Some browser extensions for Google Chrome and Firefox allow outside parties to track you indirectly. The extensions themselves are passing this information without informing you properly. Yes, they obey some obscure rules, but how many uses know those rules and how to invoke their protections? On top of that, some of the extensions add code after they are installed the rules simply do not protect you from that.
The story is a little technical and detailed: Chrome Extensions – AKA Total Absence of Privacy
Example: If you log into some service like Facebook, you receive a really long, random cookie that constitutes an “access token” — so long as FB can find that token in your cookies, you are considered actively logged into FB. Several extensions have been caught sending that access token to third parties, making it possible for them to use your account. Nobody claims they do this, but aren’t you just thrilled at the prospect?
The linked article offers a partial list; partial because they don’t have the resources to test every extension. However, good privacy extensions don’t block this sniffing because extensions seldom check on each other.
