Rogue browser extensions (addons)

Browser extensions are usually small software addons/modules that help to customize a web browser by offering a variety of often useful features such as advertisement blocking.

Unfortunately browser extensions can access private data such as the browsing history, bookmarks, password and other sensitive data. Moreover many programs have secretly installed browser extension to without the user’s knowledge. Other famous browser extensions have been infected by malware and adware often by malice from the developer(s) of the browser extensions.

I’m adding a list of articles and research related to browser extensions badness.
Feel free to edit this wiki post.

https://nakedsecurity.sophos.com/2018/07/06/chrome-and-firefox-pull-history-stealing-browser-extension/

https://blog.malwarebytes.com/threat-analysis/2018/01/new-chrome-and-firefox-extensions-block-their-removal-to-hijack-browsers/

https://arstechnica.com/information-technology/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/

https://www.howtogeek.com/180175/warning-your-browser-extensions-are-spying-on-you/

https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/

https://www.bleepingcomputer.com/news/security/chrome-extension-devs-use-sneaky-landing-pages-after-google-bans-inline-installs/

https://www.ghacks.net/2018/05/11/googles-bad-track-record-of-malicious-chrome-extensions-continues/

https://arstechnica.com/information-technology/2018/01/500000-chrome-users-fall-prey-to-malicious-extensions-in-google-web-store/

https://www.ghacks.net/2016/11/01/browsing-history-sold/

https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/

• Troubleshoot Firefox issues caused by malware
• Browser Extensions: Are They Worth the Risk?
• Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

But it would be a fallacy to say that all browser add-ons are bad as your post seems to imply. Yes, some have been spying on their users in a terrible way.

And yes, Firefox does have in their top list of recommended addons Ghostry which is owned by a very large german media group (but again, Firefox also has Google by default and gets money from that).

What I mean to say is that there are bunch of browser extentions that I feed confident in recommended because their developers are known in the community and they are reasonable effective and have a good track record. Some examples can be found here:

I do not disagree that ethical addons exist but the process of verifying the addons is not straight forward and it may be hard for users to determine the good from the bad addons.

I have added a number of articles that describe how many users got mistreated by many famous or otherwise reputable developers of addons software. So educating users how to verify their addons may be one way to go but it’s getting increasingly hard to predict the future such that you can ensure that the addon you are using today is not going to be hacked or sell your data (both scenarios are based on real cases).