targetedtowardskidscommitsaffiliatefraudhasrandomdomainsfor exfilgotpopularthen wassold offremindersaboutaccepting"opt in"privacy policyexfiltratesAI chatsdarkpattern ononboardingmisleadsusersabout datacollectionMisleadingprivacypolicywasopensourcethenswitched toclosednoprivacypolicyRatedover 4starsrequirespermissionstochange/readall sitesfrom averifiedpublishercollectsshoppingdataowned byadatabrokeris afeaturedextensionobfuscatesnetworkrequestsdoesn't tellusers aboutupdates toprivacypolicyexfiltratesfull URLscontactemail isnotmonitoredis in theprivacy andsecuritycategoryusesWASMexecutescorefunctionswelltargetedtowardskidscommitsaffiliatefraudhasrandomdomainsfor exfilgotpopularthen wassold offremindersaboutaccepting"opt in"privacy policyexfiltratesAI chatsdarkpattern ononboardingmisleadsusersabout datacollectionMisleadingprivacypolicywasopensourcethenswitched toclosednoprivacypolicyRatedover 4starsrequirespermissionstochange/readall sitesfrom averifiedpublishercollectsshoppingdataowned byadatabrokeris afeaturedextensionobfuscatesnetworkrequestsdoesn't tellusers aboutupdates toprivacypolicyexfiltratesfull URLscontactemail isnotmonitoredis in theprivacy andsecuritycategoryusesWASMexecutescorefunctionswell

Malicious Extension Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. targeted towards kids
  2. commits affiliate fraud
  3. has random domains for exfil
  4. got popular then was sold off
  5. reminders about accepting "opt in" privacy policy
  6. exfiltrates AI chats
  7. dark pattern on onboarding
  8. misleads users about data collection
  9. Misleading privacy policy
  10. was opensource then switched to closed
  11. no privacy policy
  12. Rated over 4 stars
  13. requires permissions to change/read all sites
  14. from a verified publisher
  15. collects shopping data
  16. owned by a databroker
  17. is a featured extension
  18. obfuscates network requests
  19. doesn't tell users about updates to privacy policy
  20. exfiltrates full URLs
  21. contact email is not monitored
  22. is in the privacy and security category
  23. uses WASM
  24. executes core functions well