firefox addons spy on you, what to do?
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
I do not know if this is true, but it is what I have heard.
Firefox preferences -> security -> block dangerous and ... If this setting is marked, any url you watch is send to google, because google verifies with their url list. Google likely keeps the data. I do not know if google pays mozilla for the data.
Now it is said that several, like android apps, firefox addons transfers data about the user to google or another entity. The data may get sold and who knows how it is used.
What about firefox and thunderbird addons? Can't they hidden for the user transfer data and the user will not know to whom or what data? Is there a addon whitelist that lists addons that do not spy on you?
>I do not know if this is true, but it is what I have heard.
Firefox preferences -> security -> block dangerous and ... If this setting is marked, any url you watch is send to google, because google verifies with their url list. Google likely keeps the data. I do not know if google pays mozilla for the data.
True, it is called "safe browsing".
Here, the relevant about:config settings in seamonkey (ff)
user_pref("browser.safebrowsing.controlledAccess.infoURL", "");
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.enabled", false);
user_pref("browser.safebrowsing.gethashURL", "");
user_pref("browser.safebrowsing.id", "");
user_pref("browser.safebrowsing.keyURL", "");
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.malware.reportURL", "");
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.lists", "");
user_pref("browser.safebrowsing.provider.google.pver", "");
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.lists", "");
user_pref("browser.safebrowsing.provider.google4.pver", "");
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
user_pref("browser.safebrowsing.provider.google4.updateURL", "");
user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
user_pref("browser.safebrowsing.provider.mozilla.lists", "");
user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
user_pref("browser.safebrowsing.reportErrorURL", "");
user_pref("browser.safebrowsing.reportGenericURL", "");
user_pref("browser.safebrowsing.reportMalwareErrorURL", "");
user_pref("browser.safebrowsing.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.reportMalwareURL", "");
user_pref("browser.safebrowsing.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.reportPhishURL", "");
user_pref("browser.safebrowsing.reportURL", "");
user_pref("browser.safebrowsing.updateURL", "");
user_pref("browser.safebrowsing.warning.infoURL", "");
>What about firefox and thunderbird addons?
Well, they are software. If they were written to spy on you...
You should keep them minimal, less is more. I have only 3 installed, noscript, ublock origin, httpseverywhere, you don't need more..
cheers
I disliked how the firefox gui got modified. I do not know if firefox can get configured to the previous gui. That is why I installed the restore theme addon. An addon that I do not trust and would prefer not to use.
Same about the addons zoom button and manually sort folders on thunderbird.
On firefox I have installed addons disconnect google, fb and twitter. I do not know if they can be trusted and if they are libre software.
I will here assume you refer to these add-ons:
- https://addons.mozilla.org/en-US/firefox/addon/classicthemerestorer
- https://addons.mozilla.org/en-US/thunderbird/addon/zoom-button-for-thunderbird/
- https://addons.mozilla.org/en-US/thunderbird/addon/manually-sort-folders/
- https://addons.mozilla.org/en-US/firefox/addon/facebook-disconnect
- https://addons.mozilla.org/en-US/firefox/addon/gdc
- https://addons.mozilla.org/en-US/firefox/addon/twdc
If you look at their licenses (written after "Released under"), they respectively are:
- Mozilla Public License, version 2.0
- Mozilla Public License Version 1.1
- GNU General Public License, version 2.0
- Mozilla Public License, version 2.0
- GNU General Public License, version 3.0
- GNU General Public License, version 3.0
If you search them in https://www.fsf.org/licensing/licenses/ you will discover they all are free software licenses. You can access their source codes (and study it) following links from the respective "Add-on home pages".
I really like the idea of having only 3 addons installed (though it seems it demands knowing how to configure them, as far as I know, which isn't far). It seems it would cover 99% of the needed protection if properly configured (What are those 1%? No idea yet).
OTOH, let's say I mainly use TORBB, and Abrowser with those three addons for video and anything too heavy for TORBB.
I'm thinking of having a third browser which would be enabling JS, thus enabling a lot more addons to compensate would make sense, like:
- Self-destructing cookies
- Privacy Badger or Disconnect (seems they do the same stuff)
- Refferrer control
- Request Policy or equivalent (Umatrix, Policeman)
- Decentraleyes
- Random agent spoofer
Maybe some of these overlap, maybe more are needed, I need to do some research.
I believe you are referring to "Safe browsing" in the first paragraph. I believe it is disabled by default in Abrowser. At least it is disabled here (but I may have disabled it by myself). See browser.safebrowsing.enabled in about:config (to be typed in the address bar).
