Firefox extension praised by Mozilla accused of privacy violations

[Matrix]

What just happened? This year has seen online privacy become a real hot topic for the tech industry. It’s why Mozilla published a blog post that highlights several Firefox extensions for keeping your personal details safe from prying eyes. But one of these add-ons has been removed from the list for allegedly collecting and logging users’ browsing histories.

The ‘Web Security’ Firefox extension, created by Germany-based Creative Software Solutions, was one of Mozilla’s 14 favorite privacy extension. It already boasts 221,467 users, who it “actively protects […] from malware, tampered websites or phishing sites."

Soon after the extension appeared on Mozilla’s post, Raymond Hill, developer of the uBlock Origin ad blocker, took to Reddit to point out something unusual about Web Security: it was posting garbled data to a server in Germany.

A few days later, one user managed to decode the information, which turned out to be the URLs of visited websites. When Mozilla found out, the company removed the extension from its blog—it still recommends 14 add-ons, but only 13 are listed.

“We’ve received concerns from the community about the Web Security extension, and are currently investigating those concerns," a Mozilla spokesperson told The Register. "The reference to the extension has been removed from the blog post as part of the investigative process."

Creative Software Solutions says the reason the URLs are collected is to compare them against a global blacklist of sites, meaning that “the communication between the client and our servers is unavoidable.” It added that it does not log this communication and, as the servers are in Germany, it is bound by GDPR.

“Our add-on has also been processed by Mozilla's stringent Verification staff, which have specifically approved all communication that occurs. All data transferred should communicate securely, however as we take these privacy concerns very serious, I have already informed the developers to investigate the issue at hand, to verify and improve if possible,” said a spokesperson.

The Web Security extension is still available in the Firefox Add-ons Portal, but Creative plans to submit an updated version for review. "I am sure that if they look into the issue, they will see that this is a normal and necessary behavior," said managing director Fabian Simon.

 

Source

[BimBamSmash]

LOL. This has become the standard practice these days, eh? I have seen antiquated video games getting updated all of a sudden just to implement some sort of telemetry to the code.

 

If someone somewhere is feasting their eyes on my utterly boring daily activities, I wish them good mental health. That can't be fun.

[Matrix]

3 hours ago, BimBamSmash said:

If someone somewhere is feasting their eyes on my utterly boring daily activities, I wish them good mental health. That can't be fun.

 

What will you be saying when your locked out of your machine or when you start getting credit card and other bills someone created in your name. 

Your boring daily activities can come back and bite you if your not careful. That's the reason we post and read these types of articles.

 

[steven36]

4 hours ago, DonyMach1 said:

 

What will you be saying when your locked out of your machine or when you start getting credit card and other bills someone created in your name. 

Your boring daily activities can come back and bite you if your not careful. That's the reason we post and read these types of articles.

 

I  keep my daily activities separate from business .  Banking , credit cards , Amazon all done on another computer with  a browser with just one addon uBlock Origin .. The computer  i use for downloading and streaming i have quite  a few addons ..Learn to keep business separate from playtime  and this will never be a problem  and it helps if you have more than one computer i been around a minute  and never has anyone on my network been scammed because i tell them what to avoid    ..  

[DKT27]

Read about it earlier. Not sure I have heard about any addon with such a generic name before here.

[BimBamSmash]

17 hours ago, DonyMach1 said:

What will you be saying when your locked out of your machine

 

Well I have my own stuff covered to some extent - I think. I make regular backups to external devices. Have day-one system images ready to deploy. Stuff that are touchy tend to get burned onto discs. And I tend to have a spare HDD around too, Standard practice even at home for sysadmins I guess.

 

18 hours ago, DonyMach1 said:

when you start getting credit card and other bills someone created in your name.

 

I am not sure URL collection could lead to something like that. Either that or I haven't understood the purpose of SSL.

 

Admittedly though, this sort of incidence has a chance of happening no matter what you and I do. All we need is an unqualified staff taking a critical role someplace that stores data we intentionally supplied.

 

 

18 hours ago, DonyMach1 said:

Your boring daily activities can come back and bite you

 

It does all the time, but only because it is boring. ;-)

 

18 hours ago, DonyMach1 said:

That's the reason we post and read these types of articles.

 

Oh Don't get me wrong. I am appreciative of the information. I read them all the time. This whole thing was just a poor attempt at adding a bit of humor to this.

[Matrix]

6 minutes ago, BimBamSmash said:

Oh Don't get me wrong. I am appreciative of the information. I read them all the time. This whole thing was just a poor attempt at adding a bit of humor to this.

No problem m8 ?

Sounds like you are well prepared for what ever can go wrong and that's a credit to you 

 

14 minutes ago, BimBamSmash said:

It does all the time, but only because it is boring. ;-)

same here it comes in the form of minister of war [my wife] ?