Chrome Extension "Smooth Gestures" moves to the dark side

Since yesterday, I noticed long delays while loading pages with Chrome. Today I noticed a weird site amongst the list of requests for a page on fokke.org: www.smoothgesturesapp.com.

Why is my browser trying to access "www.smoothgesturesapp.com"?

Some googling revealed that since August 25th, an update of the chrome extension "Smooth Gestures" added code that tracks all the pages you visit. The tricky lines is this one:

trackerimg.src =
"http://www.smoothgesturesapp.com/tracking/tracking_ss.gif?events=" +
window.location.href.split(/\/+/g)[1]+"&r=" + Math.random();

It shows that only the hostname is being sent, but it still is a privacy violation.

The extension has already been removed from the Chrome Appstore and the website www.smoothgestures.com is offline now, but you still want to it!

It is disappointing that, although Google lets extension developers update their code automatically without user interaction, there is no mechanism in place to notify users of extension that are removed from the Appstore for whatever reason.

function pl_track(){
if (window.location.protocol == "https:") return;
if (window === window.top)
{
if (!document.getElementById('hummingtrack'))
{
trackerimg=document.createElement('img');
trackerimg.id="hummingtrack";
trackerimg.src="http://www.smoothgesturesapp.com/tracking/tracking_ss.gif?events="window.location.href.split(/\/+/g)[1]+"&r="+Math.random();
trackerimg.height="1";
trackerimg.width="1";
document.body.appendChild(trackerimg);
}
}
}
setTimeout(pl_track(),1500);
Suspicious code snippet from the Smooth Gestures Chrome Extension