banner
阿江要努力鸭

阿江要努力鸭

好软推荐 / 效率提升 / 自我管理 / 系统方法论 / 变现点子王
bilibili
douban
email

Regarding the suspected violation of user web browsing history upload by the Cubox browser plugin

image.png
Cubox is a convenient software for later reading, but due to its annual fee of 98 yuan, Ajian did not use it.
image.png
Recently, some users have discovered that the Cubox browser plugin excessively collects user information. Users have reported that they have already disabled the browsing history sync feature in the preferences settings, but the plugin continues to upload browsing history. image.png
The user was originally a Cubox annual member, and only wanted to conveniently collect web pages and WeChat articles. It is a bit disappointing that something like this happened, and contacting customer service has not received a response. The user also pointed out that the Cubox Chrome browser plugin does not support "Allow access to data when clicking" or "Allow access to specific website data", but requires allowing access to all website data in order to use it.
Originally thought it was just a simple observation, but unexpectedly the user also provided screenshots.
image.png
It can be seen that the Cubox extension frequently uses GET requests and also successfully requests from the cubox.pro server.
According to kimichat,

From the content of the image you provided, this is a record of an HTTP request and response, specifically the captured result of a proxy tool (possibly Burp Suite). Here is a detailed analysis of the request:

  1. Request Information:
    • Method: GET, this is an HTTP GET request, usually used to request data from a server.
    • URL: /c/api/bookmark/exist?targetURL=https:%2F%2Fwww.baidu.com%2F, this is the resource path and query string of the request. The query string targetURL=https:%2F%2Fwww.baidu.com%2F indicates that the request is to check if the URL https://www.baidu.com/ exists as a specific bookmark or record.
    • Host: cubox.pro, this is the domain name of the server the request is sent to.
    • Other Headers: Including date, cookie, content type (Content-Type: application/json), etc. These headers provide additional information for the server to process the request.
  2. Response Information:
    • Status Code: 200, indicating a successful request and normal response from the server.
    • Content Length: 508, the size of the response body in bytes.
    • MIME Type: JSON, indicating that the response body is in JSON format.
    • Response Headers: Including server information, allowed headers for access control, date, etc. These information tells the client how to handle the response data.
    • Response Body: Displayed as a JSON object, which contains several fields:
      • "code":200, indicating a successful operation.
      • "message": (empty), no additional message.
      • "data": containing a field "exist":false, indicating that the target URL https://www.baidu.com/ does not exist or no corresponding bookmark/record was found on the server.
  3. Other Information:
    • The record also includes the raw data and hexadecimal representation of the request and response, which are usually used for more detailed network debugging and analysis.

In summary, this request is an API call to check if a specific URL exists in the server records. Based on the response result, the target URL was not found or no corresponding record was found on the server.

image.png
Based on Ajian's limited knowledge, it is believed that get is just a regular request and should not involve uploading user information, as uploading is usually done directly with post. However, I do not know the specific purpose of the frequent requests made by this plugin. Based on the pricing, I would not choose Cubox. Those who are more concerned about privacy can capture and study it themselves.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.