Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URGENT: SECURITY: New maintainer is probably malicious #1263

Open
calumapplepie opened this issue Nov 3, 2020 · 552 comments
Open

URGENT: SECURITY: New maintainer is probably malicious #1263

calumapplepie opened this issue Nov 3, 2020 · 552 comments

Comments

@calumapplepie
Copy link

calumapplepie commented Nov 3, 2020

TLDR: The old maintainer appears to have sold the extension to parties unknown, who have malicious intent to exploit the users of this extension in advertising fraud, tracking, and more. In v7.1.8 of the extension (published to the web store but NOT to GitHub), arbitrary code was executed from a remote server, which appeared to be used to commit a variety of tracking and fraud actions. After Microsoft removed it from Edge for malware, v7.1.9 was created without this code: that has been the code distributed by the web store since November, and it does not appear to load the compromised script. However, the malicious maintainer remains in control, however, and can introduce an update at any time. It further appears that, while v7.1.9 was what was listed on the store, those who had the hostile v7.1.8 installed did NOT automatically receive the malware-removing update, and continued running the hostile code until Google force-disabled the extension.

The Great Suspender has been removed from the Chrome Web Store. To recover your tabs, see issue #526, or continue reading
The code in the Github repository is currently safe, and the most recent tagged release happened before the transfer of ownership. To use that version, and avoid needing to finagle URL's, enable Chrome developer mode, download and extract a copy of the code, then navigate to your extensions menu and select 'Load Unpacked Extension'.

Some others have had success simply pressing the "back" button on suspended tabs: everyone should note that the site's URL is included in the URL of the suspended page. For a pictorial guide on doing this, see this comment. Further, if you just want to reload lost tabs, you can use some form of File History on Chrome's user profile directory (while chrome is closed!), before restarting chrome and using the extension menu to unsuspend all tabs before your computer realizes the extension is banned again.

Because the malicious code loaded from a server by the extension in version 7.1.8 was heavily obfuscated, it is hard to say what may have been compromised. However, those who did manage to conduct an successful analysis of the code reported no password-stealing functionality in the copies that were archived. Indeed, it is highly unlikely that the extension would have been able to steal passwords. That being said, it is theoretically plausible: see my comment here. If you don't already, I highly recommend using a password manager like Bitwarden, to reduce the difficulty of changing your passwords, and to prevent an site that transmits and stores password information in a insecure way from causing the rest of your accounts to be compromised. Additionally, enabling two factor authentication wherever you can is a very easy and powerful way to make it virtually impossible for an attacker to get your data, even if they managed to retrieve passwords.

Full description of the issue:

@deanoemcke, the original developer, chose to step back from the extension in June 2020. As a replacement maintainer, he chose an unknown entity, who controls the single-purpose @greatsuspender Github account. Much was suspicious about this change, including mention of payment for an open-source extension, and complete lack of information on the new maintainers identity. However, as the new maintainer did nothing for several months, it was believed that there was simply a failed transfer. In October 2020, the maintainer updated chrome store package. The update raised red flags for some users, because the changelog was not modified and there was no tag created in GitHub. On investigation, it appeared that the extension was now connecting to various third-party servers, and executing code from them.

This lead a few users to panic, however, on closer investigation, it appeared that the third-party servers were part of an alternative to Google Analytics: and the changes shipped along with a new (though unexplained, #1260) tracking deactivation. It appears that deactivation works. We would later discover that this was wrong: See below

The discussion continued, however, because the new update also requested additional permissions, including the ability to manipulate all web requests. That lets the extension do what it pleases, including inserting ads, blocking sites, forcible redirects.... This change was supposedly in order to enable new screenshot functionality, but that was unclear, and probably shouldn't be needed.

Furthermore, the web store extension has diverged from its Github source. A minor change in the manifest was now being shipped on the chrome web store, which was not included in Github. This is a major concern: though again, it has a possible innocent explanation. While some think it is illegal given the license on the code, this may not be a GPL violation.. Because the minified script is not part of the extension, the license does not apply to it. Because of Web Store rules, the extension itself can be unpacked and inspected in full, human-readable form, likely satisfying the copyleft restrictions.

As a final red flag, no part of the web store posting has been updated to account for this. @deanoemcke remains listed as the maintainer, and the privacy policy makes no mention of the new tracking or maintainer. It has been several months since the transfer, but almost nothing reflects that change.

@deanoemcke did respond to the thread, after a significant delay. He confirmed much of what is above, including that the secret changes are limited to analytics and are disabled by the flag. However, he hasn't yet clarified what his relationship or basis of trust with the new maintainer is, nor has he explained why the initial post mentions a 'purchase'.

On November 6th, @lucasdf discovered a smoking gun that the new maintainer is malicious. Although OpenWebAnalytics is legitimate software, it does not provide the files executed by the extension. Those are hosted on the unrelated site owebanalytics.com, which turns out to be immensely suspicious. That site was created at the same time as the update, and is clearly designed to appear innocent, being hosted on a public webhost, and being given a seemingly innocent homepage from the CentOS project. However, the site contains no real information other than the tracking scripts, appears to have been purchased with BitCoin, and is only found in the context of this extension. Most importantly, the minified javascript differs significantly from that distributed by the OWA project.

@thibaudcolas has done a more detailed analysis then my quick look. He quickly located additional hardcoded values related to other, confirmed malicious extensions, implying that the new maintainer is responsible for them. He also found incredibly suspicious additional information, that makes it clear that the extension was not loading a modified version of OWA, but a trojan disguised as it. OWA has a PHP based backend, but the fakes are using NodeJS. The trojan sets cookies, which OWA doesn't use. The response to certain requests is a completely different type then legitimate OWA. Furthermore, @joepie91 has attempted to deconstruct the minified JS, and believes that the code intercepts all requests, meaning it can track you perfectly, and furthermore manipulates those requests and makes additional advertising requests. That means the author was probably attempting to commit several flavors of advertising fraud, as well as possibly tracking you globally.

While there once appeared to be an innocent explanation for this, I can no longer say that it is remotely likely. Using the chrome web store version 7.1.8 of this extension, without disabling tracking, executed code from an untrusted third-party on your computer, with the power to modify any and all websites that you see. The fact that disabling tracking still works is irrelevant given the fact that most of the 2 million users of this extension have no idea that that option even exists. The fact that the code may not be malware is meaningless in light of the fact that it can be changed without notice, and that it is minified (human-unreadable). The fact that a new version has since been pushed that disables this behavior isn't useful given that any future update reintroduicing the malicious code will occur without notifying the user.

