The Tallest Dwarf

RSSEmailTwitterGitHubDribbbleLinkedInFacebookInstagramYouTubePinterestReddit icon

Possible compromise of Read Aloud browser extension

Posted at — Sep 23, 2021 by Abishek Muthian

Possible compromise of Read Aloud browser extension.

Read Aloud is a famous Text-To-Speech browser extension with 65,065 Users & Recommended badge on Firefox and 3,000,000+ users on Chrome web store. It is mostly used by people with accessibility needs, Especially those who are visually impaired.

I saw a hyperlink with the text 'India success [story]' on the footer of the popup of the extension. Clicking the URL leaded to the YouTube video titled 'Home ivermectin based kits in India' [1].

Read Aloud browser extension compromise Image credit: User WolfIcefang on GitHub.

Checking the code [2] the content for the hyperlink is fetched dynamically from the readaloud website [3].

{"id":"ivermectin","text":"India success [story]","link":"https://youtu.be/eO9cjy3Rydc","period":1440} ```

The hyperlink is changed then changed from 'India success [story]' to 'report issues' automatically.

The publisher of the extensions seems to be same as the developer, I have asked for clarifications on their ~~GitHub issues~[4] Archive.

Update

The developer/publisher has commented on the GitHub Archive saying quote, to bring awareness to a story that has so far been suppressed, unquote.

I have pointed out the misinformation in the statements and deceptive practices to the developer but the developer is doubling down on their claims without addressing the deceptive practices.

My opinion is that the browser extension should be reported for it's deceptive practices on Chrome webstore and Firefox add-ons and taken down to prevent misinformation and potential harm to the users.

Archive of URLs

[1] https://web.archive.org/web/20210923144909/https://www.youtube.com/watch?v=eO9cjy3Rydc

[2] https://web.archive.org/web/20210923143226/https://github.com/ken107/read-aloud/blob/8770c74f323392ba113f50eb1c4014d07b28ffd9/js/popup.js

[3] https://archive.is/QUgkl

[4] https://web.archive.org/web/20210923150526/https://github.com/ken107/read-aloud/issues/232

Change Log

23 Sep 2021: Added statement from the developer with my opinion on what action needs to be taken. Updated GitHub URL with archive as the developer deleted the issue I raised.

Did I add value?

Out of respect for your attention and concern for your privacy I don't have advertisements or any tracking cookie.

Let's have an obligation free discussion on this content or other common interests over email while supporting The Tallest Dwarf to continue writing.

If you cannot make a monetary support, I understand; Please like and share this content in the platform of your choice to defeat their conformist algorithms.

Dan has bought a Coffee for The Tallest Dwarf. Here are the other supporters.