We were only able to name one extension (the one named in the presentation), as we did not have conclusive proof that data from other extensions which we found to be suspicious ended up in the data set (as the access to incremental data was limited to a short time period):

We developed a sandboxing framework to test whether Chrome extensions send URL data to a third party using a MITM proxy, the code is available on Github:

https://github.com/adewes/chrome-extension-behavior-analysis

There's also a large study on this that uses a very similar technique:

https://arxiv.org/pdf/1612.00766.pdf

In general, you should be careful about any extension that regularly sends data to a third party. You can check this in Chrome by opening the extensions list (chrome://extensions/), checking "Developer Mode" on the top right corner and clicking on "Inspect views: background page" of the extension. You can then open the "Network" tab and see all requests the extension makes while you surf the web.

I hope companies uninterested in the data go undercover as potential buyers and expose these extensions.

Maybe we can crowdsource a purchase to expose them.

i had to dns sinkhole requests to pixel.intenta.io that a browser extension was creating, every site site I visited was sent along in an ajax request to this domain.

Couldn't isolate what extension it was.

Someone else noticed the "page refresh" chrome extension making requests to that domain: https://frenchcoding.com/2015/11/12/faites-attention-aux-ext...

> Couldn't isolate what extension it was.

How not? Disabling them in a bisecting way should be a couple of minutes.