Thunderbird update silently installs Test Pilot extension

Discussion in 'other software & services' started by TheWindBringeth, May 4, 2012.

Thread Status:
Not open for further replies.
  1. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    I manually updated one machine to 12.0.1 this morning, via Help->About->Check for updates. After restarting I found a new extension called "Test Pilot" had been silently installed without any notice. Based on a quick look, this appears to be a mechanism for automatically retrieving work orders from Mozilla, which are then executed to collect usage data, configuration data, and/or survey type responses. There is a new Tools->Test Pilot menu item which allows you to tweak it a bit. The default appears to be "participate and notify me when the study is ready to submit. At which time you can supposedly review it.

    Searches turned up some folks reporting this elsewhere some months ago as well as a comment saying that not everyone would get it at the same time. I'm not yet sure if it was just my lucky day or if it is being dished up to everyone who installed 12.0.1.

    I updated a second machine while running Wireshark. Again, Test Pilot was silently installed with the same settings. After restarting it established a secure connection with testpilot.mozillalabs.com which I'm not setup to sniff so I don't know if it was just trying to retrieve a work order or whether it was sending home some initial data.

    A bit later right after some secure communications with addons.mozilla.org then production.mozillamessaging.com, I see something strange. It is Thunderbird issuing a get for -http://www.mozilla.org/thunderbird/legal/privacy/ without a referrer header. I was clicking around the Thunderbird interface at the time and didn't explicitly go there. I don't know what caused that. Sadly and ironically, that privacy page has WebTrends javascript (!) which my Thunderbird... not equipped with the protections that my Firefox is.. seems to have executed thus producing a brief info/ID passing exchange with that firm's servers :(
  2. mun
    Offline

    mun Registered Member

    The same happened to me yesterday - silently installed Test Pilot spyware when updating from 11 to 12. I no longer trust Mozilla and I'm looking for alternatives - do you know of any? I need a simple email client where I can code my own extensions. Not only is Mozilla spyware, it is also bloatware.

    Ironically, uTorrent 3.1.3 update filled my PC yesterday with Conduit adware as well. Now should I be updating or not?

    If I don't update I end up with malware like I did about a month ago, when I got Luckisel malware through Thunderbird 3 - how could it be, when there is no scripting etc.? I have an answer for that - Mozilla is a NWO subsidiary after our data.

    I guess I downgrade to IE4 & Outlook Express and be safe. :(
    Last edited: May 4, 2012
  3. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Thanks for the info. I don't use it myself, but a relative of mine does and may not be aware of it. I'll have to check it out.


    Thanks :thumb:

    -edit-

    There was no such extension, but Thunderbird did have Google Update, Adobe Reader, Java and Silverlight plugins loaded. Why would an e-mail client need to check and load those plugins? o_O
    Last edited: May 4, 2012
  4. Daveski17
    Offline

    Daveski17 Registered Member

    I have disabled the Test Pilot spyware for the moment (on Firefox) while I decide whether it is a good thing or not. If it helps Mozilla I reckon it's OK.

    I'm pretty sure you wouldn't get this kind of behaviour with Waterfox & SeaMonkey.

    If you are running 32 bit, not only is SeaMonkey a viable (Gecko) alternative to Firefox, but with this theme you can even make it look like Firefox. SeaMonkey has an internal mail client not unlike Thunderbird, although I don't use it myself.
    Last edited: May 4, 2012
  5. JohnBurns
    Offline

    JohnBurns Registered Member

    I am a little confused, I guess. I can't seem to find this on either Firefox or Thunderbird. I have Firefox 12.0 and Thunderbird 12.0.1. Can anyone tell me what I am missing here? Thanks.
  6. vasa1
    Offline

    vasa1 Registered Member

    Nothing much :D ... just the usual everyone is spying on me all the time.
  7. JohnBurns
    Offline

    JohnBurns Registered Member

    Thanks for reply - I won't worry about it. If they are spying on me, they won't find much of interest, I'm afraid.
  8. Wallaby
    Offline

    Wallaby Registered Member

    Updated Thunderbird from 12.0 to 12.0.1 through internal updater and no "Test Pilot" here :rolleyes:
  9. Ranget
    Offline

