It is time to get rid of Stylish - gHacks Tech News

It is time to get rid of Stylish

The Stylish add-on and the linked userstyles.org repository for website styles changed ownership twice in the past years. The original owner sold Stylish back in October 2016 and the new owners of Stylish sold it again to the current owner SimilarWeb.

Stylish is a handy extension that you can use to apply custom CSS to websites. You may use it to change colors, remove elements, or add elements to sites to adjust them to your liking. You can remove advertisement, the comment section on YouTube, or turn Google Search's white background into something more eye pleasing.

Stylish collecting browsing data

The switch to the new owner of Stylish had massive privacy implications. SimilarWeb is known for its analytics offerings and it appears that the company collects browsing data from Stylish.

stylish privacy opt-out

Users who install Stylish are automatically opted-in to sending anonymous data to Stylish. Stylish does include an option to opt-out of that in the extension options.

Back in 2017 we mentioned that it is unclear what data gets collected by the extension as it is not made clear in the privacy policy.

Robert Heaton analyzed Stylish's data collecting recently and discovered that the extension sends a user's complete browsing history back to Stylish servers. The data is linked to a unique identifier so that all of a user's browsing history can be linked together.

It is even worse for users who have an account on userstyles.org, a property owned by SimilarWeb, as Similarweb could link accounts to the browsing history.

Even if that is not the case, it is problematic even if SimilarWeb claims that it collects anonymized data only. One of the cases where this is problematic is when sites add information to the URL directly. Heaton mentions URLs that contain profile names, tokens, and URLs that use obscurity to protect data from third-parties.

Stylish makes a number of connections to api.userstyles.org whenever you connect to web resources. While you could think that this is done to return existing userstyles for these web resources, Stylish does transmit more information than it needs to for that functionality.

Heaton discovered that Stylish was transmitting obfuscated data to the userstyles address. He managed to decrypt it to find out that Stylish was submitting all browsing data to company servers. In other words, Stylish submits the full URL of any site you open in the browser the extension is installed in and Google search results as well.

SimilarWeb highlights what it collects in the extension's privacy policy:

From the Stylish desktop browser extension:

Standard web server log information (i.e., web request) as well as data sent in response to that request, such as URL used, Internet Protocol address (trimmed and hashed for anonymization), TabID, HTTP referrer, and user agent; and
Search engine results page data (keyword, order/index of results, links of results, title, description, and ads displayed).

From the Stylish mobile app:

Standard web server log information (i.e., web request) as well as data sent in response to that request, such as URL used, Internet Protocol address (trimmed and hashed for anonymization), HTTP referrer, and user agent;
Search engine results page data (keyword, order/index of results, links of results, title, description, and ads displayed);
Device ID (anonymized and/or de-identified using irreversible encryption and/or hashing);
Browser type, operating system and Mobile Network Code;
Device model name, device screen size and whether the device is rooted;
All web connections; and
Information regarding installed applications and their use (names, app IDs, versions of installed apps, installation and update dates, whether they are system apps, which apps are used, duration of use, whether the apps are on the home page);

If you use Stylish, at the very least disable the collecting of data in the extension settings.

Alternatives?

We reviewed Stylus in 2017 which is a fork of Stylish that does not include the analytics component. You can install the extension and use it to load userstyles.

You may also use Chrome's overrides tool to make permanent changes directly to websites.

Now You: do you use Stylish?

Summary
It is time to get rid of Stylish
Article Name
It is time to get rid of Stylish
Description
A new report suggests that the popular Stylish add-on for Google Chrome and Mozilla Firefox leaks all browsing data and more to the parent company.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Ban me said on July 3, 2018 at 1:00 pm
    Reply

    Useless addon anyway.

    1. Richard Allen said on July 3, 2018 at 4:46 pm
      Reply

      Useless? Considering I have 25 styles installed and 18 of them are currently enabled “useless” looks to me to be the wrong adjective. :)

  2. Anonymous said on July 3, 2018 at 1:23 pm
    Reply

    With Pale Moon I’ll continue to use “Stylish 2.0.7” with my own themes until the end, installed with “Moon Tester Tool” to block unwanted update.

