Fakespot is one of the more atrocious extensions when it comes to data collection. It sends everything you look at, everything you add to cart, while you are logged out of everything it will also persistently track your viewed items with a unique identifier. I understand that the below may be in PP/ToS but come on, a normal user will not.
It does a lot of things completely opaque to the normal end user that are well above a "please tell me if item X's reviews are good or bad" - it practically sends Fakespot almost every single page interaction or click that you do on an Amazon property.
It does the same on every other site it supports - whether or not you want your item inspected, it will notify Fakespot about what products you viewed, what browser, what you clicked on, Add to Cart or Buy Now clicks, Sort clicks, every product visible on page (by ID and seller).
They also use the same unique session identifier across sites, so items you look at on eBay/Walmart/etc can be tied to the same person as items viewed on Amazon. If you choose to try to opt out of automatic item detection, that choice is also sent back to their servers (where it then returns a 4xx and tells you to sign up or sign in to fakespot with an account to save settings).
The extension itself is many megabytes of heavily packed and obfuscated JS. If you have it installed, I would recommend not doing so.
The full Chrome privacy page - this is absolutely nuts for a review comparator:
Fakespot Fake Amazon Reviews and eBay Sellers collects the following:
Personally identifiable information
For example: name, address, email address, age, or identification number
Authentication information
For example: passwords, credentials, security question, or personal identification number (PIN)
Location
For example: region, IP address, GPS coordinates, or information about things near the user’s device
Web history
The list of web pages a user has visited, as well as associated data such as page title and time of visit
User activity
For example: network monitoring, clicks, mouse position, scroll, or keystroke logging
Website content
For example: text, images, sounds, videos, or hyperlinks
In the year before the date this policy was issued, on the Services we may have collected the following categories of California Information:
Address and other identifiers -- such as name, postal address, zip code, email address, account name, payment card numbers, or other similar identifiers
Unique and online identifiers -- such as IP address, device IDs, or other similar identifiers
Characteristics of protected classifications -- such as race, ethnicity, or sexual orientation
Commercial information -- such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Internet, gaming or other electronic network activity information -- such as browsing history, search history and information regarding an individual's interaction with an internet website, application, or advertisement
Professional or educational Information
Biometric information
Location information -- (e.g. if you access our Sites on your mobile device we may collect Information about your device's precise location.)
Online viewing activities (e.g. pages viewed)
Inferences drawn from California Information, such as individual profiles, preferences, characteristics, behaviors.
The bonus shit cherry on top: they claim they require your address, GPS coordinates, passwords, browsing history, purchase history, and personal information
under "GDPR Legitimate Interest" in the privacy policy.
They process no payments and have no fraud to speak of, because it's not a thing.
So many people on HN complaining about privacy, but then come to the comments section to defend an extension that literally collects and sells everything you do. Seems a tad ironic.
I don't think it's ironic. We can be opposed to privacy-infringing apps/corporations and be opposed to centralization and censorship at the same time.
What this fakespot (i had no idea it existed until today) is doing is NOT different from what apple/google/facebook and other data brokers are doing. I'm horrified it exists and would gladly participate in setting those corporations on fire, but at the same time i'm even more horrified when they destroy their own competition in the name of protecting us users, because it's a shameful hypocrisy.
It's basically like the police killing random citizens (mostly not those who are white/rich) then saying they have a monopoly on legitimate violence. The first situation is already terrible, but that they fight competition in their crimes against humanity is all the more reason to dismantle these entities.
It does a lot of things completely opaque to the normal end user that are well above a "please tell me if item X's reviews are good or bad" - it practically sends Fakespot almost every single page interaction or click that you do on an Amazon property.
It does the same on every other site it supports - whether or not you want your item inspected, it will notify Fakespot about what products you viewed, what browser, what you clicked on, Add to Cart or Buy Now clicks, Sort clicks, every product visible on page (by ID and seller).
They also use the same unique session identifier across sites, so items you look at on eBay/Walmart/etc can be tied to the same person as items viewed on Amazon. If you choose to try to opt out of automatic item detection, that choice is also sent back to their servers (where it then returns a 4xx and tells you to sign up or sign in to fakespot with an account to save settings).
The extension itself is many megabytes of heavily packed and obfuscated JS. If you have it installed, I would recommend not doing so.