Many users are worried enough about the changes that they completely uninstalled the extension, preferring alternatives instead. That extension has much fewer features, but is slightly better for performance. Others have begun building it from source, and installing it manually. If a person were to try to create a new web store release, they would need to change it significantly enough that Google wouldn't reject it as spam. To simply get a safe version for yourself, see further below. Before removing or modifying the extension on your computer, be sure to unsuspend all tabs, or you WILL lose them (though the original URL's can be extracted from the extension query's, and some are working on scripts to do just that, its easier to do just avoid all that.

Throughout the above discussions, which spanned several issues, now appear in news articles, the new maintainer has never posted on the thread, or interacted in any way with the repository. Despite an ongoing discussion about how they are plotting to destroy us all, they haven't done anything to assuage our concerns: likely in the hope that all those aware of the attack would move on eventually. They aren't dead, as they were quite quick to update the extension when Microsoft removed it for malware, and @deanoemcke reports that they. But the new maintainer might well be a literal cat on a keyboard, for the amount of interaction they have made with the community.

For those who don't want to continue using the extension, alternatives include Tabs Outliner, which lets you place tabs in an outline. Auto Tab Discard is very similar to TGS, however it always reloads the tab when it is focused. Session Buddy allows you to save tabs into "collections", that can be reviewed later, as well as providing security against crashes.

If you enjoy using the extension, and wish to continue using it as it was, download the source code from the Github repository (version 7.1.6), enable developer mode, select "Load unpacked extension", and point it at the /src directory. Bam! You are now running The Great Suspender as @deanoemcke created it. @aciidic has gone further, creating a new repository not under the control of the old maintainer, and with all tracking code removed, here. The Marvellous Suspender is another fork currently on the Chrome Web Store, for those who would prefer not to finagle with developer mode settings.

That concludes my summary. For more information, please do look further down on this thread, or at the original announcement (#1175). An analysis of the script is placed here.. Additional sources began covering this in January 2021, and a lot more picked it up after February Fourth for some bizarre reason that probably has nothing to do with the removal by Google.

Edit log

Edit 01: (2020-11-06) add details from this discussion
Edit 02: (2020-11-06) Update to reflect the newly discovered evidence for malice
Edit 03: (2020-12-06) Note technique to continue using TGS
Edit 04: (2021-01-03) Add "Urgent" to title (and WOW did people start noticing) (thanks twitter)
Edit 05: (2021-01-05) Note @thibaudcolas and his analysis.
Edit 06: (2021-01-08) Note @thibaudcolas's second analysis, clarify and copyedit throughout, and start adding dates to edits
Edit 07: (2021-01-08) Remind about the process of removing the extension, and note a bit more about maintainer
Edit 08: (2021-01-08) Last one for today, promise: Reformat edit list and other minor changes throughout,
Edit 09: (2021-02-04) Note removal from store
Edit 10: (2021-02-04) Fix bold
Edit 11: (2021-02-04) Add help for those worried about losing tabs in nice big bold letters
Edit 12: (2021-02-04) Add details about password security
Edit 13: (2021-02-04) Clarify compromise, beautify edit log
Edit 14: (2021-02-04) Obscure the fact that I made my first edits 9 months in the future (fix edit years)
Edit 15: (2021-02-05) Clarify probably breaches: regret decision to keep obsessive edit log
Edit 16: (2021-02-09) Realize that issue still contained the false implication that users were safe after November.

@XxX-Force
Copy link

...
This lead a few users to panic, however, on closer investigation, it appeared that the third-party servers were part of an alternative to Google Analytics: and the changes shipped along with a new (though unexplained, #1260) tracking deactivation. It appears that deactivation works.
...
@deanoemcke did respond to the thread, after a significant delay. He confirmed much of what is above, including that the secret changes are limited to analytics and are disabled by the flag. However, he hasn't yet clarified what his relationship or basis of trust with the new maintainer is, nor has he explained why the initial post mentions a 'purchase'.
...

Are trckingbyte.com and trckpath.com part of Open Web Analytics? Because what I am seeing in @deanoemcke's post is him saying that he can't guarantee if the changes made are legitimate analytics or if they're malware:

I'm not an expert on what is legitimate analytics gathering ... and what is deemed malware.

I apologize for possibly exacerbating the "panic", but I am just asking, and trying to put a little extra emphasis on this, because when you say:

...on closer investigation, it appeared that _the third-party servers were part of an alternative to Google Analytics...

It just strikes me as sounding a little too forgiving / innocent, though I'm sure that's not your intent.

I also want to emphasize, @deanoemcke goes on to say in that post.

Giving the publisher the benefit of doubt, I would say that they have the right to collect extra analytics so long as it is within Google's policies, and is communicated to the user. There is a privacy policy linked on the chrome webstore (which I set up a while ago): https://greatsuspender.github.io/privacy

Of course, this assumes that Google are aware of these changes, and also that the linked privacy policy is still accurate.

We know that these new "analytics" were not communicated to the user. They do violate the established privacy policy. They violate Google's policies, as the information provided all over the extension's page at the Web Store is now inaccurate (owner, contact, saying the project is open source, etc) and the privacy policy itself is no longer accurate.

and @deanoemcke had previously assured us when this sale was announced:

...the project will remain open source and the code here on GitHub will continue to reflect the code published to the chrome webstore.

Although, apparently he cannot be held responsible for the actions of the current owner of the extension. But, this is why mom said you shouldn't make promises that you can't keep.

I appreciate you making this issue @TheMageKing, and I thank you for creating a more centralized location for discussion about this topic, which will hopefully reach more users and give them the information they need in order to make decisions about what to do. I apologize, because I realize much of what I said here is simply repeating what you already provided. I just felt the need to emphasize a couple of things.

Personally, I reported this extension at the Chrome Web Store on October 29, with the following:

"The extension was sold to an unknown party. This entity has "updated" the extension to v7.18 w/o publishing changes to Github. It is calling remote scripts and using remote tracking analytics, sending user information somewhere w/o user knowledge. PLEASE SEE: #1175 (comment) AND ALSO: #1175 (comment) .. Owner refuses to communicate or respond to anyone. Can only be considered as malicious/malware at this point. We have no idea what the full changes are to the code, or the ramifications of said changes."

I also reported the user @greatsuspender and the main repository to GitHub on October 29 with the following:

"This person/entity purchased the Chrome web browser extension "The Great Suspender" :

https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg

which has over 2 million users. The project is supposed to be open source, and the master repository for it is located here:

https://github.com/greatsuspender/thegreatsuspender

The announcement and information regarding the purchase/transfer is located here:

#1175

The new owner of the extension has made changes to the code, and pushed an update to the Chrome Web Store, bringing the version up to 7.18. However, they have NOT published the code changes to GitHub, and the latest release here is 7.16:

https://github.com/greatsuspender/thegreatsuspender/releases

Obviously, after the Nano fiasco, this has brought a great deal of warranted concern to the community. Despite many attempts from many people, they refuse to respond or communicate in any way with anyone. Neither does the former/original author. It has been discovered that the extension is now calling remote scripts. Please see:

#1175 (comment)

and also:

#1175 (comment)

The extension is now injecting a tracker which violates the Privacy Policy (also linked to from the Chrome Web Store) stated here:

https://greatsuspender.github.io/privacy

This privacy policy also has not been updated to reflect that the old owner no longer owns it, who the new owner is, or what their contact information might be. It states that the extension only uses Google Analytics, which is a lie.

