Chrome is a powerful browser, extensions enhance the browser's functionality and make the browser tailored to you. But what happens when these useful extensions go rogue on you and become an adware all of sudden?
A very popular Chrome extension called 'YouTube Plus' (re-branded as Particle as Opera web store won't accept the 'YouTube' name in the extension), added extra features to the YouTube UI which gave some more features like floating player, screenshot tools etc to the YouTube player and added some nifty features to the YouTube website itself. YouTube website changes have always been controversial, so you can imagine this extension was quite popular with YouTube power users and raked more than 30,000+ downloads.
Whats Happening?
...the extension was placed on EOL support due to the new YouTube layout being drastically different than the classic layout - demanding a complete rework of the extension...
This year in May the developer reported that they have a problem maintaining the extension because of multiple reasons which added quite many complications one of which included forceful change of name, getting banned in Chrome web store for no reason and mainly YouTube website getting so many UI changes all the time making it difficult to keep updating it from its core. Basically it needed to be rebuilt from ground.
You see now the mess that this is heading into and I have decided to re think the plan while I am still on an early stage of development for the new extension.
But soon things changed, 2 months post that announcement the developer announced that the extension has been sold. This meant the new owners had full control of the extension and any new update to follow will be made by them.
As of today the Chrome extension ownership has been changed and I am unable to make any further changes or updates to it.
The developer also was assured that any future changes to the extension would be Google compliant to a certain extent and the users will be informed of the new changes in the extension as and when they happen. The developer was also allowed to look in to the changes before hand to see everything was quite normal.
But what happened in reality was that the new owners made the extension an adware, an extension so aggressively filled with ads and asked two new permissions, " read and change data on websites visited" and " manage apps, extensions and themes " which allowed them to collect user data on every website visit.
What Should You Do?
As of now Google has r emoved this extension from the web store but that doesn't solve the problem at hand, it already had more than 30,000+ downloads under its belt. This means thousands of users are still using the extension which is now an adware serving ads all over, making users think either websites have suddenly become ad hungry or annoyed that ads are being served to them somehow from somewhere they do not know about. Most users will be clueless about this is happening because of this particular extension as it was clean when they first installed it and started using it.
But good news is, one of the reasons why the developer sold the extension was that it will eventually die. With the new YouTube Layout coming up, the extension will not work on the new version and it would need to be upgraded which the new owners might not be interested in doing as their intentions and priority are quite clear now.
If you are using Particle or YouTube Plus on Chrome now, the best thing to do uninstall and remove the extension from your browser. And let this be a lesson to you & everyone, choose your extensions wisely. Keep your extension usage to minimum and up to a point to which it is required, any extension you think you haven't used its function in the past 15-20days, need to be gone. This will not only keep you safe from such malicious extensions but also keep your browser snappy. And always give permissions to extensions which you know are safe, just don't approve all permissions. Never.
But... What About the Firefox add-on?
YouTube Plus or Particle also exists on Firefox but we aren't sure if that too is affected by this update nor does the developer mention the sale of it. The developer only announced the sale of the Chrome extension. But since it runs on the same repository, it's better to be safe than sorry. You can either stop using it or just disable automatic updates for the extension from the add-ons options.
Disable Automatic Updates
- Visit about:addons in Firefox
- Click 'More' on the YouTube Plus add-on > Turn OFF the 'Automatic Updates'
As of now the 'YouTube Plus' version on the Firefox add ons repository is 1.8.7 which was updated on 11th May 2017, which means it is not infected with the adware update for now.
So it is fair to assume the Firefox add-on is safe for now.
I used the extension a lot and still want to use it. So... Now What?
Not all is lost here, there are two ways to still use the original YouTube Plus.
If you still want to use the original YouTube Plus without the ads, you can install the userscript which is untouched and receives bug updates quiet often.
For installing the userscript you need a userscript manager like Tapermonkey.
And then install the userscript from here
Since the userscript can only last till the next YouTube layout change, the better thing to do is switch to the upgraded one.
Even though the original extension is infested with ads and deceived users in collecting their data, the original developer had already started working on a newer version of the extension as he is pretty sure the new YouTube layout will ruin the old extension. But since he only started working on it few months ago it still is in beta and some of its features are in alpha stage. You can start using the beta version now.
The new name it will go by is 'Iridium' which is now a userscript which can be installed.
This again is a userscript for which you would need to first install a userscript manager like Tapermonkey and then install the new Iridium userscript from here
Still unsure what to do? Check out Iridium 's page, if you still see it has a lot of features in it TO DO list, it is better to keep using the YouTube Plus userscript and wait for Iridium to be built completely or be released as an extension in the web store.
Source : Naked SecurityThumbnail Image : threadpost