wasopensourcethenswitched toclosedcommitsaffiliatefraudRatedover 4starsowned byadatabrokercontactemail isnotmonitoredMisleadingprivacypolicyremindersaboutaccepting"opt in"privacy policydarkpattern ononboardingmisleadsusersabout datacollectionexfiltratesfull URLsexecutescorefunctionswellfrom averifiedpublisheris afeaturedextensionis in theprivacy andsecuritycategorynoprivacypolicyhasrandomdomainsfor exfilusesWASMobfuscatesnetworkrequestscollectsshoppingdatarequirespermissionstochange/readall sitesdoesn't tellusers aboutupdates toprivacypolicyexfiltratesAI chatsgotpopularthen wassold offtargetedtowardskidswasopensourcethenswitched toclosedcommitsaffiliatefraudRatedover 4starsowned byadatabrokercontactemail isnotmonitoredMisleadingprivacypolicyremindersaboutaccepting"opt in"privacy policydarkpattern ononboardingmisleadsusersabout datacollectionexfiltratesfull URLsexecutescorefunctionswellfrom averifiedpublisheris afeaturedextensionis in theprivacy andsecuritycategorynoprivacypolicyhasrandomdomainsfor exfilusesWASMobfuscatesnetworkrequestscollectsshoppingdatarequirespermissionstochange/readall sitesdoesn't tellusers aboutupdates toprivacypolicyexfiltratesAI chatsgotpopularthen wassold offtargetedtowardskids

Malicious Extension Bingo - Call List

(Print) Use this randomly generated list as your call list when playing the game. There is no need to say the BINGO column name. Place some kind of mark (like an X, a checkmark, a dot, tally mark, etc) on each cell as you announce it, to keep track. You can also cut out each item, place them in a bag and pull words from the bag.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
  1. was opensource then switched to closed
  2. commits affiliate fraud
  3. Rated over 4 stars
  4. owned by a databroker
  5. contact email is not monitored
  6. Misleading privacy policy
  7. reminders about accepting "opt in" privacy policy
  8. dark pattern on onboarding
  9. misleads users about data collection
  10. exfiltrates full URLs
  11. executes core functions well
  12. from a verified publisher
  13. is a featured extension
  14. is in the privacy and security category
  15. no privacy policy
  16. has random domains for exfil
  17. uses WASM
  18. obfuscates network requests
  19. collects shopping data
  20. requires permissions to change/read all sites
  21. doesn't tell users about updates to privacy policy
  22. exfiltrates AI chats
  23. got popular then was sold off
  24. targeted towards kids