Awesome Screenshot URL tracking and niki-bot, some pretty sketchy things going on in the Chrome extension world. Hope Google starts cleaning these up soon. BTW if you want a better screenshot tool my Automattic colleague Davide makes Blipshot which contains no tracking or spyware.

17 thoughts on “Beware Chrome Extensions

  1. That’s terrible, we have been using it for 2 years or so now. Everyone here finds it so useful that we would be happy to sign up for a premium version, but seeing that research we would certainly have to find another option.

  2. YIKES. I love the functionality of Awesome Screenshot. Removing it now. Thanks for pointing this out and recommending an alternative.

  3. That is notorious.

    Have tried something like this earlier. Used Google Chrome extension to steal password. Just uploaded it to github. Here is the link

    I haven’t tried added this code to a useful extension and submitting it to Google.

    There is an interesting things which I found. I tried doing the same with a Firefox plugin and it did not allow me to send requests to any as it respected the Content Security Policy (CSP) header. I raised a bug in Chromium and they said that Extenions are intentionally able to bypass a site’s CSP.

  4. I know you hate email – but for gmail there are a couple of great and very productive extensions – Boomerang and Rapportive… There are some good non-extension programs for screen capture, I happen to like the ‘snipping tool’ on my pc (because usually I just want to capture a part of my screen not the whole thing) but have also tried ‘snagit’ and really like it as well.

  5. Can’t imagine anyone using Chrome extension for screenshot as I’ve always use native app included in the OS, such as Grab on Mac. I’ve also been purging my Chrome extensions as some of them can be a real resource hog.

  6. Thank you, Matt! I don’t use Chrome, but I have the extension on Firefox. So I’m off to uninstall and remove it.

    PS: I tried liking this post using WordPress, but it won’t respond. I tried doing this comment using WordPress, but it didn’t respond. 🙁

  7. I can never understand why people use “tools” for screenshots. My mac does a whole screen on Cmd Shift 3 or an area on Cmd Shift 4. Windows does a whole screen with Ctrl PrtScreen and a single app window with Alt PrtScreen (or vice versa) and then you paste it into MSpaint and save.
    OSX’s QuickTime player will do screen recording for you if you need a video (then run it through handbrake to recode with a compression). I don’t know a screen recorder for Windows offhand.
    Maybe if you’re doing hundreds of screenshots, some sort of tool would be useful but for most people : Why?

      1. Same here, this is the only reason I use(d) Awesome Screenshot, so I could take screen shots of whole pages for portfolio, client tutorials, and other purposes. Trying Blipshot, at least I know it’s not going to steal my stuff.

  8. When I was reading this, I first was with Max Allen. Why install an extra tool when you can make a screenshot with one keystroke?
    And: This is a bit scary, but isn’t making screenshots a ‘gray area’ anyhow?
    (Not to talk about the tracking of browser history in Awesome Screenshot …)
    Except you are using it only for private reasons or from your own stuff.
    And what’s the advantage of an screenshot from a long page, compared with the ‘save site …’ function within the browser? With the later you can still use/click the links and copy and paste text pieces if needed; with a screenshot you can’t do that.
    I’ve just tested Blibshot a little bit. Very nice and 1 click less, but it doesn’t work properly if you have a long site with a fixed navigation bar. Take the HOME page and SPEAKERS page of the NYC Wordcamp 2014 as an example: With the home page it’s going to crash and the image of the speakers page does have lot’s of navigation bars in it. Room for improvement?

    If you take wkhtmltoimage and some PHP
    (see and follow the link below, you might find a site where you can test it 😉 but beware the screenshot is on the server for one day)
    you get a much better result 🙂 and also a layout with horizontal scrollbar (one of my favorites: old stuff I know) looks mighty fine and complete. I just remembered that I was googling for some method to make a screenshot from PHP … But well that’s all server-sided then, except you run it local in the commandline or with some shellscript etc … And wkhtmltoimage delivers the same log file result like in the article mentioned (AppleWebKit/537.36 …) above.

    Never thought I’d learn so much today 🙂
    Thanks for all the comments and the inspiration to research that again!

    1. Thanks for that very informative research. And pointing toward that ‘opt out’ settings. I mean, almost every software you can install or is installed by default (on Windows) needs a proper configuration to ‘opt out’ some security issues. Just take a addition Browser installation … the save Password option is always on by default. *oops* And so many user’s just don’t know, not to talk about the private mode for example in Firefox. At least that’s my experience for some years now … Looking forward to the comments on your site about the firewall recommendations. Shame nobody commented so far.