Cybersecurity Reach Foundation LogoCybersecurity Reach Foundation
Back to Newsletters

Rethink Your Security: Spotting Risks and Ditching Bad Habits

Discover the hidden risks in your digital habits and learn how to stay safer online by questioning outdated practices and spotting malicious tools.

Newsletter cover image

Security isn’t just about stopping hackers—it’s about making smart choices to stay safe without wasting time on things that don’t work. This week, we’re looking at two eye-opening stories that will make you rethink your digital habits. From a seemingly harmless browser extension that turned into a spying tool to outdated security rules that do more harm than good, these articles reveal the hidden risks and bad habits we need to ditch. Ready to take control of your online safety? Let’s dive in!

🚨 Heads Up! “Hide YouTube Shorts” Extension is Spying on You 🕵️‍♂️

If you’ve been using the Chrome extension “Hide YouTube Shorts” to clean up your YouTube feed, brace yourself for bad news. This extension, with over 100,000 downloads, has been exposed for secretly collecting your browser data and sending it to a shady server.

🕵️‍♂️ The Backstory

Originally created by GitHub user “Probably Raging”, the extension was later taken over by a different developer. Shortly after, it was updated to request broader permissions—a classic red flag.

Google’s Manifest V3 was supposed to enhance browsing safety and privacy. Instead, it’s turning into a major letdown.

  • While it blocks useful tools like ad-blockers (a win for Google’s ad revenue 💰), it clearly isn’t protecting users from real threats.
  • Case in point: the “Hide YouTube Shorts” extension flew under the radar, spying on users anyway.

📉 Manifest V3: A Failed Promise?

Rather than safeguarding users, Manifest V3 feels more like a power grab—limiting user control while failing to block malicious actors.

🔴 What Happened?

After the update, the extension began sending data to an external server every time users visited a website.

Why is this Dangerous?

  • Tracking your online activity.
  • Monitoring field inputs like usernames and passwords.
  • Keylogging, potentially exposing sensitive information.

This poses a serious privacy risk and could lead to phishing attacks—or worse.

⚠️ What You Should Do Right Now

  1. 🗑️ Uninstall the extension immediately and delete its data.
  2. 🧹 Clear your browser cache and cookies to remove any lingering traces.
  3. 🔑 Update your passwords, especially for sensitive accounts.

💡 Pro Tip: Use a credential monitoring tool like Have I Been Pwned or Cybersecurity Reach Foundation's tools to check if your passwords have been leaked in a data breach. This helps you act quickly to secure your accounts.

🛑 What’s Happening Now?

The extension has been removed from the Chrome Web Store, but the damage might already be done. Stay vigilant and take action to secure your online accounts today.

🔒 Stay Safe: Always double-check the permissions of extensions you install. A few extra seconds could save you from a major privacy headache.

Read More

Jonathan Price's blog is a must-read for anyone frustrated with wasteful security practices.

🐒 The "Chimps in a Cage" Metaphor

Price uses a metaphor from StackOverflow: chimps punish each other for touching a ladder, even though none of them know why. This reflects how many outdated security controls persist—they’re enforced simply because “that’s how it’s always been.”

How to Spot Useless Security Controls

  • Vague reasoning: If the explanation is “to improve security” or “for compliance,” it’s probably useless.
  • No clear “why”: If no one can explain the control’s purpose in simple terms, it’s a red flag.

✅ Useful controls have clear purposes:

  • Encryption prevents network snooping.
  • Private S3 buckets stop data leaks.
  • XSS-safe frameworks like React block attacks on your session.

💡 Why It Matters

Useless controls:

  1. Waste limited time, money, and manpower.
  2. Overwhelm employees with unnecessary security tasks.
  3. Force bad practices into compliance frameworks, affecting entire industries.

🚀 What to Do

  1. Ask why. If a control doesn’t have a clear purpose, challenge it.
  2. Focus on threats. Understand what risks a control addresses.
  3. Simplify security. Focus resources on controls that truly protect systems and data.

Actionable Advice

  • Next time you see a security control, ask: “What’s the purpose?”
  • If the answer isn’t clear, it’s time to rethink it.
Read More

When it comes to security, understanding the “why” matters just as much as the “how.” Whether it’s being cautious about the extensions you trust or questioning outdated practices, taking a moment to think critically about your digital choices can save you from bigger headaches down the road.

Subscribe to Our Newsletter