The Stylish browser add-on for Mozilla Firefox and Google Chome has been indiscriminately logging and reporting users' browsing activity since January 2017, as software engineer Robert Heaton reported on Monday. Google and Mozilla have removed the add-on from their catalogs.
Stylish has been a popular plug-in among web developers, designers, and power users. But the increased scrutiny caused by Europe's recent implementation of General Data Protection Regulation has apparently put Stylish under the microscope.
The Stylish add-on lets users apply aesthetic customization to specific websites. This customization is known as a cascading style sheet (CSS), which users can create themselves or download from the Stylish community. These style sheets are frequently used to increase legibility, change the color scheme, or to filter out parts of the page that the user isn't interested in seeing. This style sheet doesn't affect how other visitors view the site; it only happens within the browser of the user who has installed Stylish.
According to Heaton, the Stylish add-on not only logs and reports every website you go to, it also attaches a "unique identifier" to that activity. He adds, "This allows its new owner, SimilarWeb, to connect all of an individual's actions into a single profile." This sounds a lot like the psychographic profiling at Cambridge Analytica that was reportedly based on unauthorized data collection of tens of millions of Facebook users during the 2016 presidential election.
Heaton also points out that many URLs can contain unique strings of numbers and letters that are only supposed to be viewable by the user -- such as those for medical records, password reset pages, and even logging into a website. These strings are supposed to be active only temporarily, but someone who can access these logs when they are still fresh could use them to access highly private information.
FOLLOW Download.com on Twitter to keep up with the latest app news.
Firefox desktop users who no longer want this add-on can press Ctrl+Alt+A (Shift+Command+A on Mac) to open an alphabetical list of their add-ons. The Disable button will shut it down but not remove it. If you press the Remove button, you'll need to search for the add-on if you change your mind later. However, there's a third-party alternative called Stylus that you may want to look into.
Chrome desktop users still do not get a keyboard shortcut for their addons list; instead, you must click on the menu button in the upper right, select More Tools, then click on Extensions. Clicking on the button in the lower right corner will disable it. Or, click Remove to nuke it.
With either browser, you may have to restart it for add-on removal or disablement to fully take effect.
- The Stylish browser plug-in has been mining users' browser histories for commercial purposes. Always check the permissions that a browser add-on asks for, before you install it. Just because an add-on should have nothing to do with data collection doesn't mean that it will keep its hands off your browsing history.
- Users who want to protect their privacy but still want Stylish's functionality should check out Stylus instead.
- Android malware Sonvpay secretly charges you premium text message fees (Download.com)
- Dashlane's new Inbox Security Scan can check your emails for malware (Download.com)
- Google Earth app for Android and Chrome can now measure straight-line distances (Download.com)
- Stay Private and Protected with the Best Firefox Security Extensions (Download.com)
- Firefox gets speed boost from Mozilla memory tricks (CNET)
- Firefox makers eye new 'voice browser'; they've even built an Alexa prototype (ZDNet)
- How to use Chrome's built-in anti-malware tool (TechRepublic)