Firefox Users

[Shaman]

Link: http://www.theregister.co.uk/2011/05/20/fi...ivacy_invasion/

 

A high-rated Firefox extension with more than 7 million downloads secretly collects data about every website the open-source browser visits and combines it with uniquely traceable information tied to the user, an independent security researcher said.

 

The undisclosed behavior of the Ant Video Downloader and Player add-on takes place even when the Firefox private browsing mode is turned on or when users are availing themselves of anonymity services such as Tor. The add-on carries a rating of four out of five possible stars and gets an average of almost 7,000 downloads per day, according to official Mozilla statistics.

 

The revelations raise new questions about the safety of extensions offered on Mozilla's website. A spokeswoman for the open-source developer said the media player, like all public extensions not designated experimental, was vetted to make sure it meets a list of criteria. Chief among them is that add-ons "must make it very clear to users what [privacy and security] risks they might encounter, and what they can do to protect themselves."

 

"We've looked into the Ant Video Player and found that it does send information about websites users visit in order to power its ranking feature displayed for each website, and also includes a unique identifier in this communication," the spokeswoman wrote in an email. "While this does not violate our policies, we do require it to be disclosed in the privacy policy and the add-on's description. We have contacted the developer and asked them to correct this."

 

In the meantime, the add-on is available for download on Mozilla's site with no warning.

 

Messages left through a submission form on Ant.com, where a stand-alone version of the software is hosted, weren't returned. Attempts to reach the developers through other channels weren't successful.

 

The stealth tracking came to the attention of Simon Newton while he was diagnosing problems with a web application he was in the middle of developing. When he fired up a packet sniffer, he discovered that information about every single HTTP request his PC made was being sent to a server at rpc.ant.com, which used an IP address owned by the Reality Check Network Corp. The data included the external website or internal server being accessed, the time, the browser details, and several persistent browser cookies that contained a Universally Unique Identifier.

 

Article continues in the link.

 

Makes you wonder how many other add-ons/extensions are collecting data that firefox doesn't see the need to tell us about

Edited May 25, 2011 by Shaman

[tazinib1]

I havn't downloaded a Firefox update in probably 2 years for this very reason. I'm happy with the version I have and don't need any of the stupid plug-in/add-ons.