The project can no longer be considered as open source, since the owner refuses to make the source open and available for review. It's my belief that this person/entity is acting in bad faith, and poses a danger to the community and to every Chrome user that installs this extension. This person has had every opportunity to clarify what is going on here, but apparently has no interest in transparency or communication.. leaving any reasonable person to wonder, why did they PURCHASE this Chrome extension?

Remote code execution w/o the user's knowledge. Code changes unpublished to GitHub, yet pushed to the Chrome Web Store. New trackers injected. Violating their own privacy policy.

@calumapplepie
Copy link
Author

Are trckingbyte.com and trckpath.com part of Open Web Analytics? Because what I am seeing in @deanoemcke's post is him saying that he can't guarantee if the changes made are legitimate analytics or if they're malware

AFAIK, Dean's intention there is to comment that he doesn't know where each user draws the line between analytics and malware. Some people might think any sort of analytics is malware: others might disagree.

As for the trckingbyte.com and trckpath.com paths, they are not involved. They were found in other extensions, but do not appear in the distributed Great Suspender. My comment on the other thread explains what they are, and how they are not related to open web analytics (Okay, they are, but related as "Hackers rewriting open-source software for malicious purposes", not "Official part of system")

I apologize for possibly exacerbating the "panic", but I am just asking, and trying to put a little extra emphasis on this, because when you say:

...on closer investigation, it appeared that _the third-party servers were part of an alternative to Google Analytics...

It just strikes me as sounding a little too forgiving / innocent, though I'm sure that's not your intent.

Actually, it was. The open web analytics system, host of owebanalytics.com, really is a google analytics alternative. The code is hosted on a github repo with 1.3k stars, and there are people elsewhere who like it. The only reason I said "appears to be" is because I am quite busy, and I didn't have time to try and conduct any sort of detailed probe beyond that the website existed and wasn't written by a poor English speaker.

I also want to emphasize, @deanoemcke goes on to say in that post.

Giving the publisher the benefit of doubt, I would say that they have the right to collect extra analytics so long as it is within Google's policies, and is communicated to the user. There is a privacy policy linked on the chrome webstore (which I set up a while ago): https://greatsuspender.github.io/privacy
Of course, this assumes that Google are aware of these changes, and also that the linked privacy policy is still accurate.

We know that these new "analytics" were not communicated to the user. They do violate the established privacy policy. They violate Google's policies, as the information provided all over the extension's page at the Web Store is now inaccurate (owner, contact, saying the project is open source, etc) and the privacy policy itself is no longer accurate.

Indeed. This is the biggest reason why I am saying that they "appear malicious": those actions are major red flags, and it is sufficiently suspicious to justify a lot more scrutiny and skepticism than simple mistakes. But there is not yet evidence that they are actually malicious: everything can still be well explained by stupidity.

I'm not saying everything is rosy; there are major problems, right now. But it doesn't appear that we should start fearing for the safety of our passwords.

and @deanoemcke had previously assured us when this sale was announced:

...the project will remain open source and the code here on GitHub will continue to reflect the code published to the chrome webstore.

Although, apparently he cannot be held responsible for the actions of the current owner of the extension. But, this is why mom said you shouldn't make promises that you can't keep.

Yeah, mom seems to be right about a lot.

I appreciate you making this issue @TheMageKing, and I thank you for creating a more centralized location for discussion about this topic, which will hopefully reach more users and give them the information they need in order to make decisions about what to do. I apologize, because I realize much of what I said here is simply repeating what you already provided. I just felt the need to emphasize a couple of things.

Fair enough. I think I will edit that top post, to reflect some of this.

Personally, I reported this extension at the Chrome Web Store on October 29, with the following:

I, too have reported this on the web store. As a general rule, Google has more powers to remediate than Github: given that the source on Github is innocent, I doubt they will do much

I'll also respond to your comment in the other thread here, to condense this discussion more.

@TheMageKing, my comment was in reply to @ossilator's comment here, not to you. Regardless:
Oh, I know. I wanted to clear up some of your confusion.

... The extension is not directly connecting to the trck.... domains. It lacks the permissions to do so, -=-=-= AFAIK =-=-=-. Those sites are definitely malicious: they are hosted via a bitcoin hosting company, and were found in malicious extensions.
>...

Honestly, it's nothing personal, but this is exactly the problem. You DO NOT KNOW.

You might not be able to tell, but I hedge what I say quite a bit. I am not a Javascript developer, though I do comprehend it perfectly well. Nor do I design manifests for chrome applications.

By my understanding, based on a reading of the documentation on the subject, Google requires that all websites which the extension can connect to be independently specified in the manifest.json. In the section that I understand to control that, many sites are listed, including google-analytics.com, stats.g.doubleclick.net (the google analytics sites), and cdn.owebanalytics.com. The trck paths are not there, nor does the word 'trck' even appear anywhere in the distributed code.

So while I don't know, I can say that I am as certain as I can be, short of a Google developer stating otherwise.

-=-=-=-=-
On a completely unrelated note, I received an email notification at 7:51 Eastern Time that @danupo had commented :

"It looks like there is a "keypressEventHandler" defined that tries to steal the password with external javascript.
In addition, the "getPassword" function and other functions are defined.

As Japanese law prohibits putting any part of the malware code on it, could someone please check this?"

But, for some reason, I cannot find that comment here. @danupo, what's up?

I got that same notification: however, I found no evidence of those functions when I checked. It was very weird. I'm not certain of how to check on the event handler, but I did verify that no "getPassword" function was defined.

@XxX-Force
Copy link

Thanks @TheMageKing. I'm just going to stfu and stop commenting about this entire situation because I'm obviously pissed off about the whole thing and my incivility isn't deserved or beneficial to anyone. Genuinely apologize to you and anyone else I may have been rude to. Good luck to all.

@calumapplepie
Copy link
Author

You were fine: this is a pretty scary thing going on here.

@skycafemix
Copy link

I would like to share my own decision and how it worked for me. THe answer is quite well without TheGreatSuspender so far!

After hearing what has happened, I feel very uncomfortable about TheGreatSuspender even though I really enjoyed it up to now. A quick check shows domains with bitcoin in the name and there is a strong attempt to remain anonymous. There is no way I can trust it. I have used TheGreatSuspender along with Tabs Outliner which I also love.

