Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Firefox Add-On With 220,000+ Installs Caught Collecting Users’ Browsing History
#1
https://www.bleepingcomputer.com/news/se...g-history/         Firefox Add-On With 220,000+ Installs Caught Collecting Users’ Browsing History
By Catalin Cimpanu  
August 15, 2018 11:10 AM        A popular Firefox add-on is secretly logging users' browsing history, according to reports from the author of the uBlock Origin ad blocker and Mike Kuketz, a German privacy and security blogger.

The add-on in question is named Web Security and is currently installed by 222,746 Firefox users, according to the official Mozilla Add-ons Portal.

The add-on's description claims Web Security "actively protects you from malware, tampered websites or phishing sites that aim to steal your personal data."

Mozilla previously recommended the add-on in a blog post
Its high install count and positive reviews got the add-on on a list of recommended security and privacy add-ons on the official Firefox blog last week.

But this boost of attention from the Mozilla team didn't go down as intended. Hours after Mozilla's blog post, Raymond Hill, the author of the uBlock Origin ad blocker pointed out on Reddit that the add-on exhibited a weird behavior.

"With this extension, I see that for every page you load in your browser, there is a POST to http://136.243.163.73/," Hill said. "The posted data is garbled, maybe someone will have the time to investigate further."

Hill's warning went under the radar for a few days until yesterday, when Kuketz, a popular German blogger, posted an article about the same behavior.

Hours later, a user on Kuketz's forum managed to decode the "garbled" data, revealing that the add-on was secretly sending the URL of visited pages to a German server.

Web Security caught collecting user browsing patterns
Under normal circumstances, a Firefox add-on that needs to scan for threats might be entitled to check the URLs it scans on a remote server, but according to a format of the data the add-on was sending to the remote server, Web Security appears to be logging more than the current URL.

< id|35237841|id >< hash|1|hash >< app|web_security|app >< agent|FF|agent >< app_data|;< oldUrl;|http://blog.fefe.de/;|oldUrl; >;< newUrl;|https://www.kuketz-blog.de/;|newUrl; >;< oldHost;|blog.fefe.de;|oldHost; >;< newHost;|www.kuketz-blog.de;|newHost; >;< hash;|67918192;|hash; >;< language;|de;|language; >|app_data >
The data shows the plugin tracking individual users by an ID, along with their browsing pattern, logging how users went from an "oldUrl" to a "newUrl."

This logging pattern is a bit excessive and against Mozilla's Addon Portal guidelines that prohibit add-ons from logging users' browsing history.

Mozilla removed two similar add-ons —Stylish and Web of Trust— from its Add-ons Portal for similar behavior in the past two years.

A spokesperson for Creative Software Solutions has provided the following statement following an email inquiry from Bleeping Computer, promising to investigate the issue further.

The addon Web Security is as the name says is a security addon, that protects the user from abusive websites to protect their data and privacy. We do not want sites to track and steal the users data or browsing history. One of the security aspects includes checking the requested site against a global blacklist, thus the communication between the client and our servers is unavoidable, while we keep it to a absolute minimum and do not log this communication. Our Servers are all in Germany, thus we are also bound by GDPR and only process data for the specified reasons.

Our addon has also been processed by Mozillas stringent Verification staff, which have specifically approved all communication that occurs. All data transferred should communicate securely, however as we take these privacy concerns very serious, I have already informed the developers to investigate the issue at hand, to verify and improve if possible.
Add-on not banned yet
In the meantime, Mozilla has not removed the add-on from its Add-ons Portal, but they removed it from the blog post published last week. Mozilla engineers usually review add-ons with reported suspicious behavior and ban them if necessary. This process usually takes a few days, as it was the case with Stylish.

Creative Software Solutions does not offer a Chrome version of Web Security, which is still under development.
Reply
#2
Oh no Oh no Oh no Oh no Oh no
Reply
#3
this new addon system not good for use
except you trust developer that not collecting anything
thanks trout Heart
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  FTC to ban Avast from selling browsing data for advertising purposes mrtrout 1 829 02-27-2024 , 06:40 PM
Last Post: ahmed
  Android malware apps with 2 million installs spotted on Google Play tarekma7 0 619 12-05-2022 , 04:09 PM
Last Post: tarekma7
  Fake Google Translate app installs malware dhruv2193 1 626 09-05-2022 , 12:47 PM
Last Post: Mike
  ‘Spider-Man: No Way Home’ Download Installs Cryptominer mrtrout 0 496 12-24-2021 , 01:47 AM
Last Post: mrtrout
  VMware warns of critical bug in default vCenter Server installs mrtrout 0 633 09-21-2021 , 09:58 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)