Thunderbird update silently installs Test Pilot extension

Discussion in 'other software & services' started by TheWindBringeth, May 4, 2012.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I manually updated one machine to 12.0.1 this morning, via Help->About->Check for updates. After restarting I found a new extension called "Test Pilot" had been silently installed without any notice. Based on a quick look, this appears to be a mechanism for automatically retrieving work orders from Mozilla, which are then executed to collect usage data, configuration data, and/or survey type responses. There is a new Tools->Test Pilot menu item which allows you to tweak it a bit. The default appears to be "participate and notify me when the study is ready to submit. At which time you can supposedly review it.

    Searches turned up some folks reporting this elsewhere some months ago as well as a comment saying that not everyone would get it at the same time. I'm not yet sure if it was just my lucky day or if it is being dished up to everyone who installed 12.0.1.

    I updated a second machine while running Wireshark. Again, Test Pilot was silently installed with the same settings. After restarting it established a secure connection with testpilot.mozillalabs.com which I'm not setup to sniff so I don't know if it was just trying to retrieve a work order or whether it was sending home some initial data.

    A bit later right after some secure communications with addons.mozilla.org then production.mozillamessaging.com, I see something strange. It is Thunderbird issuing a get for -http://www.mozilla.org/thunderbird/legal/privacy/ without a referrer header. I was clicking around the Thunderbird interface at the time and didn't explicitly go there. I don't know what caused that. Sadly and ironically, that privacy page has WebTrends javascript (!) which my Thunderbird... not equipped with the protections that my Firefox is.. seems to have executed thus producing a brief info/ID passing exchange with that firm's servers :(
     
  2. mun

    mun Registered Member

    Joined:
    May 4, 2012
    Posts:
    1
    The same happened to me yesterday - silently installed Test Pilot spyware when updating from 11 to 12. I no longer trust Mozilla and I'm looking for alternatives - do you know of any? I need a simple email client where I can code my own extensions. Not only is Mozilla spyware, it is also bloatware.

    Ironically, uTorrent 3.1.3 update filled my PC yesterday with Conduit adware as well. Now should I be updating or not?

    If I don't update I end up with malware like I did about a month ago, when I got Luckisel malware through Thunderbird 3 - how could it be, when there is no scripting etc.? I have an answer for that - Mozilla is a NWO subsidiary after our data.

    I guess I downgrade to IE4 & Outlook Express and be safe. :(
     
    Last edited: May 4, 2012
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Thanks for the info. I don't use it myself, but a relative of mine does and may not be aware of it. I'll have to check it out.


    Thanks :thumb:

    -edit-

    There was no such extension, but Thunderbird did have Google Update, Adobe Reader, Java and Silverlight plugins loaded. Why would an e-mail client need to check and load those plugins? o_O
     
    Last edited: May 4, 2012
  4. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I have disabled the Test Pilot spyware for the moment (on Firefox) while I decide whether it is a good thing or not. If it helps Mozilla I reckon it's OK.

    I'm pretty sure you wouldn't get this kind of behaviour with Waterfox & SeaMonkey.

    If you are running 32 bit, not only is SeaMonkey a viable (Gecko) alternative to Firefox, but with this theme you can even make it look like Firefox. SeaMonkey has an internal mail client not unlike Thunderbird, although I don't use it myself.
     
    Last edited: May 4, 2012
  5. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    I am a little confused, I guess. I can't seem to find this on either Firefox or Thunderbird. I have Firefox 12.0 and Thunderbird 12.0.1. Can anyone tell me what I am missing here? Thanks.
     
  6. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    Nothing much :D ... just the usual everyone is spying on me all the time.
     
  7. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    778
    Location:
    Oklahoma City
    Thanks for reply - I won't worry about it. If they are spying on me, they won't find much of interest, I'm afraid.
     
