Privacy-focused ClearURLs extension removed from Chrome Web Store
Bleeping Computer noted that the ClearURLs browser extension, which cleans URLs from any analytics trackers, has been removed from the Chrome Web Store.
ClearURLs are provided for both Google Chrome and Firefox and Edge. Journalists explain that many sites have long URLs with additional parameters that do not provide any functional value, but are used to track users. This may apply to links found in newsletters, for example:Google search result URLs do not differ and also contain many trackers. The Register reporters demonstrate the difference in Firefox with ClearURLs enabled and disabled.
After the extension has been removed from the Chrome Web Store, its developer Kevin Roebert state:
“The reasons [for blocking] are hilarious, probably bogus, and the point is that ClearURL is damaging Google’s business model. ClearURLs has fulfilled its mission of preventing URL tracking, where Google is making money. I think ClearURLs has so many users now that Google doesn’t welcome it, and the company would like to see this addon disappear forever.”
The developer says that Google told him that the description of the extension is “too detailed” and thus violates the rules of the Chrome Web Store:
“Mentioning all of the people who helped develop and translate ClearURL is against Google’s policies because it can ‘confuse’ users. It is ridiculous. The ClearURL description is considered misleading because it is too verbose and describes irrelevant things. What exactly has nothing to do with the description of the extension, Google did not tell me. So it’s hard for me to fix it.”
Google also said that the description of the extension does not mention that it contains certain functions, including functions for importing and exporting settings, a logging function and a donation button, which allegedly also misleads users. In addition, the company did not like the fact that ClearURL unnecessarily requires permission to write to the clipboard.
Reubert replied that this was not true, and descriptions of all requested permissions can be found in the Chrome Web Store Developer Dashboard. He also initially denied Google’s claim and stated that clipboardWrite has a simple explanation: the function is used to write “clean” links through the context menu to the clipboard.
The developer later commented to Bleeping Computer that clipboardWrite was actually more needed, it was a “holdover from the old version of ClearURLs,” and some time ago he switched to a different method of copying to the clipboard.
Interestingly, during the discussion of this story on Y Combinator Hacker News, some users reported that the extension previously contained an arbitrary code execution vulnerability. Other commenters have stated that ClearURLs has other security concerns: “the extension can redirect script URLs to arbitrary sources, and the filter list is periodically updated from the GitLab page, allowing the filter list provider to perform targeted attacks.”
As a reminder, Google introduces new restrictions on extensions in the Chrome Web Store.
Overall, some users reasonably questioned whether a company like Google could be concerned about one small extension that could affect the IT giant’s business model. Others have written that Google’s enormous influence over Chrome extensions and web standards may end up being a problem, and the ClearURLs case may indicate that the company is actively monopolizing this area.
Also, some users noted that the incident only strengthened their desire to continue using the Mozilla Firefox browser.
Reporters write that you can still download and manually install ClearURLs for Chrome from GitHub. Moreover, Reubert has prepared a new version 1.21.0 with which will soon appear in the Mozilla and Edge extensions directories (while the version is pending).
Google representatives have not yet commented on what is happening.
Recall that we wrote that Google traces users online-purchases and saves them in Gmail services.