The Firefox web browser ships with an add-on management interface that users may load directly by typing about:addons in the browser's address bar, or by using menus of the browser the page is linked from.
The management interface comes with several pages that separate extensions from themes, plugins, services, scripts and other "add-ons" that users may add to Firefox in one way or another.
There is also a Get Add-ons page that lists add-on suggestions to users. It is making the rounds right now connects to Google Analytics when users access it.
Nicolas Petton posted a message on Twitter on July 11, 2017 that Mozilla was using Google Analytics on the about:addons page. The message was picked up on social news sites such as Reddit and Hacker News shortly thereafter.
Some users voiced concerned about the integration of Google Analytics in Firefox (on this one page), stating that a browser that advertises with being privacy-focused should not do that.
Mozilla employees provided detailed information on the implementation on various sites, including on GitHub where a issue was raised by a concerned user.
According to Mozilla employee Matthew Riley MacPherson, known as tofumatt on GitHub, about:addons loads an iFrame with content hosted on a Mozilla website which contains the Google Analytics script.
Mozilla has a special agreement with Google which means that the data is aggregated and anonymised. Another Mozilla employee, who goes by the handle potch, added on Hacker News that Mozilla negotiated a special deal with Google that only a "subset of data" is collected, and that the "data is only used for statistical purposes".
When asked why Mozilla was not using self-hosted analytics scripts like Piwik, Matthew replied that hosting their own analytics product -- Piwik in particular -- was more work for "a worse product".
Matthew suggested to disable the tracking for users who have opted out of Telemetry tracking in the Firefox browser. This has not been implemented yet, and it is unclear whether this is going to happen.
Ultimately, this seems to be Mozilla's stance on the issue right now according to Matthew:
We won't be discontinuing our usage of analytics for our web properties, but I do think it would be nice to consider easy opt-outs for users like yourself who clearly do not want to participate in analytics sharing.
The maker of uBlock Origin posted an interesting observation in the thread as well. The legacy version of uBlock Origin can block the requests on internal Firefox pages, while the WebExtension version cannot.
Legacy uBlock Origin can block the network request to GA.
However webext-hybrid uBO as per Network pane in dev tools does not block it. Same for pure webext Ghostery, the network request to GA was not blocked, again as per Network pane in dev tools.
What is concerning is that both uBO webext-hybrid and Ghostery report the network request to GA as being blocked, while it is really not as per Network pane in dev tools. It's as if the order to block/redirect the network request was silently ignored by the webRequest API, and this causes webext-based blockers to incorrectly and misleadingly report to users what is really happening internally, GA was not really blocked on about:addons, but there is no way for the webext blockers to know this and report properly to users.
The Tor browser developers, a browser that is a modified version of Firefox for added security and privacy, have voiced concerns as well.
Disallow 'about:addons' unless the extensions directory is volatile, because regardless of what Mozilla PR says about respecting privacy, loading Google Analytics in a page that gets loaded as an IFRAME as part of an 'about:' internal page, is anything but.
Tip: Firefox users who don't use Get Add-ons can disable the functionality in the following way:
Read also: Firefox: copy multiple text bits at once
See how to block automatic connections that Firefox makes for additional information, or the list of Firefox security and privacy preferences.
It is clear that there are multiple points of view on the issue at hand:
My personal stance on the matter is that I think it is unwise to integrate anything that connects back to Google in the Firefox browser. Unwise because it torpedos Mozilla's stance on privacy in the eyes of some Firefox users.
Now You: What's your take on this?
Privacy blunder? Firefox's Get Add-ons page uses Google Analytics
Mozilla Firefox connects to Google Analytics on the browser's internal Get Add-ons page. Some users see this is a privacy violation.
Ghacks Technology News
You are here: Home > Firefox > Privacy blunder? Firefoxs Get Add-ons page uses Google Analytics
You can support us in many ways, for instance by disabling adblockers. Alternatively, you may support us with a PayPal donation.
Please check out our other support options here.
