For the past few months, I have been using the “Popup Blocker Pro” extension on Chrome. All in all, it has done a pretty decent job at preventing annoying popups. However, last week, my Malwarebytes anti-virus alerted me to something that troubled me.
My anti-virus started alerting me to the fact that it was blocking requests to a domain called app.facebookprofileview.com. I knew that I had nothing on my system that should be sending such a request, so I started to investigate.
Firstly, I noticed that these requests were only being sent while I was browsing Facebook. i.e. Something on my PC was secretly sending details about my Facebook activity to a remote server.
My guess: This server takes in information about your Facebook activity so that it can be used by other apps.
Popup Blocker Pro
One by one, I started disabling Chrome extensions to see if the issue would disappear. Finally, I got to Popup Blocker Pro by popup-blocker.org, which advertises itself as “Protected & Safe”:
The requests stopped as soon as I disabled the extension. Afterwards, I Googled around to see if anyone had noticed the same issue with this extension. Sure enough, a user on the Avast anti-virus support forums had noticed the exact same thing back in October of 2017.
Now, the question is: Why is this still available on the Chrome web store? This extension, which has 567,475 users, is secretly tracking Facebook activity before passing it to a remote server.
By the way, I also visited the official website for the extension. It redirected me to a bunch of spammy advertisements that flooded me with popups and attempted to hijack my browser’s back button.