The German security researcher Mike Kuketz warns that the FF add-on Web Security seems to send obfuscated data to a specific IP address (136.243.163.73) over an unencrypted channel with every newly loaded or changed domain. Kuketz points out that also @gorhill noticed that concerning behaviour. Conclusion: You might want to avoid that add-on.
In the most positive light, in order to check URLs, the add-on is uploading seeded hashes. But they might also be collecting browsing history. As WoT, Safari, etc have done. I don't use these add-ons. I would use one, however, if it relied entirely on a local database of malicious URLs. Periodically updated, but with nothing leaked about queries to it.
OK, so let's see. They say that "the collection of browsing information is only done to check a site against Web Security's global blacklist." But that collecting browsing history "has nothing to do with tracking the users browser behavior" and that they "do not use this server communication for tracking the users browsing history." Hmmm. They admit to collecting browsing history. But they claim that they're not doing that in order to track browsing history. If that's the case, they ought to be explaining how whatever they do can't be used for tracking browsing history. As in using hashed URLs with salt. Or whatever. I mean, "trust us" is a worthless claim.
Do I have any good reason to be suspicious of Firefox and their latest changes? I've noticed problems with the option "drop rights" in Sandboxie due to changes that they are make and now this: "The incident follows a report last week that German security add-on ‘Web Security’ had been misbehaving. Mozilla had highlighted the add-on in a blog post promoting a collection of security-focused extensions to the browser. That prompted eagle-eyed techies to pick apart the program and find out exactly what it was doing. They discovered it assigning each user an ID and sending information labelled ‘old-URL’ and ‘new-URL’ to a consistent IP address." https://nakedsecurity.sophos.com/2018/08/20/firefox-axes-add-ons-developer-pushes-back/
It sounds like Facebook. Ever time someone finds something they're like , oh, uh, how'd that get there. We'll fix it. I'm afraid that Firefox is gone and is no longer trustworthy. I have an idea who may be behind it but I don't want to get political.And I really don't know, unless it's just greed, but I no longer trust them anymore. And since theyve made these new changes you can no longer use drop rights in Sanboxie. Does any know of a safe, trustworthy browser?
Oh it's most definitely related and it's not just one simple addon. Drop rights is a problem now too. They seem to insist on having administrative privileges.
Yes, this has been mentioned elsewhere here in Wilders but is actually not related to tracking by malicious add-ons.
Very interesting. Thanks. Maybe it's not so bad as I had thought. I hope Sandboxie can find a work around for their Drop Rights within a sandboxed browser. But for now, for some reason, Firefox insists on giving websites administrative privileges.
If you go into Sandboxie settings, right click on Sandbox default box, go down and choose settings, and then restrictions, you can check "drop rights" and that takes away administrative privileges for anything running in the sandbox. But it's fixed now in the new version.