I noticed this about a month back. I was browsing the web one Saturday morning and spotted an "Eco link" next to the search results. Most of them were big sites, like Amazon and eBay etc.
I immediately emailed one of our SEO guys with a snippet of the page and said, "we need to know how to do this in Google, it must be a new feature". I stupidly assumed it was a new feature Google had rolled out. When he replied that he can't see it I started googling the problem, most of the results pertained to Malware and I was shocked, I'm a very careful browser in general.
When I started digging around it was only then I started switching off my plugins 1 by 1 and the eco link went when I switched off the browser resizer, I was honestly shocked. I knew the developer wasn't supporting the plugin any more due to funding but I didn't think it would go in that direction, I expected it to just fade away.
No, I didn't read the updates on the product. I don't have time to read updates on products, especially plugins. After reading his comments on there, there is no remorse for his actions. He is nothing more than a simple malware spreader, he should apply for a job at SourceForge.
It just occurred to me: installing malware on an extension targeted towards developers - the kind of people who just might notice hijacked links - seems like the dumbest idea in the world. Leads me to wonder what sort of nastiness is hidden in those other extensions.
(I zipped the '3rd-party' directory and removed references to those scripts in the manifest file. So it's there if you wanna inspect it, but ecolinks won't run. I don't have time to restructure the options page though :-)
I would argue that if you installed any extension that requested full access to your data without understanding the implications, you're not as careful a browser as you believe you are.
This isn't to say what the developer did is in any way ok ( I don't think it is), nor is it my intent to insult you. Rather - it's to highlight a deeper problem with this kind of click-through security model that chrome web store, play store, et al are fostering.
If somebody who has a reasonable understanding of computers and works with them for a living still clicks though this kind of agreement, what hope has the other 99% of the connected-device-using population?
I guess you're right in a respect. I think I trusted this to be right though, I never imagined that you could change something so dramatically to the point where it isn't even the same product any more.
With Chrome having such a good level of sandbox and Google being proud of that I didn't think it would be so easy for someone to release an extension that basically acted as malware.
I do in general have really good browsing habits, I just need to re-evaluate who I trust.
I immediately emailed one of our SEO guys with a snippet of the page and said, "we need to know how to do this in Google, it must be a new feature". I stupidly assumed it was a new feature Google had rolled out. When he replied that he can't see it I started googling the problem, most of the results pertained to Malware and I was shocked, I'm a very careful browser in general.
When I started digging around it was only then I started switching off my plugins 1 by 1 and the eco link went when I switched off the browser resizer, I was honestly shocked. I knew the developer wasn't supporting the plugin any more due to funding but I didn't think it would go in that direction, I expected it to just fade away.
No, I didn't read the updates on the product. I don't have time to read updates on products, especially plugins. After reading his comments on there, there is no remorse for his actions. He is nothing more than a simple malware spreader, he should apply for a job at SourceForge.