WELCOME

Robert Polding's Home

The Silent Watchers in Your Browser

Written by

Rob

·

What 287 Chrome Extensions Tell Us About Digital Literacy

As someone who spends a great deal of time thinking about technology, education, and the skills our students need to navigate the modern world, a recent investigation caught my attention – and frankly, it should catch yours too.

A detailed technical analysis published on the QContinuum Substack revealed that 287 Chrome browser extensions have been quietly exfiltrating the browsing history of approximately 37.4 million users. Let that number sink in for a moment – Spain’s population is 47.5 million people!

What Is Actually Happening?

The researcher used an automated scanning pipeline – routing traffic through a man-in-the-middle proxy – to detect outbound requests that correlated suspiciously with URL patterns. In plain language: these extensions were silently watching every website you visited and sending that data to external servers.

The actors behind this are not shadowy figures in basements. They include well-known entities like Similarweb, as well as less familiar names like Curly Doggo and Offidocs, alongside various data brokers. The motivations range from selling data to large corporations and enabling targeted advertising, to more troubling possibilities like corporate espionage and credential harvesting.

Why This Matters Beyond Cybersecurity

From my perspective as an educator, this story is a case study in digital literacy, or rather, the lack of it.

We teach our students to think critically about the information they consume. We train them to evaluate sources, question assumptions, and understand incentive structures. Yet how many of us – professors, students, professionals – install browser extensions without a second thought? A tool that promises to find coupon codes, convert PDFs, or change the appearance of a webpage seems harmless enough. But the old adage from the article holds devastatingly true:

If the software is free and it is not open-source, assume you are the product.

This is not paranoia. It is a rational conclusion drawn from observable market dynamics. If a company offers a polished product at zero cost and has no visible revenue model, the revenue model is almost certainly you – your data, your behavior, your attention.

Lessons for Our Community

I think there are three takeaways worth reflecting on:

  1. Audit your tools regularly. 
    • When was the last time you reviewed the extensions installed in your browser? Many of us accumulate them like digital clutter. Remove anything you do not actively use.
  2. Teach incentive thinking. 
    • Whether you are a faculty member, a student, or a working professional – train yourself to ask “who pays for this, and how?” before adopting any free tool. This is not just a tech skill; it is an economic reasoning skill.
  3. Advocate for transparency. 
    • Open-source software allows independent verification of what code actually does. When possible, prefer tools whose inner workings can be inspected by the community.

A Broader Reflection

At IE University, we often talk about preparing leaders who can navigate complexity and ambiguity. The browser extension ecosystem is a perfect microcosm of that challenge – a space where convenience, trust, and exploitation coexist, and where the cost of naivety is invisible until it is not.

Thirty-seven million users did not know they were being watched. The question is not whether you were one of them. The question is whether you have the habits and the mindset to avoid being one of them next time.

Stay curious. Stay skeptical.

The views expressed here are my own and do not necessarily represent the official position of IE University.

  1. Spying Chrome Extensions: 287 Extensions spying on 37M users
, , , ,

Leave a comment