When extension developers want to make money from their popular extensions, they have only a few options to do so. They can ask for donations, offer a paid version, integrate a third-party monetization module in the app, or sell it to the highest bidder.
The last two options usually come with some form of user tracking that companies add to the extension to create profiles for use in advertisement or to sell the data to other companies.
Awesome Screenshot was a very popular Chrome extension. It had more than 1.3 million users and 45,000 ratings with the average rating five of five on the Chrome Web Store. The extension is no longer available at the time of writing.
It was a screenshot taking extension for Chrome that you could use to capture part of or all of a page, add annotations, blur sensitive information and upload or share the screenshot afterwards.
The company behind the product added a price comparison component to it which appeared to be the first attempt at monetization.
Afterwards, it added another monetization module to the extension. The whole thing came to light after a while. Here is how that happened:
When webmasters noticed hits to specific pages by bots, pages that bots normally don't access because they are not public and many require authentication to be accessed, they started to investigate the matter.
It turned out, that the Chrome extension Awesome Screenshot fed the bot, named niki-bot, urls taken from the user's browsing history.
A closer analysis by an affected user revealed that urls were sent over plaintext while others claimed that not only urls but also session data was captured by the extension.
If you check the description of the extension on the Chrome Web Store, you will notice the following update if you scroll down.
The problem here is that most users may not see the update as it is not displayed above the fold. If you don't scroll down to read all of the description, you won't notice this at all.
In addition, there is no warning while you are installing the extension or an option to disable the feature.
Other Collected Information
When users access the software, certain non-personally and personally identifiable information (the "User Information") may be collected, stored and used for business and marketing purposes, such as maintaining and improving the Services, conducting research, and monetization. This User Information includes, without limitation: IP address, unique identifier number, operating system, browser information, URLs visited, data from URLs loaded and pages viewed, search queries entered, social connections, profile properties, contact details, usage data, and other behavioral, software and hardware information. If you access the Services from a mobile or other device, we may collect a unique device identifier assigned to that device or other information for that device in order to serve content to it. This collected data may also be supplemented with information obtained from third parties or submitted by users.
It is highly recommended to uninstall Awesome Screenshot, at least for the time being until the situation is sorted out. In the meantime, check out the following alternatives instead which offer a similar feature set.
Alternative screenshot extensions for Chrome
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.