By Josh Scott
Some Amazon shoppers recently noticed an unusual warning at the top of the company’s website. The retail giant released a message calling Honey, the popular coupon-finding browser extension, a “security risk” and advising them to uninstall it immediately.
The notice stated that Honey “tracks your private shopping behavior, collects data like your order history and items saved, and can read or change any of your data on any website you visit.” As technology magazine WIRED pointed out, the message’s timing is suspicious. Honey has worked with Amazon since 2012. PayPal, which competes with Amazon as an internet payment processor, recently purchased Honey in November for $4 billion. The Amazon warning was first spotted a few weeks later.
Honey has over 17 million users. It’s been mainly marketed to a younger demographic. Its appeal to online shoppers is twofold—it’s free and easy to use. It automatically searches for applicable coupons whenever you browse a shopping site.
However, there are cons to using Honey. The extension can be particularly invasive of your privacy. Honey is unique in its ability to track purchases. A company like Amazon can see every purchase you’ve made on its website and suggests and profits from further targeted advertising on what you might like. Honey can create a more in-depth profile of a consumer however, collecting data from every purchase on any website that a consumer uses or is offered a coupon. This is what makes Honey so valuable to companies—the model they create is an invaluable amount of data on millions of consumers.
Online surveillance can often seem inescapable. According to journalist Julia Angwin in her 2014 book, Dragnet Nation, “Institutions are stockpiling data about individuals at an unprecedented pace.”
“The combination of massive computing power, smaller and smaller devices, and cheap storage has enabled a huge increase in indiscriminate tracking of personal data,” writes Angwin.
Brian Lesser, Ryerson University’s chief information officer, told The Eyeopener that browser extensions are invasive by nature. “In general, extensions can dramatically increase your privacy and security risks,” said Lesser, adding that many involve increased convenience at the expense of privacy. “To do anything useful extensions often need some access to your data. But that is only the beginning of the problem.”
Malicious extensions can jeopardize your personal privacy and security in a wide variety of ways. “The list is pretty much endless,” says Lesser. “Your usernames and passwords may be stolen, your computer used to attack other computers, your data stolen and held for ransom, your computer could send out massive amounts of spam messages, identity theft.”
“Companies may want to collect data for purposes that increase your privacy risks while providing them with advertising or other revenue sources,” says Lesser. “They may also count on you just installing their extension without worrying about privacy.” Because of this, Lesser recommends approaching extensions with skepticism: “I wouldn’t start by assuming they are only doing the thing you want them to do with your data.”
For the average student, it helps to remember the benefits of a minimalist approach. Downloading less is the shortest path to increasing your online security. Lesser puts it plainly: “The fewer things you install, the better.”
Here are three quick browser extension safety tips that Lesser and Consumer Reports endorse:
- Unless an extension is essential to your work, from a well-known and reputable provider, and has been around for years without complaints, don’t install it.
- Avoid extensions from small third-party websites—stick to official stores, which are generally safer.
- Delete all of your old, unused browser extensions.