As for the add-ons, they should always be free software. Abrowser proposes a catalog with free software add-ons exclusively. Free software add-ons (like any free software programs) are extremely unlikely to contain spyware. Well, they are extremely unlikely to contain any malware. Because the users are free to study the source code.
Thanks. Are all free software addons listed in abrowser?
Where do I get abrowser, it is not in debian 8 64bit's synaptic package manager?
Abrowser is Trisquel's default browser. Install Trisquel! :-)
That said you can access Abrowser's plugin catalog here: https://trisquel.info/en/browser/addons
And here is IceCat's: https://directory.fsf.org/wiki/IceCat (second half of the page).
Those add-ons can be installed in any Firefox-based browser. You can keep on using http://addons.mozilla.org too... but you then need to check the license by yourself.
Thanks.
If it is a trisquel browser, do they not want people to install abrowser on other distributions? Why do they not make an abrowser trisquel debian package? Who at trisquel should I ask?
> Why do they not make an abrowser trisquel debian package?
Because it's not the Trisquel maintainers' job to make and maintain a package for Debian. If you want an Abrowser package in Debian, no one is stopping you from making and maintaining one.
>package for Debian
For debian linux distributions.
I wrote trisquel and suggested they make an abrowser debian package. They have not answered.
I do not know where to get the abrowser source code.
Abrowser is distributed as a .deb package. Here is how to get its source:
$ sudo apt-get source abrowser
Substitute "source" for "download" to download the pre-compiled .deb package.
If I write sudo apt-get download abrowser on a trisquel computer, an abrowser debian file will be downloaded on the computer and I can install and test it on another gnulinux system?
I have never tried. Obviously, that other GNU/Linux system must use APT and have Abrowser's dependencies in its repositories. Ubuntu would be the best candidate (Trisquel being based on it).
Magic Banana, how does it work exactly? Are Trisquel addons catalog not part of the repo?
And does Firefox repo contain non-free addons? Else, what's the difference?
That is it: http://addons.mozilla.org lists proprietary add-ons, whereas https://trisquel.info/en/browser/addons does not.
You can contribute to Abrowser's catalog of free software add-ons from https://trisquel.info/issues/8176 or opening a new issue in the Web project: https://trisquel.info/project/issues/web
david will probably take care of it.
Thanks, I just contributed about VimFx.
I'm trying to add the ublock origin from https://trisquel.info/en/browser/addons, but I get "the add-on could not be loaded because of a connection failure".
Tried from Abrowser Add-ons menu as well, same result.
I'm not very experienced with Terminal, but could I use it to install add-ons?
Thanks!
Add it from here -> https://github.com/gorhill/uBlock/releases/download/1.9.16/uBlock0.firefox.xpi
Ill have to disagree with the incredibleness, deficient and eloquent users.
Best to block any HTTP, HTTPs or URL inside your routers. Is more effective than your web browser, even do I'm able to block in the browser such as Mozilla.
As you so eloquently put it, "Ill have to disagree with the incredibleness, deficient and eloquent users."
Well then please explain to us poor deficient users HOW to access and change those settings. What about modems? I know if I knew how to do it, I would. The router I used to have had instructions on how to get into it, change the pw and change other settings.
How many people do you know who know what Trisquel is, or what the FSF is?
IMHO, it would be a much better idea to use a local web-proxy like Privoxy to block these URLs.
Privoxy can work as an ad-blocker, a program to route web traffic through Tor, and for blocking privacy-violating sites c:
Take that, guugle, we got you!
Free software is gold, but it is no guarantee against malicious developers. Free software can have malicious functionalities as well, it just is much much less frequent.
Anyway, each new software you install on your box is a new potential way of exploiting your box. The less addons you install, the better. Firefox is already huge, no need to add complexity and code IMHO.
Tonlee, is this the article?
http://www.startlr.com/some-addon-of-spying-browser-users-and-resell-the-history/
Yes. I have been suspecting addons to do what is described in the broadcast. It is much like many apps on android and ios. If some addons are not malware, I would know how to verify?
tonlee, as Magique said, first of all make sure it is free software, then all you can do is you trust only well known and trustworthy developers. Don't install things you don't need, this should be the "philosophy" of it, I think.
There's something against the Mozilla Firefox/Abrowser "Html5Everywhere" plugin to flash players?
zoroastro: no.. Don't think now, because of WOT case that this is a frequent behavior - it is not. Free software addons are safe in most cases. I just recommend the rule of not installing what you don't really need, that's all. And Html5Everywhere is indeed useful for you, so..enjoy!
- Vous devez vous identifier ou créer un compte pour écrire des commentaires