Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

At least 8 browser extensions sold extremely sensitive data about their users to a data broker, who then sold access to that data in real time to unknown buyers, according to a report from researcher Sam Jadali.

Why it matters: The broker sold a continuously updated list of what sites users visited, including page titles, location and computer information about the user. That data, viewed in near real time, can severely hamper user privacy and security.

Details: Jadali discovered the following browser extensions feeding data to the broker: Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock, PanelMeasurement, Branded Surveys and Panel Community Surveys.

  • The extensions range in users from 1 to more than 1 million.
  • The extensions are for Chrome and FireFox, and would have received user permission to observe browsing behaviors on the web when first installed. But Jadali writes that only 4 of those extensions thoroughly explained that browser data would be collected.
  • Jadali is not releasing the name of the data broker.

Threat level: We don’t know that any data was used maliciously. But there’s a clear way that real-time data could be used maliciously.

  • Many sites use temporary links as a security measure. Jadali notes that when an infected machine sent an image file over a chat app, a web link to that image appeared on the broker's page to that image. The link only worked for a very short period of time.
  • A project management service included important information in the page titles, including engineering missteps at 2 major companies.
  • Other sites include critically important information in the web address itself. Links to various airline sites included account holder names.

Go deeper

Dion Rabouin, author of Markets
3 mins ago - Economy & Business

First glimpse of the Biden market

Photo: Jonathan Ernst-Pool/Getty Images

Investors made clear what companies they think will be winners and which will be losers in President Joe Biden's economy on Wednesday, selling out of gun makers, pot purveyors, private prison operators and payday lenders, and buying up gambling, gaming, beer stocks and Big Tech.

What happened: Private prison operator CoreCivic and private prison REIT Geo fell by 7.8% and 4.1%, respectively, while marijuana ETF MJ dropped 2% and payday lenders World Acceptance and EZCorp each fell by more than 1%.

Mike Allen, author of AM
34 mins ago - Politics & Policy

Biden-Harris, Day 1: What mattered most

President Joe Biden and first lady Dr. Jill Biden arrive at the North Portico of the White House. Photo: Alex Brandon-Pool/Getty Images

The Axios experts help you sort significance from symbolism. Here are the six Day 1 actions by President Biden that matter most.

Driving the news: Today, on his first full day, Biden translates his promise of a stronger federal response to the pandemic into action — starting with 10 executive orders and other directives, Caitlin Owens writes.

2 hours ago - Politics & Policy

Read: Pete Buttigieg's opening statement ahead of confirmation hearing

Pete Buttigieg, President Biden's nominee to be secretary of transportation, in December. Photo: Kevin Lamarque/AFP via Getty Images

Pete Buttigieg, President Biden's nominee to lead the Transportation Department, will tell senators he plans to prioritize the health and safety of public transportation systems during the pandemic — and look to infrastructure projects to rebuild the economy — according to a copy of his prepared remarks obtained by Axios.

Driving the news: Buttigieg will testify at 10 a.m. ET before the Senate Committee on Commerce, Science and Transportation. He is expected to face a relatively smooth confirmation process, though GOP lawmakers may press him on "green" elements of Biden's transportation proposals.