“We solely use information in ways in which immediately profit Honey members—serving to folks save time and money—and in methods they’d anticipate. Our dedication is clearly spelled out in our privateness and safety coverage,” a spokesperson for Honey informed WIRED.
Honey additionally says that it doesn’t promote the purchasing information it gleans from clients. The corporate makes cash by charging some retailers a small proportion of gross sales made with the coupons it finds—however Amazon has by no means been certainly one of them.
Amazon’s safety warning final month caught Honey unexpectedly, and the corporate scrambled to reply. It was pressured to briefly disable a number of of Honey’s options—like Droplist, which tracks the worth of particular gadgets—to stop the message from showing to extra folks. The adjustments weren’t introduced in an official weblog submit or message to customers.
“We’re conscious that Droplist and different Honey options weren’t out there on Amazon for a time period. We all know these are instruments that individuals love and labored rapidly to revive the performance. Our extension will not be—and has by no means been—a safety threat and is protected to make use of,” a Honey spokesperson mentioned.
Browser extensions may be extremely invasive, and it’s nonetheless an excellent follow to be cautious of any that you just set up in your browser. Amazon warned Honey customers that the extension can “learn or change any of your information on any web site you go to,” however this can be a primary performance of many extensions—which is why putting in solely ones you may belief is vital. In actual fact, Amazon has a browser extension of its personal known as Amazon Assistant. It additionally tracks costs, similar to Honey, and means that you can evaluate gadgets on different retailers to these on Amazon. When customers set up Amazon Assistant from the Chrome Retailer, Google additionally notifies them it could possibly “learn and alter all of your information on the web sites you go to.”
Honey says it often engages with safety corporations to evaluate its protections. Final summer time, researchers from the cybersecurity agency Danger Based mostly Safety documented a vulnerability in Honey’s extension that malicious web sites may exploit to steal consumer info. However the bug didn’t concern Honey’s personal data-collection practices, and it was patched on Firefox and Google Chrome in early 2019, in accordance with Danger Based mostly Safety. “If ever a person or unbiased researcher contacts us a few potential vulnerability, we have interaction with that particular person to know and treatment the problem (if there’s one),” the Honey spokesperson mentioned.
There’s nonetheless the chance that Amazon discovered a official safety downside with Honey, however it gained’t say what. WIRED additionally reached out to Google and Firefox, which every host extension shops for his or her widespread net browsers, however neither firm may instantly remark.
Amazon is extraordinarily protecting of its purchasing and buyer information. Whereas Honey could not have been a priority when it was solely a small startup, it’s now owned by the monetary behemoth PayPal, which was once a part of eBay, an Amazon competitor. Amazon nonetheless doesn’t accept PayPal as a direct cost choice. Within the ecommerce world, there’s no incentive to play good.
Extra Nice WIRED Tales