Yes, obviously is that possible, but the least that one should do then is looking up what's really happening. These are browser addons, the source code is available. But instead they are looking from the outside and calling alarm on something they don't understand. That's just poor behaviour and harmful in today's climate.
If you read their full paper, they do technical analysis confirming findings in many cases. Many other researchers have done the same in the recent past.
Full paper also says that the unique URLs were later requested by crawlers, which confirms server-side collection.
What happens server-side is also confirmed by the palant.info article that shows a graphic provided by a major data broker that shows exactly how they mis-use data collected by extensions under false pretenses.
It's far from speculation when there's both technical evidence collected by researchers and direct evidence provided by the bad actors themselves.
It's the holidays and we're entering a weekend, so my default expectation from any business is no response until sometime next week.
If you could wait most of those 8 months to launch it, a few more days or a week likely won't make a difference.
Hope you can get things sorted soon, but be patient. As with any launch, there are always things to triple-check or to improve, so work on those if you want to keep busy.
You were absolutely right. Took until Jan 5th, but it's resolved now and we're in final review.
Lesson learned: Start platform account setup way earlier than you think you need to. Bank verification alone ate a full week during what should've been launch prep.
Appreciate the grounded advice. Sometimes you need someone to tell you to breathe and keep working while you wait.
Campaign goes live this week. 1,185 lifetime founding spots for a KDP self-publishing SaaS suite. Built the whole thing on library WiFi with $0 budget.
If anyone's interested in the "how I built this with nothing" story or the campaign mechanics we're using, happy to share once we're live.
