Update: The developers have added an option to the extension to disable the tracking. You find it on the options page when you click on "show Advanced Option". Here you can disable Enable non-personal,anonymous usage statistics to do so.
When extension developers want to make money from their popular extensions, they have only a few options to do so. They can ask for donations, offer a paid version, integrate a third-party monetization module in the app, or sell it to the highest bidder.
The last two options usually come with some form of user tracking that companies add to the extension to create profiles for use in advertisement or to sell the data to other companies.
Awesome Screenshot is a very popular Chrome extension. It has more than 1.3 million users and 45,000 ratings with the average rating being five of five stars.
It is a screenshot taking extension for Chrome that you can use to take part of or all of a page, add annotations, blur sensitive information and upload or share the screenshot afterwards.
Lately, the company behind the product has added a price comparison component to it which it removed shortly thereafter again.
Afterwards, it seems that another monetization module has been integrated into the extension. But lets start at the beginning.
When webmasters noticed hits to specific pages by bots, pages that bots normally don't access because they are not public and many require authentication to be accessed, they started to investigate the matter.
It turned out, that the Chrome extension Awesome Screenshot fed the bot, named niki-bot, urls taken from the user's browsing history.
A closer analysis by an affected user revealed that urls were sent over plaintext while others claimed that not only urls but also session data was captured by the extension.
If you check the description of the extension on the Chrome Web Store, you will notice the following update if you scroll down.
The problem here is that most users may not see the update as it is not displayed above the fold. If you don't scroll down to read all of the description, you won't notice this at all.
In addition, there is no warning while you are installing the extension or an option to disable the feature.
Other Collected Information
When users access the software, certain non-personally and personally identifiable information (the "User Information") may be collected, stored and used for business and marketing purposes, such as maintaining and improving the Services, conducting research, and monetization. This User Information includes, without limitation: IP address, unique identifier number, operating system, browser information, URLs visited, data from URLs loaded and pages viewed, search queries entered, social connections, profile properties, contact details, usage data, and other behavioral, software and hardware information. If you access the Services from a mobile or other device, we may collect a unique device identifier assigned to that device or other information for that device in order to serve content to it. This collected data may also be supplemented with information obtained from third parties or submitted by users.
It is highly recommended to uninstall Awesome Screenshot, at least for the time being until the situation is sorted out. In the meantime, check out the following alternatives instead which offer a similar feature set.
Alternative screenshot extensions for Chrome