The browser extension Instant Data Scraper, widely used within the OSINT community, has recently been taken over by a new owner. According to an analysis by Micah Hoffman (see https://www.linkedin.com/feed/update/urn:li:activity:7453421877550608385/)), the extension appears to have been significantly modified since then. While the visible scraping functionality remains unchanged, additional background components have been added that are not clearly communicated to users. These include connections to an external server (api.idscraper.com), which is not transparently mentioned in the available documentation.
The analysis suggests that the extension may retrieve instructions from this server when it starts and could transmit browsing data during use. It also indicates that functionality might be altered remotely without requiring an update via the browser store. Parts of the code are obfuscated, making it difficult to determine exactly what is happening. While this behavior is consistent with techniques seen in potentially unwanted or harmful software.
Our advice is therefore to act with caution: remove the extension from your browser and consider alternatives until more clarity is available. If you have used the tool in sensitive investigations, it may be wise to assume that your browsing activity could have been exposed and take appropriate measures, such as reviewing accounts and updating passwords. This incident highlights the importance of continuously reassessing browser extensions—especially after a change in ownership.