    1. Nico said on July 3, 2018 at 5:05 pm
      Reply

      For Pale Moon a fork of Stylish 2.0.7 has been created, named Stylem.
      Announced here:
      https://forum.palemoon.org/viewtopic.php?f=46&t=19443
      Get it from here:
      https://addons.palemoon.org/addon/stylem/

      1. Anonymous said on July 3, 2018 at 7:58 pm
        Reply

        Yes thanks. Now I only have one add-on not compatible with Pale Moon 28 > CustomButtons{0.0.5.9pre1}, and unfortunately my prefered theme FT Deepdark :(

  3. Ayy said on July 3, 2018 at 1:35 pm
    Reply

    not much of a surprise, anything that sells out turns to garbage soon after. thankfully Stylus takes its place well enough.

  4. Anonymous said on July 3, 2018 at 2:34 pm
    Reply

    Stylus ftw !

  5. Shannana375 said on July 3, 2018 at 2:37 pm
    Reply

    Before these issues I used Stylus to get rid of Google’s nags/tips that ask you to use Chrome and such.

    Then I dumped Stylus when they sold out and I stopped using Google services, except for their search.

    Now to get rid of the recent nags on Google’s search I use the “I don’t care about cookies” extension for Opera.

    If need be I will try Stylus, thanks for this tip Martin.

    1. Shannana375 said on July 3, 2018 at 5:49 pm
      Reply

      Opps, I meant to say “Before these issues I used Stylish.. Then I dumped Stylish..”

  6. seroin said on July 3, 2018 at 3:03 pm
    Reply

    The original owner sold Stylish in 2016, not 2010.

    Also, FYI: for pre-FF57 browsers (e.g. Pale Moon, Basilisk, Waterfox, SeaMonkey etc) there exists a fork of the legacy Stylish: http://addons.palemoon.org/addon/stylem/

    1. Anonymous said on July 3, 2018 at 3:40 pm
      Reply

      Oh well I missed this one, working great thank you :)

    2. Richard Allen said on July 3, 2018 at 4:49 pm
      Reply

      Thanks! I wasn’t aware of this fork. Seems to be doing what it should in both Pale Moon and Waterfox.

  7. Tom Hawack said on July 3, 2018 at 4:03 pm
    Reply

    After having been a Stylish user for years I switched to Stylus when Firefox Quantum appeared, first because of serious problems with Stylish ported to a Webextension. It was a coincidence that at the same time buzz was starting to evoke the new Webextension’s affinity for peeking.

    Not one problem with Stylus, clean, compact, fast.

  8. Dave said on July 3, 2018 at 6:00 pm
    Reply

    I don’t use stylish anymore. I do however use styles from userstyles.org with TamperMonkey in Edge.

    There’s a small link “Install style as userscript” just above the feedback button, I click that one.

    1. Anonymous said on July 3, 2018 at 8:34 pm
      Reply

      But is TamperMonkey safe?

      1. Tom Hawack said on July 3, 2018 at 9:29 pm
        Reply

        I had tried TamperMonkey before switching to Stylus and I remember it included opt-out options in the scope of privacy, cannot remember exactly in what conditions. It’s heavy, too heavy IMO for a style editor when Stylus is lite and free of dozens of options found in TamperMonkey which are unused for most of them by most of us (I guess).

      2. John said on July 6, 2018 at 9:19 pm
        Reply

        @Anonymous
        Probably, but Violentmonkey and Greasemonkey are available. Either of those are better options.

      3. Anonymous said on July 7, 2018 at 11:00 am
        Reply

        @John. Last time I tried Violentmonkey and Greasemonkey (web.ex) in Firefox 60, unfortunately most of my scripts have stopped working. That’s why I do not use Firefox.

  9. Jake said on July 3, 2018 at 6:34 pm
    Reply

    You can use Stylus is open source and it works on Opera, firefox and chrome.

    https://github.com/openstyles/stylus

  10. o_O said on July 3, 2018 at 11:51 pm
    Reply

    Thank you! This is valuable article.

  11. Anonymous said on July 3, 2018 at 11:59 pm
    Reply
  12. ddk said on July 4, 2018 at 5:14 am
    Reply

    Violent Monkey on Chrome over here….