I decided to buy a Pro license from the author, Vladyslav Volovyk who I found is in the Ukraine. Even though there have been rumors and posts on the extension site, even quite recently about the it being abandonware due to lack of responses, I have found posts by the author elsewhere and he strikes me as being an okay and honest programmer. I cannot hold it against someone if they do not want to dedicate their life to something, and I think it is not abandonware. I decided I trust him far more than TheGreatSuspender, it works offline, and I want the automatic downloads and extra functionality of the non-free version.

I bought Tabs Outliner pro version for about US$14 with a VISA card and it was instant gratification (even though a week ago someone said they could not purchase.) Chrome on a 2019 Macbook Pro. It works great and has automatic backup both local and to Google Drive. I just wanted to post here and let you know I have just converted over 1000 tabs, which means going to each window and unsuspending them, then in Tabs Outliner just click the X to close the entire window. And maybe type a note to name the window, or not. Poof! All those minimized windows from TGS are gone. I started feeling lighter. But the pages can be reopened from the Internet obviously. I think you can even save a downloaded page to it, and you can write notes in the tab bookmark tree and so on. I had seen Chrome slowing everything down (surprising on a new Mac) to the point I had started using Safari in parallel. Well, I saved over 1.5GB according to the Chrome task manager and I feel a lot safer.

I noticed that actually Tabs Outliner even saves windows that had crashed a long, long time ago. But they also were TheGreatSuspender links. So now I am going to each ghost of a crashed window, restoring it from the net or not, and clearing it all out. When done I will fully deactivate and uninstall TheGreatSuspender.

Hope my experience helps. Tabs Outliner works fine in free mode and I have never lost data with it, though somewhere I saw written that Chrome's storage is not bulletproof. At any rate I feel quite happy with my decision and I think TGS anyway was getting unwieldy at 1000 tabs. This was a good opportunity to lose some weight.

@skycafemix
Copy link

p.s. as far as storage not being bulletproof I can confirm that some windows that had been suspended with The Great Suspender recently did not survive a chrome crash - TGS was unable to restore them. So frankly, I think the idea of Tabs Outliner is superior to TGS even though it doesn't have the cute anime eyes. Good luck everyone, I do hope some resolution is found and the new pruchaser just turns out to be clueless, but I doubt it. Injecting anything into my data along with the other scary stuff mentioned by others is just not acceptable when I use this computer for work. I feel better without TGS.

@dmuth
Copy link

dmuth commented Nov 5, 2020

This is concerning, so I too have migrated away from The Great Suspender. I can recommend Tabs Outliner as a good replacement.

@maxxyme
Copy link

maxxyme commented Nov 5, 2020

Thanks guys!!! I think that's definitely the kind of extension I was looking for due to my heavy use of tabs and "contexts" (i.e. links open from the same page). Will try & adopt for sure!!!

@evg-zhabotinsky
Copy link

For anyone who is concerned by the "stealth tracking" (i.e. it not being mirrored on Github for some reason), you can always install from source. It is easy: go to chrome://extensions, enable developer mode, click "Load unpacked extension" and point it to the src folder from this repo. Done!

HOWEVER, I DON'T SEE THE CURRENT ISSUE (in itself) AS A REASON TO FREAK OUT:

  1. The third-party JS is loaded from OpenWebAnalytics CDN, so it should not be able to do anything bad? I'm not 100% sure, but:
  2. It does not even get loaded if you tick that "Automatic deactivation of any kind of tracking" checkbox in settings:
var owa_baseUrl = 'https://cdn.owebanalytics.com/';
var owa_cmds = owa_cmds || [];
function loadOpenWebAnalytics(version) {
  owa_cmds.push(['trackPageView']);
  (function () {
    var _owa = document.createElement('script');
    _owa.type = 'text/javascript';
    _owa.async = true;
    _owa.src =
      owa_baseUrl +
      'owa/modules/base/js/owa.tracker-combined-latest.minified.js?siteId=klbibkeccnjlkjkiokjodocebajanakg&apikey=2cf3d852ab70d359456ce3a0aac237a3&v=' + version;
    var _owa_s = document.getElementsByTagName('script')[0];
    _owa_s.parentNode.insertBefore(_owa, _owa_s);
  })();
}

function init() {
  if (!gsStorage.getOption('trackingOptOut')) {
    loadGoogleAnalytics(
      window,
      document,
      'script',
      'https://www.google-analytics.com/analytics.js',
      'ga'
    );

    let details = chrome.runtime.getManifest();
    loadOpenWebAnalytics(details.version);
  }
  gsAnalytics = gsAnalytics();
}

This is from the actual extension installed from the chrome store, 'trackingOptOut' option is set by that checkbox, and loadOpenWebAnalytics() isn't referenced anywhere else.

Yes, this is weird that they "hid" it like that. Might have to do with the hardcoded siteId and apikey, or maybe they "just wanted to experiment with it" (on users' machines, yes, but how else do you experiment with tracking?)

Yes, they handled their PR horrendously, but that doesn't mean they are automatically malicious! (And actually, "any PR is good PR". If it spreads and then it gets proven they did nothing malicious, then more people might use the extension and more would donate to them.)

Personally, I'm going to use the "developer mode install" option, but not to avoid that tracking. Mostly because of #1259 and other autoupdate-related issues, as developer-mode extensions don't get autoupdated.

@evg-zhabotinsky
Copy link

Okay, as was mentioned on the other issue, the CDN isn't affiliated with OpenWebAnalytics so it can, in theory, serve anything.
However, it can still be disabled with that checkbox.
And, technically, I don't think they are violating GPL: The extension literally is the src folder in case of this repo, you can't run it without having the sources, and it also functions substantially without the thirdparty JS library.

@calumapplepie calumapplepie changed the title SECURITY: New maintainer appears malicious SECURITY: New maintainer is probably malicious Nov 7, 2020
@calumapplepie
Copy link
Author

@evg-zhabotinsky The GPL violation was a stretch, only important we needed a way to poke the maintainer. Further, the extension on the web store is not just the src folder of this repo: there is a significant difference in the manifest.json.

@justingolden21
Copy link

Agree that someone should def throw marvelous suspender on the store. I could if nobody else will.

@makedir
Copy link

makedir commented May 21, 2021

Agree that someone should def throw marvelous suspender on the store. I could if nobody else will.

what?

@justingolden21
Copy link

Agree that someone should def throw marvelous suspender on the store. I could if nobody else will.

what?

Someone mentioned it was not on the store. I found it here though: https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa?hl=en

I no longer see their comment in this discussion though.

@calumapplepie
Copy link
Author

I no longer see their comment in this discussion though.

probably either posted sometime around January, when there was a fork on github but none published on the store. Could also be buried somewhere in my wall of text, or in one of the other issues.

@justingolden21
Copy link

Yeah that makes sense.

