Facebook is suing the makers of four Chrome extensions, claiming the extensions are used to spy on users.
Facebook, Inc. and Facebook Ireland filed a lawsuit againts two people behind the Portuguese business “Oink and Stuff.” Facebook alleges that the individuals have created four Chrome extensions that scrape information from a user’s Facebook profile, as well as from the information stored in their browser unrelated to Facebook. To make matters worse, the extensions’ privacy policy specifically claims the software doesn’t collect any personal information.
The extensions in question are Web for Instagram plus DM, Blue Messenger, Emoji keyboard and Green Messenger. Jessica Romero, Director of Platform Enforcement and Litigation, described the information being scraped:
When people installed these extensions on their browsers, they were installing concealed code designed to scrape their information from the Facebook website, but also information from the users’ browsers unrelated to Facebook — all without their knowledge. If the user visited the Facebook website, the browser extensions were programmed to scrape their name, user ID, gender, relationship status, age group and other information related to their account. The defendants did not compromise Facebook’s security systems. Instead, they used the extensions on the users’ devices to collect information.
Facebook does not appear to be seeking any monetary damages, but is instead looking for an injunction that will force the defendants to delete all the Facebook data they have collected.
For a company that has a reputation for being on the wrong side of privacy issues, it’s a nice change to see Facebook on the right side of this one. On the flip side, it should be a major concern to users that Google’s own Chrome Web Store is insecure enough that Facebook felt it necessary to sue a Chrome extension maker to resolve the issue.