  13. Anonymous said on July 4, 2018 at 6:01 am
    Reply

    @Dave
    I’ve always thought that was a good idea for someone using an extension for userscripts and another for userstyles. I’m always up for reducing the number of extensions I use but getting rid of Stylus won’t work for me because I have userstyles that I have written for different websites, most are simple with 1-4 rules but I don’t want to give them up. Otherwise, for someone already using Tampermonkey being able to install styles as scripts is pretty cool.

    @Anonymous
    I started using Tampermonkey about a year and a half ago in Nightly and have never heard of the extension itself being unsafe. But…I would worry about what the installed userscripts are doing and where they came from. Just make sure they are coming from a reputable source and you can always look at the code in Tampermonkey and both greasyfork.org and openuserjs.org let you look at the code before installing. When going thru the code you can get an idea of what it’s doing. I’ve been using userscripts for years and have not experienced anything unsafe or malicious. The worst I’ve seen is that the script quits working. Tampermonkey does collect anonymous statistics and that can be disabled in Settings/General. Since you are already “Anonymous” I don’t know if I would worry about it. ;)

    @Tom Hawack
    I think Tampermonkey can work for those that don’t want to make changes to styles or at least not make many changes. For those of use that want to edit styles or create styles, I can’t imagine using something other than Stylus. That would be crazy talk! LoL

    1. Anonymous said on July 4, 2018 at 8:24 am
      Reply

      “Tampermonkey does collect anonymous statistics and that can be disabled in Settings/General.”

      Not only in “Settings/General”.

      1. Anonymous said on July 4, 2018 at 8:42 am
        Reply

        Also TM Privacy Policy: “We collect personal information from you in accordance with the provisions of German data protection statutes. Information is considered personal if it can be associated exclusively to a specific natural person.”

        “natural person” means they do not consider IP as personal information, for us IP as they collect (see “Server Data”) is just “Anonymous information”, what a joke.

  14. Anonymous said on July 4, 2018 at 6:53 am
    Reply

    People making styles (like Lootyhoof – PM team) to put their work should find another place than “userstyles.org” instead to force us to go to a site trying to spy on us.

    1. birmingham said on July 7, 2018 at 3:22 pm
      Reply

      The Pale Moon Stylem add on is a fork of Stylish 2.0.7 which does not include the telemetry data collection of newer Stylish versions. Using preset scripts from userstyles.org is your own risk.

      1. Anonymous said on August 17, 2018 at 10:31 am
        Reply

        But even on Stylem on the add-ons manager under styles the link to “userstyles.org” is still there :(

  15. yogaisevil said on July 4, 2018 at 4:51 pm
    Reply

    Ideally what will happen: Mozilla and Google will ban these guys for life.The company will go bankrupt from all the lawsuits filed against them.

    Realistically what will happen: They will be reinstated after the temporary ban and their misdeeds will be forgotten by the majority.

    What shall be your punishment?
    “Oops, We didn’t mean it”.
    One slap on the wrist coming up

  16. yogaisevil said on July 4, 2018 at 5:20 pm
    Reply

    There’s needs to be a diff viewer for the addon manager so users can check what exactly got added/changed in a new extension instead of trusting whats said in a change logs

  17. Fuzzi said on July 9, 2018 at 9:34 pm
    Reply

    Robert Heaton didn’t discover anything new. See gorhill’s comment here:
    https://www.ghacks.net/2017/01/04/major-stylish-add-on-changes-in-regards-to-privacy/#comment-4086083

    And even back in 2016 someone in the userstyles forum:
    https://forum.userstyles.org/discussion/comment/109446/#Comment_109446

  18. michael biller said on October 15, 2018 at 3:44 am
    Reply

    I use Stylus. Stylish was pretty cool until got stupid with the analytics. For me, its main purpose is for helping to learn CSS. I took a global userstyle that was pretty close to matching my desktop environments theme and modified it to my liking. I was then able to figure out how to get the new theme to display or not to display where I wanted.

    As a learning tool, it has been great. Outside of that, it’s not particularly necessary because there are other ways to accomplish the same thing. Of course, I did not know that until I started getting into learning some Web development.

    Stylus is certainly a better option than Stylish. SimilarWeb has proven to be shady at best. It is a shame they turned one of the most popular extensions/addons into spyware. It’s that kind of nonsense that keeps me from using most extensions/addons anyway.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.