Browser extension from Yandex
Faced a browser extension "Alternative Search" from Yandex.
I decided to tell something that is not mentioned in the description of this extension.
Available information
Name: Alternative Search
Last updated: December 9, 2015.
Version: 8.15.1
Expansion Description
Alternative search helps you quickly switch between Yandex, Google, Mail.ru, Bing, YouTube or VKontakte search results.
In one click, you can get an answer to your question from Yandex, Google, Mail.ru, Bing, YouTube or search on VKontakte videos. The extension is available on all listed sites.
')
By installing the program, you accept the terms of the License Agreement legal.yandex.ru/desktop_software_agreement
In one click, you can get an answer to your question from Yandex, Google, Mail.ru, Bing, YouTube or search on VKontakte videos. The extension is available on all listed sites.
')
By installing the program, you accept the terms of the License Agreement legal.yandex.ru/desktop_software_agreement
List of sites from manifest.json
"*: //*.bing.com/*" "*: //bing.com/*" "*: //*.mail.ru/*" "*: //mail.ru/*" "*: //*.vk.com/*" "*: //vk.com/*" "*: //*.youtube.com/*" "*: //youtube.com/*" "*: //*.google.com/*" "*: //google.com/*" "*: //*.google.com/*" "*: //google.com/*" "*: //*.google.com.tr/*" "*: //google.com.tr/*" "*: //*.google.com.ua/*" "*: //google.com.ua/*" "*: //*.google.by/*" "*: //google.by/*" "*: //*.google.kz/*" "*: //google.kz/*" "*: //*.twitter.com/*" "*: //twitter.com/*" "*: //tr.wikipedia.org/*" "*: //*.izlesene.com/*" "*: //izlesene.com/*" "*: //*.eksisozluk.com/*" "*: //eksisozluk.com/*"
Small overview of the expansion
1. User comments
This information is incorrect. There is no information that users do not know how the extension in question has got to them at the moment . Nevertheless, the word “usually” can be explained, for example, by comments to another Yandex extension , or to this one .
A standard message is written to all user complaints:
Standard message
Hello!
Earlier, you wrote to us about the lack of possibility to disable the “Alternative Search” installation proposal. We want to inform you that this opportunity has appeared. To do this, go to the page yandex.ru/search/customize , check the box "Do not show me the suggestion to install an alternative search" and click "Save and return to the search."
Have a nice day!
Earlier, you wrote to us about the lack of possibility to disable the “Alternative Search” installation proposal. We want to inform you that this opportunity has appeared. To do this, go to the page yandex.ru/search/customize , check the box "Do not show me the suggestion to install an alternative search" and click "Save and return to the search."
Have a nice day!
2. Cookie
The extension sets cookies on Yandex domains and, accordingly, they are sent for any request associated with these domains (do not forget about the Yandex direct on sites, perhaps a mailbox, etc.).
Domain List
http: //.yandex.ru/ http: //.yandex.kz/ http: //.yandex.ua/ http: //.yandex.by/ http: //.yandex.com/ http: //.yandex.com.tr/
Three variables are set in cookies:
Kind of variables
yandexuid = [19-digit number]; ys = altsearchchrome.8-15-1; yp = [string with a set of data, of the form: [number] .gpauto. [number]: [number]: [number]: [number]: [number] # [number] .ygu. [number]]
3. Search engines
For each user search query, the extension sends requests of the form:
https://clck.yandex.ru/click/dtype=stred/pid=[tuchtl/cid=ccccvt/path=chrome.8-15-1.bserp.show/ui=%7[ GUID]% 7D / brandID = yandex / *
What is characteristic is that the letter “b” from the part of the request “bserp” means that the Bing system was used. Each system has its own letter.
4. Redundant rights
The extension has excess rights, some of which are not used.
List of rights from manifest.json
"ContextMenus"
"WebRequest"
"WebRequestBlocking"
"WebNavigation"
Cookies
"UnlimitedStorage"
"Management"
"Tabs"
"Notifications"
"Idle"
"Geolocation"
"Chrome: // favicon /"
"Chrome: // favicon / *"
"Http: // * / *"
"Https: // * / *"
"Storage"
"WebRequest"
"WebRequestBlocking"
"WebNavigation"
Cookies
"UnlimitedStorage"
"Management"
"Tabs"
"Notifications"
"Idle"
"Geolocation"
"Chrome: // favicon /"
"Chrome: // favicon / *"
"Http: // * / *"
"Https: // * / *"
"Storage"
What is it done for?
This is done with the following purpose. If someone wants to change the functionality of the extension in the future, for example, pick up a list of extensions installed on the user or manage their state. Then he will need to add the right "management". If you add it later, when updating the Google Chrome extension, either notify the user or disable the extension. Because the user consents to the use of some resources and simply cannot be changed. But if you include a bunch of rights at once in the initial extension, then later on you can do whatever you like during the update.
And, by the way, the setting “Consider my location in Yandex services” is already on by default.
5. Collecting statistics
The extension has the functionality to collect statistics about visited sites, referrers, etc. But this functionality is disabled by default and the user can enable it on his own. But it is worth remembering that nothing prevents to make this feature enabled by default the next time the extension is updated.
Conclusion
When installing this extension, the user must know the following:
1. The extension has the functionality of collecting information about user actions, but it is currently disabled.
2. The extension sets the cookie, thereby associating the data transmitted by the extension with other data that Yandex has. Perhaps with your name and the name that you entered in the Yandex mailbox.
3. The extension sends information about when and how you used the search.
4. The extension has redundant rights, which makes its use unpredictable in the future.
5. The setting "Consider my location in Yandex services" is enabled by default.
Source: https://habr.com/ru/post/273027/
All Articles