Hoverzoom’s Malware controversy, and Imagus alternative

imagus hoverzoom alternative

Hoverzoom became a highly popular browser extension right after its creation. It displayed larger versions of images that you hovered over, so that you did not have to visit the linked websites to do so. As you can imagine, this saves a lot of time on sites such as Reddit or Imgur, where images get posted like crazy.

Back in March 2013 we noticed that Hoverzoom was running a script in the background that the company claimed was used to "detect unused domain names and submit the results back to the owners".

Some days ago, things got a lot crazier. A thread on Reddit claimed that Hoverzoom turned malware, as it was seemingly injecting "malware scripts" into every page visited in the Chrome browser.

The author of Hoverzoom responded to that claim on the official website where he stated the following:

This script is not malware.

Your personal data was not collected.

There is no need to change your passwords.

You can read the full response on the website. In regards to what is being collected he states, that form data is collected anonymously for marketing research purposes only.

A detailed analysis of the extension came to the following conclusion:

  1. Hoverzoom injects code unto some or all of the web pages you visit while the extension is running.
  2. Hoverzoom modifies "certain Amazon links" on all websites you visit, adding its own affiliate ID.
  3. The extension sends the browsing habits that it collects to a third party website (webovernet.com and jsl.blankbase.com)
  4. It sends domain misspellings to another third party website (advisormedia.cz).
  5. All monetization schemes are active by default.
  6. On December 17, version 4.27 was released which submits what you type into web forms to a third party website (qp.rhlp.co)
  7. On December 18, version 4.28 was released that removed the script again that was added on December 17.

Hoverzoom at the time of writing has been removed from the Google Chrome Web Store. According to information on the site, it was removed by the author and not by Google.

Alternative to Hoverzoom

If you used Hoverzoom until now, or want to use it but cannot because it has been removed from store, you may be interested in alternatives. One Hoverzoom alternative is Imagus.

The free extension for Google Chrome works identical in many regards. Once enabled, hover the mouse cursor over an image to display its larger version -- if available -- right on the screen without having to leave the page you are on.

The extension does not work on all sites, just like Hoverzoom. but it supports many. Especially image hosting websites, but also popular sites such as Facebook, Yahoo, Twitter, YouTube, IMDB or Flickr to name a few.

What is also interesting is that it adds lots of handy features and shortcuts to the whole process.

As far as zooming goes, you can modify the following features (among others):

  • Make the extension work only when you hold down a key, or disable it when you do so.
  • Preload images for faster access.
  • Mark zoomable images.
  • Use shortcuts such as Alt-Shift-D to suspend the extension for the domain for the session.
  • Define where the image pop-up is placed on the screen.

That's not all however. You can send any image you come across to the built-in gallery using the g shortcut. The gallery lets you browse all images that you have added to it which can be quite useful if you want to keep track of certain images that you like. All images added to the gallery contain a source link, and if available, a target link as well.

image-gallery

That is still not all though. You can flip, rotate and fit to height or width using shortcuts, send images to hosting services, or define viewer related features such as zooming with the mouse wheel, adding image borders or defining long press actions for the left or right mouse button (for instance to fit to screen).

Closing Words

The controversy surrounding Hoverzoom highlights the importance of monitoring installed browser extensions. Scripts like NoScript for Firefox make sure that connections cannot be made by extensions automatically, and it is highly suggested to use something similar for your browser to make sure that your information are not grabbed by installed extensions.

The whole incident had disastrous consequences for Hoverzoom. Not only did the extension receive hundreds of 1 star ratings on the Chrome Web Store, it was also removed from it by its author, likely to avoid further damage to the reputation of the extension.

Chrome users who are looking for an alternative should take a look at Imagus, as it is quite the fine piece of software.

facebooktwittergoogle_plusredditlinkedinmail


Filed under:

Responses to Hoverzoom’s Malware controversy, and Imagus alternative

  1. beemeup2 December 26, 2013 at 12:35 pm #

    Eh, Chrome. As a Firefox user I've been using the "Thumbnail Zoom Plus" addon for this type of thing, but have recently replaced it with the "Mouseover Popup Image Viewer" userscript as I find it even more intuitive to use. The script is also available for Chrome with Tampermonkey.

