"Stylish" Browser Extension Steals All Your Internet History

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
6,943
Popular browser extension "Stylish," used for customizing the appearance of webpages, was recently found to also be stealing all of your internet history. Software engineer Robert Heaton noticed the problem last week when he spotted a large number of requests going to api.userstyles.org. After decoding the data being sent out, he found that Stylish was exfiltrating all his browsing data.

Thanks to dgz for the story. dgz also reports that users of the extension have been getting a warning from Firefox and Chrome about the extension. Robert Heaton recommends if you like Stylish, try switching to an offshoot like "Stylus" which does the same thing without the spying.

SimilarWeb claims that they need to track every single website Stylish's users visit in order to recommend them styles for the current webpage. This is a solution in search of a flimsy justification. If this were all they were doing then they would only need to send themselves the current page’s domain, not the full URL. And it doesn’t even begin to explain why they also need to scrape and send themselves your actual Google search results from your browser window.
 
The swap to Stylus was really easy. Somewhere there was an export button in Stylish, it makes it some weird file with no extension.

Then go in Stylus and look for import and search for all files and grab it.

Three minutes without instructions
 
I use Stylebot; I hope similar issues with it don't crop up. I've heavily modified the CSS of almost every site I visit, to a degree where most other regulars to those sites wouldn't recognize them.
 
I use Stylebot; I hope similar issues with it don't crop up. I've heavily modified the CSS of almost every site I visit, to a degree where most other regulars to those sites wouldn't recognize them.
Yes, I panicked for a second until I realized that I, too, use Stylebot. *phew*
Sadly, I don't know how to code, be it software creation or website related. So I haven't really utilized mine passed the UI options, but it has been a blessing since there wasn't anything like AB+ Element Hider (outside of the AB+ Extenssion) like there was for Firefox, so that's primarily what I use it for. Though I will often end up correcting some issues that turn up for one reason or another, to shift text or buttons back to where they ought to be.
 
Technology is too easy to use now, it allows the "quick buck" and deceitful crowds to flourish and overwhelm the true hobbyists and professionals. Unfortunately many professionals are also cashing out these days, we really need a resurgence of strong ethics.
 
This is a surprisingly common problem with browser plugins.

They may start out as legit, but then someone buys them once they have an established user base, and sends out an update which starts collecting and stealing data.

You seriously cannot trust anyone or anything anymore.
 
Only addons I use are nocoin and minerblock. Other than those I've read too many bad stories about plugins or addons. One of the ones that still cracks me up was last year when either AVG or Malwarebytes, don't remember which but probably AVG, created a addon/plugin and it actually created browser exploits.
 
Or you can just be ok with it and let everyone have your data. So what?
 
I don't even understand the motivation

establish trust and develop a userbase for YEARS
Push update in May, steal data
Get caught in June
Have all browsers flag your extension two weeks later
destroy userbase

Was collecting six week's worth of data worth it? I'm guessing the guys at Stylus are pretty happy.

not using NoScript or uBlock to keep your browser safe..... lol
 
Well, if anybody wants to go out of their way to steal my internet history I hope they like boobs, science, boobs, history, computer stuff, news, and breasts.
 
When you grow up and have something to lose, you will understand.
I'd hazard a guess that by that time... it'd be far to late to fix the problems he'll get, from the lack of smarts he had, to make better decisions in the first place.

Hello again History, its nice to see you repeating yourself! not.
 
Pale Moon has Stylish. *searches for Stylus for Pale Moon*

Nope. Deleted Stylish.

Back to Firefox. It has Stylus.

EDIT:
Found out there's a plug-in called Stylem for Pale Moon.

*copies a couple of CSS from Firefox and paste it in Stylem*

Back to Pale Moon, feeling better.
 
Last edited:
Back
Top