Stylish turns out to be spyware


Recently the add-on Stylish was removed from Chrome’s, Firefox’ and Opera’s web stores. It turns out that there’s actually been spyware lurking in the code since January 2017, under its new owner SimilarWeb which bought Stylish in October 2016. This code has been sending off all browsing activity such as full URL’s (so also authentication tokens etc, everything that got sent as a GET request) as well as search information. When you’re logged in to, the add-on would also send out your session cookie for this website as well, allowing correlation between browsing habits and real-world identities.

At HackingVision we strongly recommend that you uninstall Stylish if you still have it, and change passwords for any website that passed authentication data in its URL that may still be usable to establish a session. Luckily there’s a drop-in replacement called Stylus available. This one – for now at least – respects your privacy. However, constant vigilance is key.

Further reads on Stylish:
“Stylish” browser extension steals all your internet history – Robert Heaton
Browser Extension Stylish Knows What Porn You Watch (And All of Your Web History) – How-To Geek

Stylus can be installed from here: