Search code, repositories, users, issues, pull requests...

Honey, a popular browser extension, has recently been revealed to scam both users and content creators. Unfortunately, many of Honey’s users still remain unaware. If you are a website owner, you can use this detection script to warn them about the risks of using Honey.

It shouldn't be, and it certainly sounds like a violation of privacy. Unfortunately, it is, and it does. It works because of web accessible resources defined in a Chrome extension's manifest.json. Like the name implies, these “web accessible” resources can be looked up by anyone capable enough to use fetch(). From here, you can continue with nefarious activities, such as fingerprinting website visitors.

Leave a Comment