Is this the version from the chrome web store or what is the difference?

[saschalalala]

I read at https://heise.de/-3585601 that Stylish now collects user data. I then uninstalled the extension, downloaded the version from the store and cloned this repository to diff the directories and actually they do differ a lot. I didn't find out yet where the "new" analytics code is set because I didn't have that much time yet, but perhaps I will do so later. But just to be sure: Is stylish-chrome no open source project anymore or is this repository maintained independent from the Chrome Web Store version? I really like this extension, I use it for many years (Firefox version before) and would love to continue doing so it but after the last WOT addon scandal, I am not willing to use extensions that want to collect my data.

[tophf]

The new stylish is in develop branch. Look at the dates.

[saschalalala]

Ah, thank you. I read into the code a little and used wireshark to read the network traffic and for me it looks like the script recommendation only happens when the user clicks the icon and opens the popup, see https://github.com/stylish-userstyles/stylish-chrome/blob/develop/popup.js#L91. I don't see any malicious tracking behaviour in that … yet

[Zren]

Does the new UI still request "styles for this url" when the popup is closed? You can confirm this by inspecting the background.js and looking at the network tab.

[neddyy]

The new spyware code is here: https://github.com/stylish-userstyles/stylish-chrome/blob/78bb18fa5b36d6026e53dfc89bc590419bfcbc65/src/messaging.js#L207

[neddyy]

An older fork of the extension before the spyware was implemented is available here: https://chrome.google.com/webstore/detail/stylus/clngdbkpkpeebahjckkjfobafhncgmne

I have swapped to this fork and would recommend anybody else to do the same.