1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Firefox extension praised by Mozilla accused of privacy violations

By midian182 · 8 replies
Aug 16, 2018
Post New Reply
  1. The ‘Web Security’ Firefox extension, created by Germany-based Creative Software Solutions, was one of Mozilla’s 14 favorite privacy extension. It already boasts 221,467 users, who it “actively protects […] from malware, tampered websites or phishing sites."

    Soon after the extension appeared on Mozilla’s post, Raymond Hill, developer of the uBlock Origin ad blocker, took to Reddit to point out something unusual about Web Security: it was posting garbled data to a server in Germany.

    A few days later, one user managed to decode the information, which turned out to be the URLs of visited websites. When Mozilla found out, the company removed the extension from its blog—it still recommends 14 add-ons, but only 13 are listed.

    “We’ve received concerns from the community about the Web Security extension, and are currently investigating those concerns," a Mozilla spokesperson told The Register. "The reference to the extension has been removed from the blog post as part of the investigative process."

    Creative Software Solutions says the reason the URLs are collected is to compare them against a global blacklist of sites, meaning that “the communication between the client and our servers is unavoidable.” It added that it does not log this communication and, as the servers are in Germany, it is bound by GDPR.

    “Our add-on has also been processed by Mozilla's stringent Verification staff, which have specifically approved all communication that occurs. All data transferred should communicate securely, however as we take these privacy concerns very serious, I have already informed the developers to investigate the issue at hand, to verify and improve if possible,” said a spokesperson.

    The Web Security extension is still available in the Firefox Add-ons Portal, but Creative plans to submit an updated version for review. "I am sure that if they look into the issue, they will see that this is a normal and necessary behavior," said managing director Fabian Simon.

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 5,390   +3,779

    After running it through it's paces I simply dumped it. Simply not worth my time to run this junk ......
    MaXtor and jobeard like this.
  3. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,291

    If you are not doing anything shady, then why do you need something like this?

    I don't live my life on the internet - I have a life without it.
    jobeard likes this.
  4. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 1,209   +670

    Tracking URLs visited, in an anonymized fashion is a good way to find malicious sites. However, why are they posting those URLs in a cyphered form on a publically-accessible webpage? I mean, come on. At least send them to a non-public-facing server, or something, if you can't afford a proper encryption.
  5. MaXtor

    MaXtor TS Maniac Posts: 253   +191

    I love responses like this... if you're not doing anything shady, then why don't you set up live camera feeds from every room in your home? You have nothing to hide right? Ridiculous response? I know, it's about as ridiculous as thinking only shady people want privacy.
  6. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,291

    So I suppose you have cameras set up in every room in your home, right?

    Yes, I know. Ridiculous response, right?

    I don't think you got my point.
  7. Lionvibez

    Lionvibez TS Evangelist Posts: 1,466   +637

    He didn't make the ridiculous statement you did.

    Don't be surprised when people call you on it.

    And I totally agree with him what you posted is nonsense.
    MaXtor and VBKing like this.
  8. wiyosaya

    wiyosaya TS Evangelist Posts: 3,993   +2,291

    You are certainly entitled to your opinion.

    But here's the thing - if you are living your life on the internet, you are statistically more likely to get hammered on a site that has hidden malware. In addition, if you do not have security measures on your own home network, you are more likely to get hammered on sites that have hidden malware. It is simple, common sense. Not to mention that if you are constantly after that free file when you can just get it elsewhere, for perhaps a few dollars that you can afford, you are statistically more likely to get hammered on sites that have hidden malware.

    Everyone, literally everyone with an atom of common sense gets these concepts.

    I don't run crap like this. These programs are crap simply designed to give the ignorant the impression that they are safer when running it - so they can bilk the same ignorant people out of their money. All one really needs is a decent firewall and not every single piece of junk software that are intended to give you a sense of security when they are really spying on you and overloading your PC with useless junk.

    If you are running software like this, then perhaps you should consider that you lack adequate knowledge to be a conscientious internet citizen.

    Don't be surprise if you get called on your crap, either.
    Last edited: Aug 17, 2018
  9. Lionvibez

    Lionvibez TS Evangelist Posts: 1,466   +637

    So basically noobs shouldn't be using the internet :p

    And I won't be surprised because I don't usually make statements like that :)

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...