Everyone loves a bargain when shopping online, especially around the holidays. As you’re aware if you’re a savvy online shopper, shopping browser extensions can bring more of those bargains to you by searching the internet to find good deals. 

This saves you the time of having to dig around and search for just the right code. Popular choices include Honey, PriceBlink, Amazon Assistant, Capital One Shopping, and Shoptimate. 

Consider PriceBlink, which says it checks more than 11,000 merchants for price-drop alerts, real-time promo codes, and free shipping codes. One of its core messaging is “no need to check SlickDeals for the best deal or Retailmenot for the best coupons, PriceBlink automatically alerts you when a better deal is available.” 

But have you ever considered what those sites need to know about you to “automatically alert” you to new deals? What’s the catch, anyway? Well, browser extensions work by collecting and tracking your personal information.  

Here are a couple of reasons we’re not big fans of shopping browser extensions:

  • First, you’re trading in your online privacy in exchange for the convenience of these extensions.  
  • Second, they’re not doing anything you can’t do independently. What’s wrong with manually searching for coupons? When you find something you want to purchase, it takes mere minutes to search for sweet deals that don’t compromise your online privacy by oversharing your personal information.

Understand the Risks of Shopping Browser Extensions  

Next up, let’s examine three risks that may make you consider using them at all.  

They could lead to malware. 

Danger lurks, even on legitimate-looking extensions. In fact, Google removed 106 browser extensions from its Chrome Web Store after reports they were stealing sensitive user data. Rogue browser extensions — some take screenshots or grab passwords — are being called the “new malware.” 

Even when you’re downloading the extension from a reputable web store and/or installing up-to-date virus protection on your device, vulnerabilities still exist. Last year, a cybersecurity firm found security risks with Honey, the shopping browser extension that PayPal purchased for $4 billion (yes, billion) in 2019. The vulnerability exposed user information via a specially crafted web page that spoofed the Honey extension elements and stole user information. 

They track you and know your browsing history. 

In order to offer you amazing deals and coupons, these extensions need permissions to view and track your personal data. You may not realize this is akin to leaving the curtains wide open in your home for all to see, because this type of tracking includes not just your IP address and device type, but also your precise location and purchase history. 

In addition to tracking, the permissions you enable to use these services also allow the tracking of your browsing habits. That’s right — it’s not as though trackers are analyzing only what you purchase, they’re also measuring every single item you look at online. Indeed, it’s the “browsing” that was so appealing to PayPal and a key reason it acquired Honey

PayPal (which also owns Venmo) now has more data on what it calls the “deal discovery process” for online shoppers. In plain English, a deal-discovery process is an Orwellian way of saying it’s watching how Honey’s estimated 17 million members normally behave online. 

Remember that the money is in the data — a key reason PayPal invested $4 billion dollars on a browser extension, after all. Paypal now has full transparency into customers’ shopping habits and preferences. 

They may share your data with third-parties. 

Browsers may be free to download and use, but keep in mind another trade-off: they may share your personal data, including your social media data, with third-party affiliates. 

While PriceBlink’s privacy policy says it doesn’t share personally identifiable information, it admits that third-party cookies “are designed to improve your online experience by facilitating the receipt of targeted advertisements while on PriceBlink and while you are viewing other websites. These third parties may use information about your visits to PriceBlink and other web sites obtained through their cookie only to provide advertisements for goods and services of interest to you. Other companies’ use of these cookies is subject to their own privacy policies and not ours.”

Capital One Shopping, which purchased Wikibuy in 2018, notes in its privacy policy that “if you download and use our browser extension, we may collect browsing, product and e-commerce information, including but not limited to product pages viewed, pricing information, location data, purchase history on various merchant websites and services, the price you paid for items, whether a purchase was made, and the coupons that you used.” The policy also states it collects your IP address and “data about how you use our website and how you interact with our website and mobile advertisements; data about your mobile device; advertising identifiers; precise location data; social media preferences and other social media data.”

The popular Krebs on Security blog says browser extensions, “however fun they may seem when you install them — typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we’ll see, it’s not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals.”

Wrapping Up 

Most shopping browser extensions today collect your personal shopping data, often without your knowledge or consent. If you’d rather find your own deals this holiday season, try searching for deals on your own instead of freely sharing your sensitive personal data. To protect your online privacy, consider carefully whether having the shopping browser extension is truly worth it. 

If you’re ready to try a top-rated ad-blocking and data privacy solution, we invite you to test out Ghostery. Click HERE for more