A.S.

Stylish for Maxthon and spying

6 posts in this topic

What's up, guys? 
As you probably know, my new interests are privacy and security. And today I have a bad new for you...
 

According to Robert Heaton's note, popular extension Stylish steals all your internet history:

Quote

Since January 2017 for Chrome and since January 2017 for Firefox, Stylish has been augmented with bonus spyware that records every single website that you and its 2 million other users visit. Stylish sends our complete browsing activity back to its servers, together with a unique identifier. This allows it’s new owner, SimilarWeb, to connect all of an individual’s actions into a single profile. SimilarWeb own a copy of our complete browsing histories and they also own enough other data to theoretically tie these histories to email addresses and real-world identities.


I have a lot of questions:

  1. Is Stylish for Maxthon official?
    Here're not so many official extensions and ports. I know olny three: LastPass, VKOpt and AdBlock Plus. Other extensions in most cases are unofficial ports from funboys. Is Stylish too?
    Add-on was uploaded by one of users from China - 寂寞的原子 (Lonely Atom). He made many cool exnetsions for Maxthon. Who is he? Can we talk to him?
  2. Is spying update relevant for Maxthon?
    Last update of mxaddon was in January 2018. Does this mean that users of Stylish for Maxthon  take risks too?
    Because if Lonley Atom used old version of Stylish, it may be still safe. Not a fact, but we have a chance.
  3. Are Chrome and Firefox issues relevant for Maxthon?
    Maxthon is closed browser. That's why many third-party developers don't want to work with Maxthon. Maybe changes happened on Chrome could not be repeated on Maxthon.
    Now we need someone from MX Team to check it.


P. S.

I've seen mention of Stylish changes thrice, so it's probably true...
I'm not sure that it's relevant for Maxthon too. So don't panic!
Maybe it's false alarm... But I think you should know this...

 

1 person likes this

Share this post


Link to post
Share on other sites

stylish has been updated a number of times on the extension centre - checking the version listed is 3.0.4

non of the updates have ever worked for me and others that post comments

the answer has been to stick with version 2.4.3 which whilst old works - i just keep the  2.4.3 extension write protected so any update does not work

whether this get round the problem you state i have no idea but hopefully so

 

 

Share this post


Link to post
Share on other sites

how interesting, and concerning.

there's no reason why you can't unpack the extension and have a look at the code, even better if you've got the dodgy chrome version to compare against.

As you said, many MX addons were user created/ported rather than official versions from the dev, so depending on how up to date the uploader kept it, it could still be safe.

At this stage probably best not to use it if anyone is at all worried about these revelations.

Share this post


Link to post
Share on other sites
On 9/8/2018 at 1:07 AM, A.S. said:

Is Stylish for Maxthon official?
Here're not so many official extensions and ports. I know olny three: LastPass, VKOpt and AdBlock Plus. Other extensions in most cases are unofficial ports from funboys. Is Stylish too?

Thank you for your feedback. The dev team has tested, it won't track request from Maxthon browser, and these aren't official extensions.

1 person likes this

Share this post


Link to post
Share on other sites
8 hours ago, BugSir006 said:

The dev team has tested, it won't track request from Maxthon browser, and these aren't official extensions.

Did Lonely Atom delete tracking scripts or just use old safe version?
Or this method of tracking just does not work on Maxthon?

Share this post


Link to post
Share on other sites
12 hours ago, A.S. said:

Did Lonely Atom delete tracking scripts or just use old safe version?
Or this method of tracking just does not work on Maxthon?

Yes, it hasn't tracked cookies and browsing history from Maxthon. If you have Fiddler, you could try to check it out and contrast with Chrome browser.

Share this post


Link to post
Share on other sites