I’m a user on the popular game platform Roblox.com, and I recently noticed a wave of messages on the platform about a new extension regarding the platform that would help around the website, etc.
However, I went to this extension and checked it’s code (I’m paranoid with account theft) and sure enough, the extension was grabbing cookie data and sending it to a project hosted on glitch to log. I feel that this project should be removed and the creator should be suspended, as I almost lost my account on a separate site, and this project is clearly malicious.
Hi Tim, i’m an administrator for this rbxanalytics.glitch.me project. We sell licenses to people in order to use our features and APIs and this particular user abused the mechanics for his chrome extension. His license has been suspended and he is no longer welcome to use our features. We ask that you don’t punish all our users for the mistakes of one. He has been removed from our memberbase and we ask that you may return our services for rbxanalytics.glitch.me.
Let me know if you have any questions, comments or concerns.
I don’t agree that a site shouldn’t be allowed to send any cookies to Glitch. Normally a site won’t be able to access cookies that belong to another domain, so the only cookies it could send are cookies that belong to it anyway. The reason the extension code can do that in this case is because it has been installed as an extension, so it has special privileges.
@pancake, if you see this extension come back, or any others like it, please let us know and we’ll shut them down. Thanks for the help!