What is tracking deactivation ?
elig0n opened this issue · 4 comments
- Extension version: v7.1.8
In Settings there is "Automatic deactivation of any kind of tracking" but even after reading the small hellp popup I'm not entirely sure what it does. Isn't that something an adblocker/similar need to do ? what does that have to do with tab suspension?
according to the (former) developer, this extension (like most others) uses Google Analytics and/or Open Web Analytics to (anonymously) track usage of certain features and stuff like that. this option disables that. i agree that it isn't particularly well labeled.
Can anyone confirm that it actually does what it says it does? Does it also disable communication with trckingbyte.com, trckpath.com, and owebanalytics.com? These are domains not covered by the extensions privacy policy, that were added by the new owner of the project, when they pushed version 7.18 to the Chrome Web Store without publishing it to GitHub.
For those who are not aware, there is great concern that this extension may now be malicious in nature.
You will find a great deal of discussion about this here:
and a summary of the situation to date here:
I have downloaded the source code of the Chrome Web Store version of TGS using https://crxextractor.com/ and made a diff file against v7.1.6 from this repo: the_great_suspender_v7.1.6_v7.1.8.txt
From line 303 to 325 in the diff file:
+function init() {
+ if (!gsStorage.getOption('trackingOptOut')) {
+ loadGoogleAnalytics(
+ window,
+ document,
+ 'script',
+ 'https://www.google-analytics.com/analytics.js',
+ 'ga'
+ );
+
+ let details = chrome.runtime.getManifest();
+ loadOpenWebAnalytics(details.version);
+ }
+ gsAnalytics = gsAnalytics();
+}
+
+if (document.readyState == 'complete') {
+ init();
+} else {
+ document.addEventListener('DOMContentLoaded', function() {
+ init();
+ });
+}Apparently both Google Analytics and Open Web Analytics are loaded only if the opt-out option is not enabled. So for now it does what it says it does.
The diff also shows that there are some changes not pushed to this repo yet. But within the diff, I have not spot any malicious stuff yet.
I do feel uncomfortable that the new code owner appears to be hiding his/her identity with a blank GitHub account and is publishing extension without source code pushed to GitHub.
For those who're worried, be reminded that you may still install older version the from source code downloaded from the release page following the instructions in the README. (Just remember to export the session before you uninstall the version from Chrome Web Store).