Firefox extension praised by Mozilla accused of privacy violations

midian182

Posts: 9,659   +121
Staff member
What just happened? This year has seen online privacy become a real hot topic for the tech industry. It’s why Mozilla published a blog post that highlights several Firefox extensions for keeping your personal details safe from prying eyes. But one of these add-ons has been removed from the list for allegedly collecting and logging users’ browsing histories.

The ‘Web Security’ Firefox extension, created by Germany-based Creative Software Solutions, was one of Mozilla’s 14 favorite privacy extension. It already boasts 221,467 users, who it “actively protects […] from malware, tampered websites or phishing sites."

Soon after the extension appeared on Mozilla’s post, Raymond Hill, developer of the uBlock Origin ad blocker, took to Reddit to point out something unusual about Web Security: it was posting garbled data to a server in Germany.

A few days later, one user managed to decode the information, which turned out to be the URLs of visited websites. When Mozilla found out, the company removed the extension from its blog—it still recommends 14 add-ons, but only 13 are listed.

“We’ve received concerns from the community about the Web Security extension, and are currently investigating those concerns," a Mozilla spokesperson told The Register. "The reference to the extension has been removed from the blog post as part of the investigative process."

Creative Software Solutions says the reason the URLs are collected is to compare them against a global blacklist of sites, meaning that “the communication between the client and our servers is unavoidable.” It added that it does not log this communication and, as the servers are in Germany, it is bound by GDPR.

“Our add-on has also been processed by Mozilla's stringent Verification staff, which have specifically approved all communication that occurs. All data transferred should communicate securely, however as we take these privacy concerns very serious, I have already informed the developers to investigate the issue at hand, to verify and improve if possible,” said a spokesperson.

The Web Security extension is still available in the Firefox Add-ons Portal, but Creative plans to submit an updated version for review. "I am sure that if they look into the issue, they will see that this is a normal and necessary behavior," said managing director Fabian Simon.

Permalink to story.

 
If you are not doing anything shady, then why do you need something like this?

I don't live my life on the internet - I have a life without it.
 
Tracking URLs visited, in an anonymized fashion is a good way to find malicious sites. However, why are they posting those URLs in a cyphered form on a publically-accessible webpage? I mean, come on. At least send them to a non-public-facing server, or something, if you can't afford a proper encryption.
 
If you are not doing anything shady, then why do you need something like this?

I don't live my life on the internet - I have a life without it.
I love responses like this... if you're not doing anything shady, then why don't you set up live camera feeds from every room in your home? You have nothing to hide right? Ridiculous response? I know, it's about as ridiculous as thinking only shady people want privacy.
 
I love responses like this... if you're not doing anything shady, then why don't you set up live camera feeds from every room in your home? You have nothing to hide right? Ridiculous response? I know, it's about as ridiculous as thinking only shady people want privacy.
So I suppose you have cameras set up in every room in your home, right?

Yes, I know. Ridiculous response, right?

I don't think you got my point.
 
I love responses like this... if you're not doing anything shady, then why don't you set up live camera feeds from every room in your home? You have nothing to hide right? Ridiculous response? I know, it's about as ridiculous as thinking only shady people want privacy.
So I suppose you have cameras set up in every room in your home, right?

Yes, I know. Ridiculous response, right?

I don't think you got my point.

He didn't make the ridiculous statement you did.

Don't be surprised when people call you on it.

And I totally agree with him what you posted is nonsense.
 
He didn't make the ridiculous statement you did.

Don't be surprised when people call you on it.

And I totally agree with him what you posted is nonsense.
You are certainly entitled to your opinion.

But here's the thing - if you are living your life on the internet, you are statistically more likely to get hammered on a site that has hidden malware. In addition, if you do not have security measures on your own home network, you are more likely to get hammered on sites that have hidden malware. It is simple, common sense. Not to mention that if you are constantly after that free file when you can just get it elsewhere, for perhaps a few dollars that you can afford, you are statistically more likely to get hammered on sites that have hidden malware.

Everyone, literally everyone with an atom of common sense gets these concepts.

I don't run crap like this. These programs are crap simply designed to give the ignorant the impression that they are safer when running it - so they can bilk the same ignorant people out of their money. All one really needs is a decent firewall and not every single piece of junk software that are intended to give you a sense of security when they are really spying on you and overloading your PC with useless junk.

If you are running software like this, then perhaps you should consider that you lack adequate knowledge to be a conscientious internet citizen.

Don't be surprise if you get called on your crap, either.
 
Last edited:
You are certainly entitled to your opinion.

But here's the thing - if you are living your life on the internet, you are statistically more likely to get hammered on a site that has hidden malware. In addition, if you do not have security measures on your own home network, you are more likely to get hammered on sites that have hidden malware. It is simple, common sense. Not to mention that if you are constantly after that free file when you can just get it elsewhere, for perhaps a few dollars that you can afford, you are statistically more likely to get hammered on sites that have hidden malware.

Everyone, literally everyone with an atom of common sense gets these concepts.

I don't run crap like this. These programs are crap simply designed to give the ignorant the impression that they are safer when running it - so they can bilk the same ignorant people out of their money. All one really needs is a decent firewall and not every single piece of junk software that are intended to give you a sense of security when they are really spying on you and overloading your PC with useless junk.

If you are running software like this, then perhaps you should consider that you lack adequate knowledge to be a conscientious internet citizen.

Don't be surprise if you get called on your crap, either.

So basically noobs shouldn't be using the internet :p

And I won't be surprised because I don't usually make statements like that :)
 
Back