MegaLag has uploaded a new video in his series exposing the Honey extension for all its wrongdoing.

In it, thanks to the help of other, much more talented researchers than I am, such as Jelte Lagendijk, have discovered more about what the Honey extension actually is doing.

I encourage everyone to watch MegaLag’s video. Apparently, at some point, Honey’s source code leaked in an iOS build, making the code technically available to those who need it for research or legal purposes. I also had not known about what the “Service Worker” thing was, and in the start of the year I did not know as much about web development and how browsers work as much as I do now.

I stopped looking into the extension to focus on school and more important things. Besides, I got stuck when it came to how the API was being used to actually execute the cookie changes. But the video did answer some of my unanswered questions, like why I did not see the extra browser tab open.

The only thing I think MegaLag has not talked about yet (he is probably aware), is about the “max coupons” thing - which will probably be covered soon, amongst other things, since MegaLag has already spoken to professional security researchers.

That being said - I have done my part. My information has been passed off to those who know what to do with it, and there are people who have pretty much uncovered more than I was able to. I only found about 900 stores being tracked by Honey - the actual figure was much higher.

So, I am going to stop looking into the Honey extension, unless I get really bored or something else comes up.

Cheers to all involved!