Can search extensions keep your searches private?
Credit to Author: Pieter Arntz| Date: Thu, 23 Aug 2018 15:00:00 +0000
One of the most common things most of us do on the Internet is search, whether we are looking up the price of the latest gadget or we need to find the address of that great restaurant recommended by a friend. The dizzying number of Google search queries per second (more than 40,000, on average) tells us there is plenty of money to be made by advertising in search results.
It’s not just big names in the search industry who are aware of this fact. Others want a piece of the pie, too. But what can they hope to accomplish when their budget is nowhere near that of the marquee players, and one of their prospective competitors has managed to turn its brand name into a verb?
The only thing that makes sense in this scenario is to offer something that others don’t. And with recent data breaches, online tracking, targeted advertising, and other privacy-threatening events all leaving us worried about our online privacy, some smart developers have created browser extensions that promise to keep prying eyes away from our searches.
We have noticed quite a few new names in this fledgling industry. In fact, some of them are so similar in their advertising, wording, coding, and use of images, that there is no other explanation besides their developers deciding power lies in numbers—of extensions, brand names, and domain names. And they’re all doing, or rather not doing, the same thing in an attempt to make the cash register ring.
In case you were wondering whether any of these are worth the time it takes to install them, the short answer is no.
Investigation
To investigate this trend that we’ve been watching since summer 2017, we looked at 25 extensions that advertise that they offer more privacy during searches. One of the first things we noticed was that over half of these extensions were so alike, we classified them as a single family.
Our generic detection name for smaller variants belonging to this family is PUP.Optional.SearchAlgo.Generic. It’s named after the domain this family uses to route its searches. As far as I can tell, they all end up displaying Yahoo Search results, but this isn’t hardcoded into the extension, so the redirect is probably decided on-the-fly by the code on the searchalgo.com servers. That would make it easier for them to switch in case they get a better offer than the one from Yahoo Search.
Breakdown
We have looked into a few of the top results found while searching for private search extensions, and found several nefarious or questionable similarities. It may come as no surprise that all of these extensions, not just the one from the “searchalgo” family, have been added to our detections as potentially unwanted programs (PUPs). Here’s a breakdown of what we found:
Protocol: While a few of the extensions actually use the https protocol to conduct their searches, most of them do not. This leaves us immediately wanting for more privacy when we hit the search button. Using the https protocol would at least make eavesdropping harder.
Results: The division rate of those that display their results on a site of their own and those that simply redirect us to Yahoo Search is about fifty-fifty.
Code: We looked at the code of the extensions to see if developers were paying attention to the privacy of the search or search results. We found no trace of any such code.
Browsers: Most of the extensions we found were only available for Chrome. A few were intended for Firefox. This is probably due to the much bigger market share for Chrome at the moment.
The technical details
Looking at the code of one of the major families, we can see that this is the main search routine:
In case you got your hopes up when you spotted the word “encode,” the encodeURIComponent() function encodes a Uniform Resource Identifier (URI) component by replacing each instance of certain characters by one, two, three, or four escape sequences representing the UTF-8 encoding of the character. This is only used to ensure that certain special characters, like backslashes, don’t get read as code. So, no privacy enhancement there.
As mentioned before, one of the larger families in this category uses its own domain to redirect searches through to the most profitable established search engine.
The most profitable for the extension authors must be Yahoo Search by the look of the results. Others fetch results from a popular search engine and add their own header and a “few” advertisements to earn money.
Extra functionality
Some of these search extensions also promise extra functionality. We have seen variants that promise to be specialized in:
- Music
- Movies
- Games
- Downloads
And usually, when you visit the domains that are listed as the origin of the extension in the web store, you will find that they advertise these specialized search extensions, but not their privacy enhancing extensions.
We did find that some of these extensions pre-date the rise of the privacy search extensions, but they still use the same code, images, and search domains. For example, WowMovix.com has been around since late 2015 and to date still uses the searchalgo search domain.
Is it possible that they just changed the marketing scheme and not the underlying code?
Online privacy
Of course, we appreciate people’s desire for more online privacy. But for those tempted by the promise of enhanced privacy during online searches, we have some better alternatives:
- First of all, you should have a look at this blogpost about interest-based advertising and what you can do about it.
- Also, we recommend using a less limited tool to block tracking. There are many that block tracking on every site you visit, not just during searches.
- Or, you can anonymize your Internet traffic by using a VPN.
Stopping advertisements
One of the side-effects of all the “privacy search” extensions we looked at was the extra influx of advertisements. If you want to put a stop to those, whether they are targeted or not, you really should have a look at this post on blocking ads, as well as this one about which ad blockers you might want to use and how to install them.
The long answer
Even though the publisher(s) of these extensions are trying to tell us that there is privacy to be gained during your online searches, we are of the opinion that there are many better ways to achieve that level of privacy than to install these extensions. We didn’t have time to find and examine every extension that promises to keep your searches private, but we have reasons to believe that the majority of them are more interested in their personal revenue than your privacy. We would advise you to consider one of the other options with a more wide-reaching impact on your privacy like VPNs, anti-tracking tools, taking other measures against interest-based advertising.
The post Can search extensions keep your searches private? appeared first on Malwarebytes Labs.