  8. Wallaby

    Wallaby Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    201
    Updated Thunderbird from 12.0 to 12.0.1 through internal updater and no "Test Pilot" here :rolleyes:
     
  9. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    I got a bad feeling About This :?
     
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I have it in Firefox on my Win 7 (64 bit) PC, yet it hasn't manifested on my Vista 32 bit notebook. o_O
     
  11. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Everyone is spying on everyone all the time.
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,038
    Location:
    Texas
    In Thunderbird, tools, add ons, extensions, remove
     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
  14. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
  15. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    Perhaps you missed the notice, or missed it when previously installing 12.0?
    I saw it when installing 12.0, and selected the 'disable' option. After using the internal updater to get 12.0.1, Test Pilot was still disabled. Yet I've now gone ahead and removed it completely anyway.

    I expect you got a notice about it when installing 12.0 or 12.0.1, you just failed to pay close enough attention.
     
  16. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    @acr1965: That is surely it. Although I think the version I received might have been newer. I'm not positive; I uninstalled it from both machines right before I went to bed. Speaking of which, here are some links I could have posted earlier:

    http://blog.mozilla.org/thunderbird...ot-survey-to-get-launched-on-march-27th-2012/

    https://wiki.mozilla.org/Thunderbird:UX:Test_Pilot

    http://groups.google.com/group/mozi...derbird&q="Test Pilot"&qt_g=Search this group

    @Mun: For right now I'm just going to disable Thunderbird and Firefox checking for updates, add some software firewall rules, and switch to offline updates for both and their addons. This is but the latest in a string of things I've seen which make me question some of the developers and decision makers within Mozilla. I think there are many good apples in Mozilla and I don't know how we as users can drive out the bad ones.

    @ABee: Both machines jumped from 11 whatever to 12.0.1. One is a backup for the other and thus uses a copy of the first one's profile, which may account for why both received Test Pilot at the same time essentially. I don't think I missed anything in the way of notice. I was a bit sleepy, granted, but I was watching that much more carefully the second time. Others have reported silent installation too.
     
  17. majoMo

    majoMo Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    994
    Info appreciated!

    A proactive and assertive information. Suitable, sharp, useful to users. Positive stance to overcome an emotional negativity negligible.

    Thanks!
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Last edited: May 4, 2012
  19. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Last edited: May 5, 2012
  20. tlu

    tlu Guest

    No offence meant - but that's insane, IMHO. You should really look at the links presented by siljaline in post #19 before making such grievous decisions.
     
  21. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,417
    The sad thing is that there are others who'll follow.
     
  22. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Maybe, but the really sad thing is all of the rhetoric emanating from the Nanny Cyber-State Police.
     
  23. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    204
    Sounds like I'll finally install Evolution for windows. :p
     
  24. tlu

    tlu Guest

    Yes, paranoia is all around ... :mad:
     
  25. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    I would draw your attention to my sentence immediately after what you quoted: "This is but the latest in a string of things I've seen which make me question some of the developers and decision makers within Mozilla.". Yes, I read the material pointed to by siljaline, and other material, and contemplated its design. I don't like it. I certainly don't like the fact that a remotely configured data collection component was silently installed and enabled within the email client I use. An ability to review/approve the final step of phoning home certainly doesn't address all of my concerns. This comes just ten days after getting hit with the silent install and enabling of the new Maintenance Service which has security and will have other implications down the road. Which comes not that long after learning of Mozilla's intent to in the future push Firefox metrics reporting on users on an opt-out basis. I could keep going but I think that is sufficient to prove reasonable my opinion and motive.

    Apart from that aspect which I expect you have a different opinion on, what do you consider insane and/or grievous about shifting to offline updates? Are you assuming that I will forget or fail to do so on a very regular and very timely basis? That I won't be automating things to the extent possible? I may very well run into technical issues and find it problematic in some way. If that is your point and there is a wall, I'll acknowledge it. If that isn't your point, I don't see how the terms insane and grievous apply.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.