Your Chrome Extensions May Be Stealing Your Personal Info: Here's How to Stop Them
A long time ago, we recommended the Hover Zoom extension for Chrome as an easy way to blow up small image thumbnails without actually have to "click" on the images themselves. Over the past year, there have been reports that Hover Zoom now collects and sells your browsing data to third-party advertisers without your consent.
The description for Hover Zoom in the Chrome Web Store states that they collect and sell anonymous usage statistics, though it's buried at the end, unlikely to be seen, and was added after they updated the app with adware. And the term anonymous here is pretty much a misnomer, since it takes a very small amount of time to figure out who you are.
It's not just Hover Zoom either, lots of extension makers are unknowingly selling their work to adware vendors, who then update the extensions and inject adware and redirect links on webpages that users visit.
Google told Ars Technica that an upcoming policy change will require extensions to serve a single purpose, but it's not due until June of 2014. Here's what you can do in the meantime.
Luckily, it's really simple to disable tracking in Hover Zoom on Chrome, and most other extensions like it have a similar feature. Just go to Window (Tools for Windows PC users) -> Extensions -> Hover Zoom -> Options -> Advanced and uncheck the box next to Enable anonymous usage statistics.
Again, if it's a different Chrome extension and it has settings you can change, you'll also be able to access them via the "Options" link by its info in the Extensions panel.
To disable affiliate links, go to Window (Tools for PCs) -> Extensions -> Hover Zoom -> Options -> Support the Project. Select No, I don't want to enable affiliate links and hit Save.
If you feel safer replacing Hover Zoom altogether, the best alternative is Imagus. It's available for Chrome, Firefox, Safari, IE and Opera, and it's highly customizable. Zoomable images are marked with an outline and you can choose what size you want the display to be.
Imagus lets you disable zooming for one image or an entire page or session, and you can set hotkeys to make it easy.
Another option is Hover Free, but it's only available on Chrome and Opera and is no longer supported or updated.
Unfortunately, there's currently no easy way to turn off automatic updates for extensions built into Chrome, but there are other things you can do to block an extension you've liked from auto-updating to a new version that might include ads or spyware.
How-To Geek has a good tutorial for making updates manual for an individual extension in Windows.
Basically you'll need to "Open the Extensions panel, find the ID of the extension, then head to %localappdata%\google\chrome\User Data\default\Extensions and find the folder that contains your extension. Change the update_url line in the manifest.json to replace clients2.google.com with localhost."
If you're on a Mac like I am, I'll go through this process a little more in-depth.
First, locate the extension's ID. This is the long string of random numbers in the extension's URL in the Chrome Web Store. You can also find it by clicking on Window -> Extensions and checking Developer mode, which will reveal each extension's ID number.
Now, in your Finder, navigate to Users -> Your User Name -> Library -> Application Support -> Google -> Chrome -> Profile -> Extensions and find the folder with the extension's ID as its name. Click on it, then the enclosed version number folder, and open the manifest.json file.
Note: If you have more than one profile, just search each one individually until you find the extension folder you're looking for.
In the manifest.json file, search for "update_url" and you'll see on the same line the URL with clients2.google.com in it. Change that text to localhost instead, then Save the file.
You can also disable updates for Chrome entirely, but it's not just a matter of changing a few settings, and I wouldn't recommend it as it means you won't get Chrome's latest security patches. But if you want to, on Windows, you'll need to access the Google Update admin template. For Mac, you'll use Google Software Update and Terminal. Check out Google's support page for instructions.
Otherwise, your best bet is to use Firefox or another browser that lets you turn off automatic updates. Their process is super simple.
To disable automatic updates for an individual add-on, open the Add-on Manager and go to Extensions. Find the one you want to disable and click on More, then switch Automatic Updates to Off.
To disable automatic updates for all add-ons, open the Add-on Manager and click on the Gear icon in the top right corner. On the drop-down menu, find Update Add-ons Automatically and uncheck it.
To summarize, your options are to stop using extensions (safest), manually disable extension auto-updates (time consuming, but trustworthy), completely disable Chrome's auto-updates (risky as new patches come out), or switch browsers (at least until Chrome cracks down on this). Not exactly optimal.
Hopefully the June update will make this a non-issue for Chrome users, but until then, you've got to protect yourself somehow.