There’s a story going around currently about a group of researchers who claim to have de-anonymized a variety of browser users’ search data. The fact that proper anonymization of data is a nontrivial task is quite well known. Sloppy “anonymization” can be effectively as bad as no anonymization at all.
But the interested observer might wonder … where did these researchers get their search data in the first place?
It turns out that the main source of this data are the individuals or firms behind third-party browser extensions and apps, which provide or sell the user data that they collect to data brokers and to other entities.
And so we open up a very big can of worms.
The major browsers (e.g., Google’s Chrome) provide various means for users to install extensions and applications to extend browser functionalities. While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by such add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained.