BrowseAloud


BrowseAloud is assistive technology software that adds text-to-speech functionality to websites. It is designed by Texthelp Ltd, a Northern Ireland based company that specialises in the design of assistive technology. BrowseAloud adds speech and reading support tools to online content to extend the reach of websites for people who require reading support. The JavaScript-based tool adds a floating toolbar to the web page being visited. The service is paid for by the website's publisher; and is free to website visitors.
BrowseAloud has been used in the United Kingdom by local councils, and parts of the National Health Service. The software won a New Statesman New Media Award in 2004.

Controversies

BrowseAloud has been criticised by technologists for the need to use a mouse to select text before BrowseAloud would read it. This required vision and motor skills to use, making BrowseAloud inaccessible to groups that could use other screen readers, such as JAWS. Commentators have noted that BrowseAloud is not a substitute for such tools.

Malware

On 11 February 2018, a Sunday, over 4,200 BrowseAloud customers had their websites infected with Coinhive code after BrowseAloud, hosted on Amazon Web Services, was hacked. Although Coinhive—which generates Monero, a form of cryptocurrency—has legitimate uses, the insertion of it in the manner in the attack was described as "malicious" by The Register's Editor in Chief Chris Williams; and as "malware" by Taylor Hatmaker, in TechCrunch.
The BrowseAloud service was disabled by Texthelp, to allow their engineers to investigate the security breach and remove the malicious code. The Register estimated that the code was active in BroswseAloud for up to thirteen hours. It used visitors' computers to perform computationally-intensive calculations, potentially slowing their computer's performance and its reducing battery life or consuming their electricity. The National Cyber Security Centre referred to such activity as "illegal".
Among the customers whose websites were affected were the UK's Information Commissioner, the Administrative Office of the U.S. Courts, and the governments of the Australian states of Victoria and Queensland.
The issue was detected by Scott Helme, a UK-based information security consultant. Hatmaker and Boyd each pointed out that the vulnerability used in the attack could have been used to steal visitors' personal information. Both Helme and the NCSC recommended that website developers use Sub-Resource Integrity as a defence against such attacks.
The attack was estimated to have only earned the attackers the equivalent of $24 in the Monero cryptocurrency. Some commentators, such as Chris Boyd of Malwarebytes, suggested that the attack was relatively mild, as the attackers could have been testing a method for future use.