Data harvesting found in MetaMask, Avalanche web extensions
A researcher who found evidence of data harvesting inside Ledger Live has revealed equally disturbing harvesters inside MetaMask and Avalanche browser extensions. MetaMask , the world’s most popular Crypto wallet, uses a single pixel (‘1X1’) iFrame to embed trackers into its browser extension . The Ethereum- and ConsenSys-backed extension contains a data harvesting ‘analytics_iFrame’ within its code. For context, the iFrame is an old trick by web marketers. Publishers would secretly serve ad code inside an iFrame displayed as one, invisibly small pixel — tolling untold profits through invisible ad impressions . Due to years of iFrame abuse, many web browsers and advertising platforms ban iFrames altogether. Many browsers and advertising platforms ban iFrames — but MetaMask still uses them. However, MetaMask still uses an invisible iFrame — perhaps hoping that no one would have thought to look through its outdated bits of CSS code. The iF...