    Ranget Registered Member

    I got a bad feeling About This :?
  10. Daveski17
    Offline

    Daveski17 Registered Member

    I have it in Firefox on my Win 7 (64 bit) PC, yet it hasn't manifested on my Vista 32 bit notebook. o_O
  11. Daveski17
    Offline

    Daveski17 Registered Member

    Everyone is spying on everyone all the time.
  12. ronjor
    Online

    ronjor Global Moderator

    In Thunderbird, tools, add ons, extensions, remove
  13. acr1965
    Offline

    acr1965 Registered Member

  14. Daveski17
    Offline

    Daveski17 Registered Member

  15. ABee
    Offline

    ABee Registered Member

    Perhaps you missed the notice, or missed it when previously installing 12.0?
    I saw it when installing 12.0, and selected the 'disable' option. After using the internal updater to get 12.0.1, Test Pilot was still disabled. Yet I've now gone ahead and removed it completely anyway.

    I expect you got a notice about it when installing 12.0 or 12.0.1, you just failed to pay close enough attention.
  16. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    @acr1965: That is surely it. Although I think the version I received might have been newer. I'm not positive; I uninstalled it from both machines right before I went to bed. Speaking of which, here are some links I could have posted earlier:

    http://blog.mozilla.org/thunderbird...ot-survey-to-get-launched-on-march-27th-2012/

    https://wiki.mozilla.org/Thunderbird:UX:Test_Pilot

    http://groups.google.com/group/mozi...derbird&q="Test Pilot"&qt_g=Search this group

    @Mun: For right now I'm just going to disable Thunderbird and Firefox checking for updates, add some software firewall rules, and switch to offline updates for both and their addons. This is but the latest in a string of things I've seen which make me question some of the developers and decision makers within Mozilla. I think there are many good apples in Mozilla and I don't know how we as users can drive out the bad ones.

    @ABee: Both machines jumped from 11 whatever to 12.0.1. One is a backup for the other and thus uses a copy of the first one's profile, which may account for why both received Test Pilot at the same time essentially. I don't think I missed anything in the way of notice. I was a bit sleepy, granted, but I was watching that much more carefully the second time. Others have reported silent installation too.
  17. majoMo
    Offline

    majoMo Registered Member

    Info appreciated!

    A proactive and assertive information. Suitable, sharp, useful to users. Positive stance to overcome an emotional negativity negligible.

    Thanks!
  18. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    Last edited: May 4, 2012
  19. siljaline
    Offline

    siljaline Registered Member

    Last edited: May 5, 2012
  20. tlu
    Online

    tlu Registered Member

    No offence meant - but that's insane, IMHO. You should really look at the links presented by siljaline in post #19 before making such grievous decisions.
  21. vasa1
    Offline

    vasa1 Registered Member

    The sad thing is that there are others who'll follow.
  22. Daveski17
    Offline

    Daveski17 Registered Member

    Maybe, but the really sad thing is all of the rhetoric emanating from the Nanny Cyber-State Police.
  23. Fox Mulder
    Offline

    Fox Mulder Registered Member

    Sounds like I'll finally install Evolution for windows. :p
  24. tlu
    Online

    tlu Registered Member

    Yes, paranoia is all around ... :mad:
  25. TheWindBringeth
    Offline

    TheWindBringeth Registered Member

    I would draw your attention to my sentence immediately after what you quoted: "This is but the latest in a string of things I've seen which make me question some of the developers and decision makers within Mozilla.". Yes, I read the material pointed to by siljaline, and other material, and contemplated its design. I don't like it. I certainly don't like the fact that a remotely configured data collection component was silently installed and enabled within the email client I use. An ability to review/approve the final step of phoning home certainly doesn't address all of my concerns. This comes just ten days after getting hit with the silent install and enabling of the new Maintenance Service which has security and will have other implications down the road. Which comes not that long after learning of Mozilla's intent to in the future push Firefox metrics reporting on users on an opt-out basis. I could keep going but I think that is sufficient to prove reasonable my opinion and motive.

    Apart from that aspect which I expect you have a different opinion on, what do you consider insane and/or grievous about shifting to offline updates? Are you assuming that I will forget or fail to do so on a very regular and very timely basis? That I won't be automating things to the extent possible? I may very well run into technical issues and find it problematic in some way. If that is your point and there is a wall, I'll acknowledge it. If that isn't your point, I don't see how the terms insane and grievous apply.
Thread Status:
Not open for further replies.