I tried the marvelous suspender and GOD that thing is killing me. I have a gaming desktop with 32gb of RAM and I was comfortably watching a video when the entire thing stuttered, the video cut out, I couldn't move or see my mouse, and the desktop even got loud. Well turns out, marvelous suspender decided to suspend like twenty tabs at the same time, and it nearly bricked my machine for almost a minute... Hopefully this is a one time thing after installing since all tabs probably expired at the same time, but man they need to fix that, make them suspend 30 seconds after the previous one or something.

@timetopanic
Copy link

@timetopanic I would recommend a password manager instead of a schema. One or a few leaks and the pattern can be guessed.

PS: It's unbelievable how long it took them to automatically remove the extension. I think that for most of us here was a couple of months ago (or more?).

Do you have a recommendation for a good password manager? One that WON'T sell me out without me even knowing?
It shocked me, as well. It took THREE MONTHS for Google to disable it on my browser after they had done so to everyone else, and they didn't even send a warning to the primary account that there could be possible data breaches. I had to research it all myself.

Going on seven months since I wrote this summary. If this bug was a pregnancy, it'd almost be ready to come out.

I know there are quite a few bugs in the digital world that are old enough to vote, but still.

This completely blows my mind. For some reason I was under the impression Google kept a close eye on the items they offer in their store, yet it took nearly 8 months to remove this.
I'm pretty much shuttering my use of Google after this and moving to a different provider for their various services. It's unfortunate that I can't completely escape them, but I'll be providing as little money to the company as possible in the future.

@alvinlim-ucb
Copy link

alvinlim-ucb commented May 21, 2021 via email

@aleqx
Copy link

aleqx commented May 21, 2021

private info and SSN are already circulating on the dark web from countless other leaks in the past

Go ahead, find mine. I'll pay you 1 BTC. That's a load of fearmongering tosh. Seems you either watched too much Hollywood nonsense or are careless enough and are projecting. No, private info of most of us is not "already circulating on the dark web from countless other leaks in the past", even though many leaks did happen, including banks, facebook and others. The planet is bigger than the US of A.

TLDR; Don't worry about your personal info being leaked.

Absolutely worry about personal info being leaked. Take good measures to protect and prevent your personal info getting leaked. That's how people get mugged or houses getting broken into nowadays (see BlockFi leak). At the very least don't whore them out to anyone who asks.

Odd, how are there so many people only getting the extension disabled by Chrome now, and not months earlier like the rest of us? I wonder...

Not odd at all. Some people don't close/restart their browser every day. Some have laptops that only sleep and apply manual updates after a few months.

@Koolstr
Copy link

Koolstr commented May 21, 2021

You can consider it fearmongering, but I think we can sensibly debate just how readily available everyone's private info is online, if one knows where to look.

Obviously don't be careless with your personal info and just openly share it willy-nilly. That wasn't what I was suggesting. My point was to highlight that if your private info gets out, it's not the end of the world. But of course you should be treating your personal info like any other sensitive data and only use where appropriate.

@aleqx
Copy link

aleqx commented May 21, 2021

we can sensibly debate how readily available everyone's private info is online

More baseless statements, the opposite of sensible. Like I said, go ahead and find mine or else stop this narrative as it's unhelpful at best, and it says more about you than about anyone else.

if your private info gets out, it's not the end of the world

Once again you are making this unhelpful and tone deaf statement, despite having had it pointed it out to you that people have been kidnapped, mugged, or had houses broken into because of online leaks. Everyone should take personal data leaks very seriously. If you become aware of your private info getting leaked, assess the risk and take action accordingly -- don't stay idle ignoring it (like this guy keeps suggesting). This isn't the same as being spammed.

@Koolstr
Copy link

Koolstr commented May 21, 2021

Yeah that makes sense.

I tried the marvelous suspender and GOD that thing is killing me. I have a gaming desktop with 32gb of RAM and I was comfortably watching a video when the entire thing stuttered, the video cut out, I couldn't move or see my mouse, and the desktop even got loud. Well turns out, marvelous suspender decided to suspend like twenty tabs at the same time, and it nearly bricked my machine for almost a minute... Hopefully this is a one time thing after installing since all tabs probably expired at the same time, but man they need to fix that, make them suspend 30 seconds after the previous one or something.

It's probably because i have hundreds of tabs snoozed, but Marvelous Suspender causes my PC to go into perpetual micro lag after a day or two. Didn't have this problem with Great Suspender back in the day.

I haven't experienced this at all with Marvellous Suspender, and I have tons of tabs too. Have you guys set the auto-suspend to something reasonable, like 2 days? Also disable suspending on low memory and screenshots

@timetopanic I would recommend a password manager instead of a schema. One or a few leaks and the pattern can be guessed.
PS: It's unbelievable how long it took them to automatically remove the extension. I think that for most of us here was a couple of months ago (or more?).

Do you have a recommendation for a good password manager? One that WON'T sell me out without me even knowing?
It shocked me, as well. It took THREE MONTHS for Google to disable it on my browser after they had done so to everyone else, and they didn't even send a warning to the primary account that there could be possible data breaches. I had to research it all myself.

I highly recommend BitWarden. I've tried tons of the password managers out there and this is the best of them all IMO. It's open source and (almost) completely free. Solid UI, full cross-platform compatibility, optional cloud database & vault accessible anywhere, password sharing, password generator, full auto-fill and auto-update support, etc.

@Koolstr
Copy link

Koolstr commented May 21, 2021

we can sensibly debate how readily available everyone's private info is online

More baseless statements, the opposite of sensible. Like I said, go ahead and find mine or else stop this narrative as it's unhelpful at best, and it says more about you than about anyone else.

if your private info gets out, it's not the end of the world

Once again you are making this unhelpful and tone deaf statement, despite having had it pointed it out to you that people have been kidnapped, mugged, or had houses broken into because of online leaks. Everyone should take personal data leaks very seriously. If you become aware of your private info getting leaked, assess the risk and take action accordingly -- don't stay idle ignoring it (like this guy keeps suggesting).

So what is the measure you're suggesting one should be taking when their personal info (almost inevitably) gets leaked at some point? Move to a new home and change your name and SSN every single time a web service gets hacked? There isn't anything actionable on your part when your personal info is leaked alongside everyone else's, outside of staying vigilant for potential identity theft.

@aleqx
Copy link

aleqx commented May 21, 2021

So what is the measure you're suggesting one should be taking when their personal info (almost inevitably) gets leaked at some point? Move to a new home and change your name and SSN every single time a web service gets hacked? There isn't anything actionable on your part when your personal info is leaked alongside everyone else's, outside of staying vigilant for potential identity theft.

You continue to make statements as if they are undebatable truths. They also happen to be false. If your credit card data leaks do you stay idle? If you choose to stay idle when all your private info including address, balances, transaction history, etc gets leaked then that's very much on you; stating nothing can be done and also advising others to stay idle and not worry about it is the opposite of pertinent and helpful. Pertinent people take measures (e.g. depending on the risk level - increase premises protection, hire personal protection, move out then avoid using home/office addresses but purchase virtual ones, etc etc).