    Mouseover Popup Image Viewer: https://userscripts.org/scripts/show/109262
    Thumbnail Zoom Plus: https://addons.mozilla.org/en-US/firefox/addon/thumbnail-zoom-plus/

  2. Sharath December 26, 2013 at 12:51 pm #

    I was really getting used to HoverZoom. But what they did was unethical (if it is true, especially changing the URL to fit in your affiliate ID). Imagus does look like a good alternative but there is room for a lot of improvements!

  3. Rodalpho December 26, 2013 at 2:13 pm #

    Smoothgestures does the same stuff, tracking your activity and modifying webpages to inject its own ads. I (and many others) submitted complaints to Google, but the addon remains in the Chrome web store. Google basically doesn't police its addons at all. They do not care.

  4. Zack December 26, 2013 at 2:28 pm #

    Instead Hooverzoom, I use and recommend userscript http://userscripts.org/scripts/show/109262
    In chrome (with extension Tampermonkey) takes up much less memory.

    • beemeup2 December 27, 2013 at 8:07 am #

      Yeah, I mentioned the same script in my post. It's a great script.

  5. imu December 26, 2013 at 2:44 pm #

    "Hoverzoom at the time of writing has been removed from the Google Chrome Web Store. According to information on the site, it was removed by the author and not by Google."

    As far as extension doesn't inject ads to cover Google's ones that advertising company won't do anything about it and this is the reason -I bet- why they going to ban side loaded extensions any moment soon.
    In terms of spyware browser extensions are the best target ever - cross platform,hard to monitor, easy to install and effortless to use.

  6. Anonymous December 26, 2013 at 2:58 pm #

    Thank you for the information. It is a great source to keep oneself informed and up to date of the latest developments.

  7. ilev December 26, 2013 at 4:52 pm #

    Martin,
    Thanks for the info. Hover Zoom was one of my favorite extensions.

  8. Rick December 26, 2013 at 7:18 pm #

    Merry Xmas Martin,

    Of course this is not the first time an extension has gone rogue - and it doesn't matter how reputable or used one is, so don't feel "safe" if you're using a well-known extension. For example, and I had almost forgotten, but there was a time when Noscript was mysteriously connecting to unknown servers, and when you tried to block this access using Noscript .. well the extension just up and ignored its own code!

    I still don't use Noscript (preferring Yesscript instead).

    To really see what is going on without going through the script code, just monitor your network connections either through your router (if it has a network activity log), or using a software solution. If you see web addresses / sites that are unknown, do some investigating.

  9. Mountainking December 27, 2013 at 5:53 am #

    Excellent article.

  10. Rook December 27, 2013 at 7:04 pm #

    Thanks! I wasn't aware of the script injections!
    How do I change the language in Imgus? The options in my native language mean absolutely nothing to me, I want to get rid of the annoying animations.

  11. Noel January 20, 2014 at 2:14 pm #

    Did you notice, Imagus also asks to access all data and modify user history permission? Not too sure if thats safe either

  12. fillem January 22, 2014 at 11:10 am #

    Thank you for this information.
    Using Safari 6.1.1…installed Imagus but there are no preference options when selected….just opens a blank page.
    Hopefully development for Safari will be ongoing.
    Really need to get the word out to Safari users to uninstall Hoverzoom and for Apple to get it off their extensions page.

  13. David March 30, 2014 at 12:20 am #

    I tried Imagus extension and it didn't work reliably on Facebook (for example there was an album added with it's story on timeline and zoom only worked on the biggest image, not on lower 3). Also there was no option to turn off Animations, maybe setting delays to 0 would work, but it's bad UI for normal users to not have this option. I installed Hover Free and this works reliably so far on all the images.

Leave a Reply

Subscribe without commenting