Firefox and Chrome have both pulled the popular Stylish extension from their respective repositories, and Firefox’s developers have gone so far as to encourage existing users to disable it. Those who have searched the Chrome Extension Store in the last few days have no longer been able to find Stylish, though those who previously had it downloaded might still have it running.
Stylish allowed users to customize how pages rendered on screen. Some used it to change the UI of sites they were logged into while others ran custom CSS code to reflow every page they visited. Others used it for comedic effect by replacing images on a page with something else entirely.
Software engineer and machine learning specialist Robert Heaton complained about how Stylish has begun to intercept user’s history feeds. Through a process that many call phoning home, Stylish shares a complete list of sites a browser has visited with its corporate parent.
Heaton argues that this makes Stylish no longer a well-meaning product, as he puts it. Mike Maccana went so far as to open up a report on Bugzilla to alert developers to the problem.
His report read that Stylish was recently sold to their current owners, and the new company was interested in logging browser history. The report mentioned that it did indeed create a history store. It also mentioned that there were around 300,000 users of the extension at that time.
Stylus, an offshoot of the old version of Stylish, seems to work in much the same way as the original did. Some, like Heaton, are arguing that those who continue to need the kind of functionality that Stylish provides should instead switch to an extension like that one in order to avoid being spied on. There may be other similar extensions launching in the coming months to make up for the loss as well.
This isn’t the first time, however, that privacy issues related to Stylish have made headlines. Security news editor Catalin Cimpanu reported back in January 2017 that Stylish was going to share some types of browser data with an analytics company, though they assured those who deployed the software at that time that their anonymity would be protected.