privacy
2023
- Chrome Sync privacy is still very bad
- Why browser extension games need access to all websites
- Another cluster of potentially malicious Chrome extensions
- Introducing PCVARK and their malicious ad blockers
- How malicious extensions hide running arbitrary code
- More malicious extensions in Chrome Web Store
- Malicious code in PDF Toolbox extension
- Online Security extension: Destroying privacy for no good reason
- Veraport: Inside Korea’s dysfunctional application management
- South Korea’s banking security: Intermediate conclusions
- Weakening TLS protection, South Korean style
- IPinside: Korea’s mandatory spyware
- South Korea’s online security dead end
2022
2021
- Abusing Keepa Price Tracker to track users on Amazon pages
- Data exfiltration in Keepa Price Tracker
- Follow-up on Amazon Assistant’s data collection
- DuckDuckGo Privacy Essentials vulnerabilities: Insecure communication and Universal XSS
- How Amazon Assistant lets Amazon track your every move on the web
2020
- How anti-fingerprinting extensions tend to make fingerprinting easier
- What would you risk for free Honey?
- What data does Xiaomi collect about you?
- Are Xiaomi browsers spyware? Yes, they are…
- Insights from Avast/Jumpshot data: Pitfalls of data anonymization
- Avast’s broken data anonymization approach
- Avast complies to respect users’ privacy
2019
- Problematic monetization in security products, Avira edition
- Mozilla and Opera remove Avast extensions from their add-on stores, what will Google do?
- More Kaspersky vulnerabilities: uninstalling extensions, user tracking, predictable links
- Assorted Kaspersky vulnerabilities
- Internal Kaspersky API exposed to websites
- Kaspersky: The art of keeping your keys under the door mat
- Avast Online Security and Avast Secure Browser are spying on you
- State of the art protection in Chrome Web Store
- How much privacy do you have left on the web?