It's clear you are neither aware, nor getting the idea or be able to admit you were talking nonsense. It's not like this discussion is leading anywhere, so I'm out (my intervention was intended for the benefit of the others). People like you are making the job of security professionals and cypherpunks harder. Please stop.

@Koolstr
Copy link

Koolstr commented May 22, 2021

So what is the measure you're suggesting one should be taking when their personal info (almost inevitably) gets leaked at some point? Move to a new home and change your name and SSN every single time a web service gets hacked? There isn't anything actionable on your part when your personal info is leaked alongside everyone else's, outside of staying vigilant for potential identity theft.

You continue to make statements as if they are undebatable truths. They also happen to be false. If your credit card data leaks do you stay idle? If you choose to stay idle when all your private info including address, balances, transaction history, etc gets leaked then that's very much on you; stating nothing can be done and also advising others to stay idle and not worry about it is the opposite of pertinent and helpful. Pertinent people take measures (e.g. depending on the risk level - increase premises protection, hire personal protection, move out then avoid using home/office addresses but purchase virtual ones, etc etc).

It's clear you are neither aware, nor getting the idea or be able to admit you were talking nonsense. It's not like this discussion is leading anywhere, so I'm out (my intervention was intended for the benefit of the others). People like you are making the job of security professionals and cypherpunks harder. Please stop.

When did I say you should standby on leaked credit cards? Of course you shouldn't. Look back, this whole time I have been talking about personal info - that encompasses simple things like your address and name, not your finances, wow. Those would fall under the category of sensitive info, not personal info.

For anyone with the capacity, time, capability, and finances for taking countermeasures against leaked info, go right ahead. Not all of us have the privilege or means for things like 'hiring personal protection'.

You're misconstruing what I keep trying to say, and therefore perceive it as nonsense. There is leaked info that is very much actionable and should be taken very seriously - things like leaked credit cards, etc. Your personal info does not fall into that category.
We'll stop here then since we seem to fundamentally disagree on whether leaked personal info is something to be worried about. For anyone reading, take whichever stance on the matter that seems right to you.

@alvinlim-ucb
Copy link

alvinlim-ucb commented May 22, 2021 via email

@Almighty188
Copy link

Almighty188 commented May 22, 2021

My computer is on 24/7/365 and I also had the issue with Google doing the block on The Great Suspender extension sometime after 5PM May 19, 2021 and 5AM May 20, 2021 San Francisco, Califorrnia USA time so I wonder if the people who got the block earlier were all located at certain geographical locations.

In any case, it seems like all the data files are already gone and even closing Chrome and starting it with the computer offline, the extension is disabled and does not become enabled to be able to show the Current and Recent sessions. Even manually loading v7.1.6 of The Great Suspender using Load Unpacked Extension did not work as it still would not show any sessions as the data needed is already gone.

And while using the browsers history and searching for klbibkeccnjlkjkiokjodocebajanakg, I noticed that everyone seems to mention the ones where the link is the following type:
chrome-extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html#ttl=Map%3A%20Bay%20Area%20property%20taxes%20%7C%20KRON4&pos=0&uri=https://www.kron4.com/news/bay-area/map-bay-area-property-taxes/

This one, the URL is obvious as it's right after the uri=

but it seems like a lot of my tabs has something that no one else mentioned like this for example where the uri= starts with data:text/html

