AdTech companies and data brokers often buy privacy-focused products from single developers / small teams and turn them into data collection devices.
I was part of a team that uncovered such a large-scale data collection schema by a data broker company in 2016. They bought popular privacy-focused browser extensions like "Web of Trust" and turned them into spyware, sending every URL users opened in their browsers to their backend. They then slapped some token "anonymization" on the data and sold it to whomever was willing to pay. They even provided a sample consisting of more than two months of browsing data from three million people in Germany to a team of journalists posing as a startup as a freebie. The data contained tons of highly intimate and sensitive information and users where trivial to re-identify in many cases, e.g. via URLs that contained usernames, e-mail addresses or access tokens.
Chrome and Firefox briefly banned the extension from their app stores, but a few weeks after the incident it was suddenly back, happily exfiltrating data from unsuspecting users again.
I then realized that browser vendors often have perverse incentives when it comes to privacy and really don't care so much about it. Even companies like Mozilla allow plenty of shady extensions to exfiltrate really sensitive user data, because those extensions increase the popularity of the browser.
BTW these companies often lie to the original developers / teams that they acquire. "Web of Trust" for example was originally written by a team of students that really cared about user privacy and trust. So I wouldn't give too much about the promises of such companies, their business is selling data and collecting as much data as possible is one of their primary objectives, privacy always takes a backseat.
I was part of a team that uncovered such a large-scale data collection schema by a data broker company in 2016. They bought popular privacy-focused browser extensions like "Web of Trust" and turned them into spyware, sending every URL users opened in their browsers to their backend. They then slapped some token "anonymization" on the data and sold it to whomever was willing to pay. They even provided a sample consisting of more than two months of browsing data from three million people in Germany to a team of journalists posing as a startup as a freebie. The data contained tons of highly intimate and sensitive information and users where trivial to re-identify in many cases, e.g. via URLs that contained usernames, e-mail addresses or access tokens.
Chrome and Firefox briefly banned the extension from their app stores, but a few weeks after the incident it was suddenly back, happily exfiltrating data from unsuspecting users again.
I then realized that browser vendors often have perverse incentives when it comes to privacy and really don't care so much about it. Even companies like Mozilla allow plenty of shady extensions to exfiltrate really sensitive user data, because those extensions increase the popularity of the browser.
BTW these companies often lie to the original developers / teams that they acquire. "Web of Trust" for example was originally written by a team of students that really cared about user privacy and trust. So I wouldn't give too much about the promises of such companies, their business is selling data and collecting as much data as possible is one of their primary objectives, privacy always takes a backseat.