do extensions obey FireFox proxy settings?

Discussion in 'privacy technology' started by febainy, Aug 14, 2014.

  1. febainy

    febainy Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    48
    do extensions obey FireFox proxy settings?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Well, AdBlock Plus seems to. I have a CrunchBang 11 VM with stand-alone Tor installed, and IceWeasel configured for SocksPort 9050. After installing AdBlock Plus, I verified that I could download a new subscription. Then I stopped Tor ("sudo service tor stop") and restarted IceWeasel. IceWeasel could not reach any websites, and also I could not download a new AdBlock Plus subscription. Then I reconfigured IceWeasel to connect directly, with no proxy. Now, IceWeasel could reach websites, and also I could download a new AdBlock Plus subscription. QED AdBlock Plus respects the browser proxy setting, at least for downloading.

    There is (of course) no reliable expectation that other extensions respect the browser proxy setting. You could do the same test for any extension that has observable downloading behavior. You could also test for more subtle leaks by observing with Wireshark.
     
  3. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    Any extension can disregard/ignore the general browser.preferences settings.
    For example, the popular (390,000+ installs) FoxyProxy extension does so.


    Extensions are granted this freedom "by design" (not a bug)

     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    This is a good reason to avoid relying on plug-in proxies.

    I wonder whether FoxyProxy breaks the proxy setting in the Tor browser.
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    This is why an outbound firewall that can properly handle loopback traffic is a necessity. Correctly written rules can prevent a browser or extensions from bypassing or ignoring proxy settings. If the firewall can be set to alert when certain rules are applied, the user can be notified in near real time when a browser or extension tries to bypass proxy settings.

    Even if the current versions of a browser or the extensions don't exhibit that behavior, what about the next versions or ones after that? With FireFox's rapid update policy, how easily could such a change be made with the user finding out well after the fact? The course FireFox is taking is not favorable to user privacy or anonymity. Why take the chance? It's better to be safe and preempt the problem.
     
Loading...