chrome-extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html#ttl=%E2%98%BE%20Photos%20-%20Google%20Photos&pos=0&uri=data:text/html;charset=utf-8,%3C!DOCTYPE%20html%3E%0A%3Chtml%3E%0A%3Chead%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%0AArray.prototype.each%20%3D%20function(callback)%20%7B%0A%20%20%20%20for(var%20i%20%3D%200%3B%20i%20%3C%20this.length%3B%20i%2B%2B)%20%7B%0A%20%20%20%20%20%20%20%20callback(this%5Bi%5D)%3B%0A%20%20%20%20%7D%0A%7D%3B%0A%0ANodeList.prototype.each%20%3D%20Array.prototype.each%3B%0A%0Afunction%20setFavicon(faviconHref)%20%7B%0A%20%20%20%20var%20link%20%3D%20document.createElement('link')%3B%0A%20%20%20%20link.type%20%3D%20'image%2Fx-icon'%3B%0A%20%20%20%20link.rel%20%3D%20'shortcut%20icon'%3B%0A%20%20%20%20link.href%20%3D%20faviconHref%3B%0A%20%20%20%20document.getElementsByTagName('head')%5B0%5D.appendChild(link)%3B%0A%7D%0A%0Awindow.onload%20%3D%20function()%20%7B%0A%20%20%20%20var%20pageInfo%20%3D%20%7B%22url%22%3A%22https%3A%2F%2Fphotos.google.com%2F%22%2C%22title%22%3A%22Photos%20-%20Google%20Photos%22%2C%22favIconUrl%22%3A%22https%3A%2F%2Fssl.gstatic.com%2Fimages%2Fbranding%2Fproduct%2F1x%2Fphotos_64dp.png%22%7D%3B%0A%0A%20%20%20%20document.title%20%3D%20document.title%20%2B%20'%20'%20%2B%20pageInfo.title%3B%0A%20%20%20%20setFavicon(pageInfo.favIconUrl)%3B%0A%0A%20%20%20%20document.querySelectorAll('.pageTitle').each(function(o)%20%7B%0A%20%20%20%20%20%20%20%20o.innerText%20%3D%20pageInfo.title%3B%0A%20%20%20%20%7D)%3B%0A%0A%20%20%20%20document.querySelectorAll('.pageURL').each(function(o)%20%7B%0A%20%20%20%20%20%20%20%20o.innerText%20%3D%20pageInfo.url%3B%0A%20%20%20%20%7D)%3B%0A%0A%20%20%20%20var%20restorePage%20%3D%20function()%20%7B%0A%20%20%20%20%20%20%20%20if%20(window.history.length%20%3E%3D%202)%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20window.history.back()%3B%0A%20%20%20%20%20%20%20%20%7D%20else%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20document.location.href%20%3D%20pageInfo.url%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%0A%20%20%20%20document.querySelectorAll('a.pageURLLink').each(function(o)%20%7B%0A%20%20%20%20%20%20%20%20o.onclick%20%3D%20restorePage%3B%0A%20%20%20%20%7D)%3B%0A%0A%20%20%20%20document.body.onclick%20%3D%20restorePage%3B%0A%0A%20%20%20%20window.addEventListener('keyup'%2C%20function(event)%20%7B%0A%20%20%20%20%20%20%20%20if%20(event.keyIdentifier%20%3D%3D%20%22U%2B0020%22)%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20restorePage()%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D)%3B%0A%7D%0A%0A%20%20%20%20%3C%2Fscript%3E%0A%20%20%20%20%3Cstyle%3E%0A%0Ahtml%20%7B%0A%20%20%20%20cursor%3A%20pointer%3B%0A%7D%0A%0Abody%20%7B%0A%20%20%20%20font-family%3A%20'Helvetica%20Neue'%2C%20'Arial'%3B%0A%20%20%20%20background-color%3A%20lightgray%3B%0A%7D%0A%0Adiv%23info%20%7B%0A%20%20%20%20margin-left%3A%20auto%3B%0A%20%20%20%20margin-right%3A%20auto%3B%0A%20%20%20%20margin-top%3A%20100px%3B%0A%20%20%20%20text-align%3A%20center%3B%0A%20%20%20%20width%3A%20500px%3B%0A%20%20%20%20border-radius%3A%206px%3B%0A%20%20%20%20border%3A%201px%20solid%20darkgray%3B%0A%20%20%20%20padding%3A%2020px%3B%0A%20%20%20%20background-color%3A%20white%3B%0A%20%20%20%20box-shadow%3A%200%202px%208px%20rgba(0%2C%200%2C%200%2C%200.3)%3B%0A%7D%0A%0Ah1%20%7B%0A%20%20%20%20font-size%3A%2020px%3B%0A%7D%0A%0Aa.wakeUpButton%20%7B%0A%20%20%20%20color%3A%20white%3B%0A%20%20%20%20text-decoration%3A%20none%3B%0A%20%20%20%20border-radius%3A%206px%3B%0A%20%20%20%20border%3A%201px%20solid%20rgba(0%2C%200%2C%200%2C%200.2)%3B%0A%20%20%20%20background-color%3A%20%23426cff%3B%0A%20%20%20%20padding%3A%2010px%3B%0A%20%20%20%20display%3A%20block%3B%0A%20%20%20%20width%3A%2010em%3B%0A%20%20%20%20margin-left%3A%20auto%3B%0A%20%20%20%20margin-right%3A%20auto%3B%0A%7D%0A%0Aspan.pageURL%20%7B%0A%20%20%20%20color%3A%20darkgrey%3B%0A%20%20%20%20font-size%3A%2013px%3B%0A%20%20%20%20word-wrap%3A%20break-word%3B%0A%7D%0A%0Aa.wakeUpButton%3Aactive%20%7B%0A%20%20%20%20background-color%3A%20%2326429c%3B%0A%7D%0A%0A%20%20%20%20%3C%2Fstyle%3E%0A%20%20%20%20%3Ctitle%3E%26%239790%3B%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody%3E%0A%20%20%20%20%3Cdiv%20id%3D%22info%22%3E%0A%20%20%20%20%20%20%20%20%3Ch1%3E%26quot%3B%3Cspan%20class%3D%22pageTitle%22%3E%3C%2Fspan%3E%26quot%3B%20is%20hibernating%3C%2Fh1%3E%0A%20%20%20%20%20%20%20%20%3Cp%3E%3Cspan%20class%3D%22pageURL%22%3E%3C%2Fspan%3E%3C%2Fp%3E%0A%20%20%20%20%20%20%20%20%3Cp%3E%3Ca%20class%3D%22pageURLLink%20wakeUpButton%22%3EWake%20up!%3C%2Fa%3E%3C%2Fp%3E%0A%20%20%20%20%3C%2Fdiv%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E

The URL is there as url%22%3A%22https%3A%2F%2Fphotos.google.com%2F

so you will have to translate the following:
%3A=:
%2F=/
There is also another one which is %3F=?

so it will take a lot of time to just figure out the URL itself which in the above is https://photos.google.com

thankfully after googling The Great Suspender and reading all the different threads on Reddit, I found a tool called The Great Suspender Recovery Tool here:
https://www.producthunt.com/posts/the-great-suspender-recovery-tool?bc=1

which is available on the Google Chrome Store here:
https://chrome.google.com/webstore/detail/great-suspender-recovery/ainlmpkfinfbbgdpimmldfdgpenmclmk

This at least makes it easier because using the same links that has the problem, with The Great Suspender Recovery Tool extension, it would show up as:


data:text/html;charset=utf-8,<!DOCTYPE` html>%0A<html>%0A<head>%0A    <script type="text/javascript">%0A%0AArray.prototype.each = function(callback) {%0A    for(var i = 0; i < this.length; i++) {%0A        callback(this[i]);%0A    }%0A};%0A%0ANodeList.prototype.each = Array.prototype.each;%0A%0Afunction setFavicon(faviconHref) {%0A    var link = document.createElement('link');%0A    link.type = 'image/x-icon';%0A    link.rel = 'shortcut icon';%0A    link.href = faviconHref;%0A    document.getElementsByTagName('head')[0].appendChild(link);%0A}%0A%0Awindow.onload = function() {%0A    var pageInfo = {"url":"https://www.cnet.com/how-to/tips-and-tricks-for-android-wear-2-0/","title":"13 Android Wear 2.0 smartwatch tips you'll love - CNET","favIconUrl":"https://cnet3.cbsistatic.com/fly/bundles/cnetcss/images/core/icon/favicon-32.png"};%0A%0A    document.title = document.title + ' ' + pageInfo.title;%0A    setFavicon(pageInfo.favIconUrl);%0A%0A    document.querySelectorAll('.pageTitle').each(function(o) {%0A        o.innerText = pageInfo.title;%0A    });%0A%0A    document.querySelectorAll('.pageURL').each(function(o) {%0A        o.innerText = pageInfo.url;%0A    });%0A%0A    var restorePage = function() {%0A        if (window.history.length >= 2) {%0A            window.history.back();%0A        } else {%0A            document.location.href = pageInfo.url;%0A        }%0A    }%0A%0A    document.querySelectorAll('a.pageURLLink').each(function(o) {%0A        o.onclick = restorePage;%0A    });%0A%0A    document.body.onclick = restorePage;%0A%0A    window.addEventListener('keyup', function(event) {%0A        if (event.keyIdentifier == "U+0020") {%0A            restorePage();%0A        }%0A    });%0A}%0A%0A    </script>%0A    <style>%0A%0Ahtml {%0A    cursor: pointer;%0A}%0A%0Abody {%0A    font-family: 'Helvetica Neue', 'Arial';%0A    background-color: lightgray;%0A}%0A%0Adiv#info {%0A    margin-left: auto;%0A    margin-right: auto;%0A    margin-top: 100px;%0A    text-align: center;%0A    width: 500px;%0A    border-radius: 6px;%0A    border: 1px solid darkgray;%0A    padding: 20px;%0A    background-color: white;%0A    box-shadow: 0 2px 8px rgba(0, 0, 0, 0.3);%0A}%0A%0Ah1 {%0A    font-size: 20px;%0A}%0A%0Aa.wakeUpButton {%0A    color: white;%0A    text-decoration: none;%0A    border-radius: 6px;%0A    border: 1px solid rgba(0, 0, 0, 0.2);%0A    background-color: #426cff;%0A    padding: 10px;%0A    display: block;%0A    width: 10em;%0A    margin-left: auto;%0A    margin-right: auto;%0A}%0A%0Aspan.pageURL {%0A    color: darkgrey;%0A    font-size: 13px;%0A    word-wrap: break-word;%0A}%0A%0Aa.wakeUpButton:active {%0A    background-color: #26429c;%0A}%0A%0A    </style>%0A    <title>&#9790;</title>%0A</head>%0A<body>%0A    <div id="info">%0A        <h1>&quot;<span class="pageTitle"></span>&quot; is hibernating</h1>%0A        <p><span class="pageURL"></span></p>%0A        <p><a class="pageURLLink wakeUpButton">Wake up!</a></p>%0A    </div>%0A</body>%0A</html>

