A strange and scary incident while I was researching a story this week has led me to reconsider my recommendation of the Invisible Hand browser extension. This issue also serves to remind us that there are online privacy issues we all face from sites other than Facebook.
Amazon gets browsing behavior from Google
As the video in this post shows, when I was looking up information on a product on Google, I found shortly afterward that Amazon knew about my Google search and put the product I was looking at in my "Recently Viewed" slot when I loaded up the retail site.
This cross-site data leakage was due to the way the Invisible Hand extension works on Google's Chrome browser. The same issue happens on Internet Explorer when Invisible Hand is installed. Firefox is immune.
What Invisible Hand does--which is extremely useful--is compare prices of products you're looking at on the Web against multiple other sites. It operates in the background and remains completely out of the user's way until it finds useful data to display. To do its background research, it has your computer look up pricing data on stores like Amazon, Wal-Mart, Best Buy, and others. When it does those look-ups on Chrome or IE, these target sites see your query as human browsing behavior. While Amazon appears to be the only one that actually uses the data on its storefront, showing you your "last viewed" item, all the other sites that Invisible Hand checks essentially get the same information: what you are shopping for, anywhere on the Web.
Firefox has a feature that allows background HTTP requests to be done in isolation ("sandboxed") from open browser tabs, which prevents target sites from using cookies created during the background look-ups to be used by browser tabs that the user is running directly.
Although this behavior may end up being useful to users in some cases, I consider it a serious privacy breach. I don't want Amazon or any other store to know what I'm doing on Google or on other stores, and I'll wager few users do. I'll leave the nightmare scenarios as exercises for the reader; I came up with several involving spouses and gifts (for people other than the spouses), medical supplies, behavior that reveals sexual preference, and so on.
Why so leaky?
After isolating the cause of this leakage, I spoke to Robin Landy, the founder of Invisible Hand. He told me that what I was seeing is a function of the way Chrome handles background Web requests, which is what Invisible relies on to gather data. Google Chrome and Internet Explorer do not allow "sandboxed HTTP requests." When you're using Chrome or IE with the Invisible Hand plug-in, each look-up ends up creating a cookie in your browser; retail sites like Amazon use that (and other information) to create a custom page for you.
Ironically, Invisible Hand's architecture ensures that Invisible Hand itself doesn't see your shopping data or benefit from this cross-site data sharing in any way. The IH extension works locally, on users' computers. Invisible Hand, the company, does not collect your browsing behavior or know its users identities. It doesn't even require sign-up to use.
Another irony: I would trust Invisible Hand with this data more than I would the several retail sites that it gathers data from, and who are now getting users' behavior data in the process. Invisible Hand is just one company, with a CEO that I found earnest and approachable, and its financial motives are pure. It literally makes money when its users save money. It has no vested interest in mining data further--unlike the retail sites whose pricing data it scrapes.
A source at Google looked into this and told me that this is an issue that the Chrome developers are now interested in addressing. (They should study Firefox.) I was also reminded that extensions can do as much on your computer as executable apps and should only be installed when absolutely trusted. Invisible Hand remains a "featured" extension for Chrome as of this writing.
Users of the Invisible Hand extension have a few options to make it a little less of a privacy concern. By default, the extension disables itself if you use Incognito or Private browsing modes. Also, a configuration option turns it off for Google searches; although it will still exhibit data leaking between stores (for example, if you look at an item on BestBuy.com, Amazon will show that item as "recently viewed"). And, most importantly, the data leakage does not occur on Firefox.
Invisible Hand itself at one point considered a different architecture that would shield users from the leakage problem, by running the price look-ups on its servers instead of on users' computers. Landy told me that the performance trade-offs were unacceptable.
To close, CNET to the Rescue reminds users that interactions among browsers, sites, and extensions are complex and can potentially lead to cross-site data leaks, even when all the companies involved are ones you trust. Users are especially reminded that services that operate in the background on your behalf may share data that you are accustomed to thinking of as private and isolated. See Blippy, for example. I have seen other examples of this and will be following up.