Breaking Down the Chrome Web Store (opens in new tab)

(extensionmonitor.com)

154 pointsflysonic106y ago58 comments

58 comments

40 comments · 11 top-level

typpo6y ago· 7 in thread

As the creator of several popular Chrome extensions, once you reach about 10,000 installs people will start contacting you to acquire the extension. In particular, I created a native ad detector that was briefly popular[1]. In my experience, acquirers will go after extensions that have permissions to modify any page.

My extensions were open source and had no clear path to monetization, so I can only speculate on how the purchasers planned to recoup their investments. The permissions in these extensions would allow them to inject ads or even collect credentials, etc.

Not saying that the top extension developer does this, but people are definitely making money by collecting innocuous Chrome extensions!

[1] https://www.ianww.com/ad-detector/

dessant6y ago

Recently someone has contacted me to publish a dummy Chrome extension with broad permissions, which they would have updated with their code. After declining, they have offered $20k for the job.

It was interesting to see this strategy, they are trying to implicate people to create publisher accounts for them, verified with credit cards that cannot be traced back to them and do not look suspicious. Though the money they have offered seemed too much for the job, I guess they are also trying to hook developers and convince them to do other stuff down the road.

I do get plenty of purchase and monetization offers, some of which I have shared in a blog post [1], but this was a trick I have never encountered before.

[1] https://armin.dev/blog/2019/08/supporting-browser-extension-...

ghostbrainalpha6y ago

Could you help me understand how that could be worth 20k?

Is your reputation that good? Why not pay any random person $500 for the use of their identity for the same thing.

3 more replies

AznHisoka6y ago

SimilarWeb and Jumpshot acquire extensions so they can gather data on the websites you visit. They then sell this data to other companies for marketing/intelligence purposes. I hope Google can close this loophole soon (anyone from Google listening? dustballs)

Scoundreller6y ago

Anything that weakens Google’s ad-targeting advantage is bad for Google, so I could see them interested in restricting telemetry.

steve196y ago

Chrome desperately needs a trigger whereby an extension can access a site's data only if there has been an interaction such clicking a button on the toolbar or the right click menu.

3 more replies

michaelbuckbee6y ago

The speculation is that NachoAnalytics (they let you "spy" on your competitor's traffic) does something similar -> using lots of general purpose extensions to collect data.

1 more reply

wnevets6y ago

and with auto updating you'll never notice the changes.

ajhurliman6y ago· 7 in thread

Chrome extensions are such a massive vector for unwittingly giving away all of your data. The fact that they're near impossible to monetize combined with the fact that people click through the permissions screen so easily makes it a prime target for scraping people's data.

a9t96y ago

"they're near impossible to monetize "... I would not say so. => Our UI (test) automation/RPA software consists of a totally free open-source extension for web automation plus a paid cross-platform binary file that adds additional desktop automation features. It communicates with the extension itself via native messaging.

The add-on module is available in a limited free and paid fully featured version. It is the classical freemium model, which works well for both, the extension creators and the users.

https://ui.vision/x/pricing

eastendguy6y ago

Another good example of a freemium browser extension is Grammarly. Browser extension certainly can be monetized in an ethical way. (Note: I never used Grammarly myself, just seen the many ads)

1 more reply

egfx6y ago

If I could get 1/10th that many installs on https://2fb.me I’d make a million dollars a month.