but it fixes things since all you do is paste the copied link from the extension to a text editor and then search for:
"url":"

which for the above will show:
{"url":"https://www.cnet.com/how-to/tips-and-tricks-for-android-wear-2-0/"

so the URL is already there between the "url":""
which saves a lot of time even though after 2 days, I still have not recover all of the tabs Google killed as I am not spending more than a few minutes per day for it.

@d4h0
Copy link

d4h0 commented May 22, 2021

@Almighty188:

There are some chrome extensions for recovering your tabs. For example (untested):

These search results might have more options.

So you'd install one of these extensions, open your URLs from the history, and then open the extension.

This should work. Basically, these extensions remove the part before data:text/html;charset=utf-8,[...], so only the data URL remains (this is what this URL is called). Your browser then should display the content of the data URL (which is a web page).

If that doesn't work (you have my condolence, that will be a lot of work... 😆):

The long URLs you saw are URL encoded (which means, it's encoded data that normally wouldn't be valid in a URL).

You can use an online tool like urldecoder.org to decode the data. Basically, you take the part after data:text/html;charset=utf-8, and use it as input on urldecoder.org.

I did that for the URL you posted above and found the following:

    var pageInfo = {"url":"https://photos.google.com/","title":"Photos - Google Photos","favIconUrl":"https://ssl.gstatic.com/images/branding/product/1x/photos_64dp.png"};

That seems to contain the URL. Just scan the decoded data (which contains many lines of code) for that line.

For some reason, the URL you posted contains the source code (HTML, JavaScript, etc.) of a web page.

Good luck! 😉

@Almighty188
Copy link

Almighty188 commented May 23, 2021

@d4h0

Thanks for your input.

As far as the tools go:

  1. The Great Desuspender did not show anything at all as it was basically the same # as the browser tabs I already had opened which had nothing related to The Great Suspender.
  2. The Great Suspender Recovery Tool was what I used

I already finished recovering all 450 tabs with The Great Suspender Recovery Tool since it did the decoding part so I just had to paste into Notepad++ with CTRL-V ad then did a search for "url":" but thanks for the link to urldecoder.org. I did manage to lose one tab which was not anywhere in Chrome's history as basically I always have that tab on the right hand side of Gmail
so when I have something Gmail opened in a new tab and close it, it tries to open that tab but I always put it back to sleep but since I know what it was, I just went back to Facebook groups and searched for the name of the content in that group and found it even though it took 10 minutes.

I basically have 4 windows of tabs which contained about 100 tabs each. Window 1 was the one with the ones that I had to send to the text editor after The Great Suspender Recovery Tool already decoded the URL portion and then copy link back to a new tab on the browser. A few of the tabs did have the URL so I can just open it directly into a new tab from The Great Suspender Recovery Tool directly. Windows 2-4 all had valid URL's so I can just open it directly. So for whatever reason, I seem to be the only one who has the long encoded URLs as github's various issues from years and more recent has no mention of the long encoded URLs either. #526

Unlike people who posted months ago, there is no way to open the extension where it gets enabled for a short period of time to open the extension and save the current session, mines remains disabled even when I start Chrome offline so the only way to do it is to use either Chrome's browser history and search for klbibkeccnjlkjkiokjodocebajanakg, it is slightly easier for me because I always open all 4 windows after the computer reboots so as my computer's last boot time was on May 17, 2021, all I had to do is start from May 17 2021 and later as the last time there was anything in the history for klbibkeccnjlkjkiokjodocebajanakg was for May 16, 2021 which was before the reboot.

Thanks for taking the time to reply although I think when I first saw the issue, the first 1/2 a day was more panic mode before finding working tools. Window 1 was the one that took the last 3 days while window 2-4 was all done within 2 hours.

The URL posted is exactly the way it shows up in The Great Suspender Recovery Tool as seen in the screenshot below which are basically 98% of the Window 1 tabs:
https://imgur.com/a/aOo0iFx

I am still new to Github so I am still trying to figure out how to have the code show so it doesn't get decoded by the forum.

Update 1: I should say that I did find a use for the Great Desuspender and that is because I use TabsOutliner so I have somethings that area in TabsOutliner that opens up a suspended tab for The Great Suspender so it will say blocked by client an that's when the Great Desuspender will open the tabs to the actual site.

@pattiobear
Copy link

@timetopanic I would recommend a password manager instead of a schema. One or a few leaks and the pattern can be guessed.

Do you have a recommendation for a good password manager? One that WON'T sell me out without me even knowing?

Bitwarden seems to be a decent company (but do your own research and come to your own conclusions). I believe they are open source and have a self-hosted option as well.

@orlandoryo
Copy link

orlandoryo commented May 26, 2021

@timetopanic Yes, like @pattiobear said: Bitwarden. I used it and I'm happy with it. Just try it out with a few sites and see if you like it. But I can tell you, having each site with its own super random password is really good. It also works wonders on my Android phone.

@prbhtkumr
Copy link

let's talk about some safe alternatives?

@slmingol
Copy link

@aerosol-can look through the above many options have been already discussed, this being one - https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa?hl=en.

@makedir
Copy link

makedir commented Aug 12, 2021

let's talk about some safe alternatives?

what? why? I thought https://chrome.google.com/webstore/detail/the-marvellous-suspender/noogafoofpebimajpfpamcfhoaifemoa was safe

@Technetium1
Copy link

@makedir you misunderstand... It is safe, he just had not read the previous comments mentioning it.

@luke-jr
Copy link

luke-jr commented Aug 13, 2021

TGS 7.1.6 seems to still work just fine for me

@Technetium1
Copy link

TGS 7.1.6 seems to still work just fine for me

sure it might, but you miss out on fixes and optimizations made in The Marvellous Suspender

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests