: not only is the extension tracking you, but they, or the advertisers they are selling the data to, return to conduct reconnaissance of all websites you visit, for who knows what purpose.

See another report of this by someone else: https://groups.google.com/forum/#!msg/google-appengine/jEihs3D7Gig/eM9xuJLfnRgJ

Thanks! If I had not read the reviews @chrome Web Store I might have installed "Awsome Screenshot App"- I have also sent a notification form through the webstore, since I find such app behaviour unacceptable.

Also seems to happen with the "Webpage Screenshot" extension.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment