Here's the code more readable for those interested: http://pastebin.com/Rvp4eMvu
As others have said and it seems they're starting to admit, it tracks your User Agent, form submission events (not content as far as I can see), some other computer identifying information, and loads in javascript for different actions.
It sends data to https://jsl.blankbase.com/ (https at least), that data being a number of things from the location (url) to your browser name, version, os name and version as well as generated identifier.
It also does numerous also calls to https://qp.rhlp.co/ (which is a common mention on the internet) to load javascript:
https://qp.rhlp.co/gsd.html (check source)
https://qp.rhlp.co/search/jshttps://qp.rhlp.co/demoda/js?v=3
So it doesn't look like it sends any significantly private data (form data), but, it's nowhere near a good thing.
Nonetheless, tracking in extensions is shitty and monetizing extensions through tracking is a poor direction for extensions as a whole in the community.
rhlp.co and blankbase.com are both registered at GoDaddy, blankbase is using the nameserver from this company http://www.sambreel.com/ who may have either created the tracking or were paid to host it. If you're concerned about the domain usage, feel free to report them to GoDaddy , however, hopefully creators will start to realize monetizing extensions like this is a poor decision.
Here's the code more readable for those interested: http://pastebin.com/Rvp4eMvu As others have said and it seems they're starting to admit, it tracks your User Agent, form submission events (not content as far as I can see), some other computer identifying information, and loads in javascript for different actions. It sends data to https://jsl.blankbase.com/ (https at least), that data being a number of things from the location (url) to your browser name, version, os name and version as well as generated identifier. It also does numerous also calls to https://qp.rhlp.co/ (which is a common mention on the internet) to load javascript: https://qp.rhlp.co/gsd.html (check source) https://qp.rhlp.co/search/js https://qp.rhlp.co/demoda/js?v=3 So it doesn't look like it sends any significantly private data (form data), but, it's nowhere near a good thing. Nonetheless, tracking in extensions is shitty and monetizing extensions through tracking is a poor direction for extensions as a whole in the community. rhlp.co and blankbase.com are both registered at GoDaddy, blankbase is using the nameserver from this company http://www.sambreel.com/ who may have either created the tracking or were paid to host it. If you're concerned about the domain usage, feel free to report them to GoDaddy , however, hopefully creators will start to realize monetizing extensions like this is a poor decision.