For some reason (don\u2019t ask my why), I decided to install the Alexa toolbar for Chrome to try it out. It works well for what it does, and I didn\u2019t see anything wrong with it besides the expected privacy violation (tracking) of them sending all your traffic to their servers.<\/p>\n\n\n\n
So every time you visit a site, a request is made to their servers to query the site rank:<\/p>\n\n\n\n
192.168.1.X.44210 > 107.22.173.51.80:<\/em> If you are using it, you expect those requests to be made (wich is supposed to be anonymous), so not a problem.<\/p>\n\n\n\n However, I just noticed one big issue is that they also do that for all your HTTPS traffic. So if you are visiting a https site (which would be encrypted in the wire), you are also leaking the sites you are visiting via their rank requests. So if I go to gmail.com (https), a HTTP request is made at the same time:<\/p>\n\n\n\n 192.168.1.X.47733 > 23.21.107.170.80:<\/em> I actually thought their plugin (extension) would not work for HTTPS or would at least have a setting to disable it. This is specially bad because now you are leaking all your encrypted traffic browsing for anyone that is watching the wire.<\/p>\n\n\n\n *I know, I know, if you are using that toolbar you probably don\u2019t care about privacy, but it is something to keep in mind. A simple fix is to just remove it and move on.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" For some reason (don\u2019t ask my why), I decided to install the Alexa toolbar for Chrome to try it out. It works well for what it does, and I didn\u2019t see anything wrong with it besides the expected privacy violation (tracking) of them sending all your traffic to their servers. So every time you visit […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/17"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=17"}],"version-history":[{"count":2,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/17\/revisions"}],"predecessor-version":[{"id":21,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/17\/revisions\/21"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=17"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=17"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=17"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
GET \/data\/ABCD?cli=10&ver=alxg-1.1.0&dat=ns&url=http%3A\/\/sucuri.net\/ HTTP\/1.1<\/em>
Host: data.alexa.com<\/em>
Connection: keep-alive<\/em>
User-Agent: Mozilla\/5.0 (X11; Linux i686) AppleWebKit\/535.7 (KHTML, like Gecko) Chrome\/16.0.91\u2026<\/em>
Accept: *\/*<\/em><\/p>\n\n\n\n
GET \/data\/ABCD?cli=10&ver=alxg-1.1.0&dat=ns&url=https%3A\/\/gmail.com HTTP\/1.1<\/em>
Host: data.alexa.com<\/em>
Connection: keep-alive<\/em>
User-Agent: Mozilla\/5.0 (X11; Linux i686) AppleWebKit\/535.7 (KHTML, like Gecko) Chrome\/16.0.91\u2026<\/em>
Accept: *\/*<\/em><\/p>\n\n\n\n