
Unimania: I Need Your Facebook Data, Location, and Your Browsing History - krn
https://adguard.com/en/blog/unimania-spyware-campaign/
======
krn
> UPD (Jun 3): The Android apps mentioned in the article are no more available
> on Google Play.

> UPD (Jun 5): The Chrome extensions are finally taken down from the Chrome
> Web Store.

And yet, as of today, Google Play offers two more apps by Unimania., both of
which promise to provide "a better Facebook experience" in exchange for your
credentials[1]. The question is then, how many similar Chrome extensions are
still there on Chrome Web Store.

[1]
[https://play.google.com/store/apps/developer?id=Unimania](https://play.google.com/store/apps/developer?id=Unimania).
("." at the end belongs to the URL)

------
telltruth
Chrome extensions are gold mine for data collectors. There are no checks and
balances and its extremely hard to tell what these extensions really do under
the hood. A well funded data collector can make "free" extension that competes
with other top extensions like AdBlock and slip in the malware to track pretty
much everything that goes in the browser. I've already seen several variations
where you go on some bad website and you see ad for "People are saving 40% on
Amazon using this Extension! Are you using it?". I can imagine legions of
gullible people falling for this and handing over control of their browser.

It's quite unfortunate the position Chrome developers have taken on extensions
("it's your problem if you use them"). We are sitting on a time bomb that one
day would explode with same fervor as what happened with FB's ignorance
policies.

~~~
mirimir
Is Firefox better? If so, how?

~~~
keraf
Yes. When submitting an extension on the Firefox Add-Ons store, the extension
is validated by a human (you need to provide the source and steps to build the
extension if the submitted package contains minified code). It can be
frustrating sometimes to wait hours or days for the extension to be published
compared to the Chrome Store where it is almost instant. But from a user
perspective, I prefer it that way and Mozilla seems to care more.

~~~
zaarn
It should be added that Mozilla isn't perfect either, there were a few
extensions that slipped through that got uncovered recently. It's still a lot
better than Chrome's.

------
shawn
The sole Twitch extension, Twitch Now, requires access “See and modify your
data across all websites.”

There’s no reason for this, but there’s also nothing I can do about it. I’m
not going to develop my own competing extension, and no other extensions
exist. It’s quite annoying.

They could theoretically be harvesting all of my Gmail emails, making changes
to my GitHub repositories, monitoring my Slack conversations, and more.

~~~
evmar
The "Pocket" extension required something similar so I built my own:
[https://chrome.google.com/webstore/detail/save-to-pocket-
min...](https://chrome.google.com/webstore/detail/save-to-pocket-
mini/calnfcidhlhdmmmnicdpddbmmjmfohem)

However it seems to maybe have broken recently (only on some of my devices,
maybe some API change by Pocket?) and I can't be bothered to fix it.

------
mirimir
OK, so there's also a Unimania Card that apparently harvests social media and
shopping data.

[https://www.coffeemania.com/icerik/goster/unimania](https://www.coffeemania.com/icerik/goster/unimania)
via Google Translate:

> The Unimania Card Project is a collection of applications that will
> translate every moment you socialize with a card and assisted QR code. With
> this card, every shopping you make in Coffeemanialar will become more
> advantageous, as you shop, your points will accumulate and offer you
> delicious campaigns. At the same time, the infrastructure that will keep you
> informed of seasonal campaigns and all the moments you enjoy outside will
> return to you as a gift. When you receive your Unimania card, you can start
> to receive discounts and opportunities from your specially prepared
> campaigns.

[http://www.unimania.ge/](http://www.unimania.ge/) via Google Translate:

    
    
        უნიმანიაზე განთავსებული რეკლამის
        ყურებისას ქულების დასაგროვებლად
        გაიარეთ ავტორიზაცია უნიქარდის ან
        ფეისბუქ მომხმარებლის მონაცემებით
    
        Advertising on the Unmanya
        To get points while watching
        Log in Unicard or
        Facebook user data

~~~
pdkl95
> Unicard

That's an interesting choice of name; it's also the name of an essay[1] by
John Walker[2] (who also wrote about "The Digital Imprimatur"[3]). He warned
about this type of privacy problem in _1994_ :

> Unicard - Ubiquitous Computation, Global Connectivity, and the End of
> Privacy

> ABSTRACT: Threats to privacy are often seen as efforts launched by
> governments or large corporations, using their power to circumscribe
> individuals' rights. Yet often individuals voluntarily surrender their
> privacy for promises of security or, more frequently, pure convenience.
> Based on technologies already available or certain to appear within the next
> few years, this paper explores how much convenience could be gained, and how
> much privacy lost as these technologies enter the mainstream.

[1]
[https://www.fourmilab.ch/documents/unicard.html](https://www.fourmilab.ch/documents/unicard.html)

[2] Co-founder & chairman of Autodesk, one of the designers/programmers of
AutoCAD

[3] [https://www.fourmilab.ch/documents/digital-
imprimatur/](https://www.fourmilab.ch/documents/digital-imprimatur/)

