This article is more than 1 year old
Facebook tells Portuguese court that a biz called Oink And Stuff makes profile-harvesting browser extensions
Not a machine-generated headline, we swear
Facebook and its Irish subsidiary on Thursday announced the filing of a lawsuit in Portugal against two people for allegedly scraping Facebook profile data and other browser info using malicious Chrome extensions.
"Using the business name 'Oink And Stuff,' the defendants developed browser extensions and made them available on the Chrome store," said Jessica Romero, director of platform enforcement and litigation for Facebook, in a blog post. "They misled users into installing the extensions with a privacy policy that claimed they did not collect any personal information."
Oink And Stuff did not immediately respond to a request for comment. The company's privacy policy claims, "Oink and Stuff is audited by Softpedia Labs as 100 per cent Clean, which means it does not contain any form of malware, including but not limited to: spyware, viruses, trojans and backdoors."
Softpedia Labs, part of Bucharest, Romania-based SoftNews Net SRL, did not immediately respond to a request for comment.
Romero claims that four Oink And Stuff Chrome extensions – Web for Instagram plus DM, Blue Messenger, Emoji keyboard and Green Messenger – "were malicious and contained hidden computer code that functioned like spyware."
According to Romero, the Oink And Stuff extensions were designed to surreptitiously scrape data from users' Facebook account – name, user ID, gender, relationship status, age group and other account data – and to collect unrelated details from people's browsers.
Facebook sues to shut down alleged Instagram clone maker over scraping and sharing personal info for cash
READ MOREShe said Facebook is seeking an injunction and the deletion of all the Facebook data that the defendants allegedly obtained. The social media biz has made a habit of such litigation, having filed claims last year against a software developer based in Istanbul, Turkey, for allegedly snarfing Instagram data and against a New Jersey-based marketing firm for gathering social media data through its advertising SDK.
The extensions still show up in Google Search results but their Chrome Web Store pages have been removed. The four extensions have also been removed from Mozilla's Firefox Browser Add-Ons Store. Both the Chrome Web Store and the Firefox Add-Ons Store still host other extensions by the company, which claims to be located in Myanmar, on surviving Chrome Web Store pages.
Google has been struggling to mitigate the risk of malware in its Chrome Web Store for a decade and the problem remains unsolved. The company continues to conduct periodic purges of misbehaving extensions and has ratcheted up its developer restrictions, without much effect.
Its latest gambit includes more comprehensive privacy disclosures in Chrome Web Store listings and a revised extension API called Manifest v3 that's due to arrive in the Chrome stable channel next week, with the anticipated January 19 release of Chrome 88.
A Facebook spokesperson declined to provide a copy of the lawsuit filed in Portugal because it contains personal data, the sharing of which could be deemed a privacy violation by local authorities. ®