Back in the day when Chrome was (more of) a memory hog, Chrome extensions came to the rescue to help make our browsing experience more manageable and pleasant. One such extension that rose to popularity was called The Great Suspender. It still exists today but despite its long and favored history, 2020 was the year that I personally think it lost its throne – for a few reasons. Let’s discuss.
The Great Suspender has over 2 million installs on the Chrome Web Store and reigned as king for a long time for those who wanted to preserve their RAM and have lots of tab sessions – to have their cake and eat it too, so to speak. However, the extension’s developer, Dean Oemcke, sold it in June of this past year to an unidentified party, according to The Register, who tried to contact its new owner. They’ve yet to receive a response and here’s why that’s troubling.
Since the transfer of ownership, there have been a bunch of code changes to the extension’s GitHub repository and two new versions have been released automatically to users via the Chrome Web Store (7.1.8 and 7.1.9). The problem here is that extensions aren’t supposed to be pushed to a user’s machine without their explicit permission, and those two versions aren’t even listed on the repository!
Worse still is that after several experienced users did some digging in those version’s code they found that The Great Suspender was utilizing something pretending to be Open Web Analytics (OWA) (used for tracking) and remote scripts that would be run via a content delivery network (CDN). In English, this means that without a user’s consent, their data may have been siphoned out from under their noses.
Some users claim that these two versions of The Great Suspender include code that’s consistent with malware or crypto mining extensions! Wait, what? Okay, slow down here for a second – is this popular and well-known extension stealing user data? Well, it’s we can’t know for sure since no malicious behavior has been detected so far, but the fact that these analytics tools and scripts have even been injected into the extension and since it was pushed to user’s devices automatically, still makes it suspicious.
The Register interviewed a developer named Josh Manders from Primacloud, a CRM and reporting company, and he stated that as he dug into the source code of The Great Suspender, numerous links to other extensions that had been purchased from developers and repurposed as malware were present within.
He said he suspects the owner intends to wait for the online controversy to die down and then subvert the code through further changes.The Register
The concern here is that while this mysterious new owner is just using additional tracking for analytics in the extension, it could potentially be used for malicious intent, especially since it’s using suspicious code from other suspicious extensions. Google recently declared war on the free reign that extensions have had on user data and has a plan for 2021 to force developers to be more transparent by issuing a ‘seal of approval’ for those that follow strict guidelines about how they’re utilizing a user’s data. All of this comes as 15 Chrome extensions were recently found to be abusing their userbase and stealing their data. Needless to say, we’re all becoming quite weary of these types of situations and it needs to stop.
We probably won’t find out whether or not The Great Suspender was actually compromised or simply mishandled, but what is clear is that many Chrome users have already moved on. Ever since Chrome 87 has made significant improvements to performance and memory management, Google released their popular Tab Groups feature and even added freezing and collapsing capabilities to them, tab management extensions have drastically fallen in popularity. For the majority of users, having a tool for this built right into Chrome out of the box makes it something they just pick up and use.
I, myself, still use things like Toby, which has a better interface and more modern features, but Google really is starting to bake a lot of these things right into the browser nowadays, so I’m a big fan of that. I know that for many of you, The Great Suspender holds a special place in your heart as you’ve used it for so long, but their shiny new coat of paint can’t excuse the mismanagement and abuse of user data.
Whatever you do, just remember how important it is to be cautious about what you install in the future. While the latest version of the extension is rated as safe to install, we can’t know when this will happen again and extensions as a whole have been a disaster for years, despite their popularity and usefulness. Here’s to hoping that Google’s new revamp of privacy regulations for the Chrome Web Store will help clean things up.