Remove Intel True Key Firefox 54.0.1 Windows 10 Privacy Software The best Chrome extensions The best Firefox addons Firefox privacy and security preferences Firefox Release Schedule Firefox multi-process information Windows Backup Software overview Anti-Ransomware Software overview Pale Moon 27.3 The Best Windows Software Firefox Roadmap 2017
Apple Development Facebook Games Ghacks Hardware Internet Internet Explorer Linux Microsoft Mobile Computing Music And Video Networks Opera Security Tutorials
WinSuperMaximize Fing Network Discovery
Read the original post:
Privacy blunder? Firefox's Get Add-ons page uses Google Analytics - Ghacks Technology News
- FBI and Tesla thwart $4 million Bitcoin ransomware plot - Cointelegraph - August 31st, 2020
- Man offered $1M in Bitcoin to plant malware - Micky News - August 31st, 2020
- How AI Has Helped The Dark Web - AI Daily - August 31st, 2020
- Browser fingerprinting more prevalent on the web now than ever before research - The Daily Swig - August 20th, 2020
- To Gmail, Black Lives Matter emails are 'promotions' - The Next Web - July 5th, 2020
- Can the Dark Web Be Searched? Find Out How to Reach It - TechNadu - July 5th, 2020
- Tor Browser Download (2020 Latest) for Windows 10, 8, 7 - June 17th, 2020
- Tor Browser Review | PCMag - June 17th, 2020
- What is Tor? Everything you need to know about the anonymity network - The Daily Swig - June 17th, 2020
- Exposing the dark web coronavirus scammers - TechRepublic - June 17th, 2020
- Tor Browser Makes it Easier to Visit Mainstream Websites' .Onion Addresses - PCMag - June 7th, 2020
- Tor Browser 9.5 arrives with the option to automatically switch to more secure Onion versions of sites - BetaNews - June 7th, 2020
- The Dark Web Explained, and how to access it - Techjaja - June 7th, 2020
- Dark web is the underworld of cyberspace - MyRepublica - June 7th, 2020
- How to Track the Tech Thats Tracking You Every Day - Gizmodo Australia - June 7th, 2020
- What is the dark web? Your questions answered, in plain English - Naked Security - May 29th, 2020
- Ransomware that uses .onion websites - Ransomware Help & Tech Support - BleepingComputer - May 29th, 2020
- What is Tor? A beginner's guide to using the private browser - CNET - May 24th, 2020
- How to activate DNS-over-HTTPS in the latest version of Google Chrome - Komando - May 24th, 2020
- The Patriot Act and your privacy - Security Boulevard - May 24th, 2020
- Firefox zero day in the wild: patch now (Tor Browser too!) - Naked Security - April 11th, 2020
- IntSights: The dark web is a wretched hive of coronavirus scams and pandemic cybercrime - VentureBeat - April 11th, 2020
- What Is the Tor Browser & How To Use It In 2020 - Blokt - April 11th, 2020
- Tape the webcam, enable firewall: 11 rules to ensure cyber security when you work from home - Economic Times - April 11th, 2020
- Tails 4.5 Is Out: Run The Live Operating System With Secure Boot - Fossbytes - April 11th, 2020
- This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware - Hackaday - April 11th, 2020
- Apple blocks third-party cookies in Safari - ZDNet - March 26th, 2020
- Dark Web A cyber heaven of criminal activity - The Financial Express BD - March 26th, 2020
- Install the privacy-focused Tor Browser on your Chromebook in 4 simple steps - Chrome Unboxed - March 24th, 2020
- NetAbstraction Announces Support for Private and Secure Access to the Dark Web #48955 - New Kerala - March 24th, 2020
- Tails 4.4 has been released with new Tor Browser version - Neowin - March 14th, 2020
- Want to browse the web privately? Heres how to do it for real - Yahoo Tech - March 14th, 2020
- 17 things you can buy on the Dark Web - MyBroadband - March 14th, 2020
- 3 ways to browse the web anonymously - We Live Security - January 27th, 2020
- What is a Bitcoin mixer and how does it work? - CryptoTicker - January 27th, 2020
- Digital surveillance threats for 2020 - The Star, Kenya - January 18th, 2020
- Teejayx6 Will Steal Your Identityand Rap About It - WIRED - December 2nd, 2019
- Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime - Herald Journalism 24 - December 2nd, 2019
- Smart users guide to the snooping game - Livemint - November 17th, 2019
- Privacy on your smartphone: how to protect your data - AndroidPIT - November 17th, 2019
- BBC News heads to the dark web with new Tor mirror - The Verge - October 27th, 2019
- The Tor Project releases Tor Browser 9.0 with several UX improvements - Neowin - October 27th, 2019
- Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins - GoodTime Nation - October 27th, 2019
- OnionShare Lets Anyone Host Anonymous Sites on the Dark Web - BleepingComputer - October 16th, 2019
- #SecTorCa: Millions of Phones Leaking Information Via Tor - Infosecurity Magazine - October 16th, 2019
- Is there anything we can do to stop someone spying on us? - Newstalk 106-108 fm - August 25th, 2017
- If you're really concerned about browser security, Incognito isn't enough - TechRepublic - August 20th, 2017
- The Daily Stormer has lost its lease, accessible only via Tor browser - The Moderate Voice - August 20th, 2017
- Tor Project 'disgusted' by Daily Stormer, defends software ethos - CNET - August 18th, 2017
- Neo-Nazi site Daily Stormer resurfaces with Russian domain following Google and GoDaddy bans - Vox - August 16th, 2017
- Tor Browser 7.0.4 Download - TechSpot - August 14th, 2017
- Debian-Based Tails 3.1 Anonymous OS Debuts with Tor Browser 7.0.4, Linux 4.9.30 - LXer (press release) - August 11th, 2017
- Tails 3.1 has been released but you'll need to do a manual upgrade - Neowin - August 10th, 2017
- China and Russia go further in squelching Internet freedom - Washington Post - August 10th, 2017
- The FBI Booby-Trapped a Video to Catch a Suspected Tor ... - Motherboard - August 9th, 2017
- Major Improvements Are Coming Soon to the Tor Browser - The Merkle - August 8th, 2017
- The Attack on Global Privacy Leaves Few Places To Turn - WIRED - August 4th, 2017
- Tor Co-Founder: There Is No Dark Web The Merkle - The Merkle - August 3rd, 2017
- Online privacy protection - Choice - CHOICE - August 2nd, 2017
- There Is Basically No Dark Web. It's Only A Few Webpages TOR Co-founder - Fossbytes - July 31st, 2017
- How to Install Tor Browser for Mac and Protect Your Online Activity - iDrop News - July 29th, 2017
- How to get around an ISP blocking a website - MyBroadband - July 26th, 2017
- Don't blame online anonymity for dark web drug deals. - Slate Magazine (blog) - July 26th, 2017
- Tor network will pay you to hack it through new bug bounty program ... - ZDNet - July 21st, 2017
- Tor Project to launch public bug bounty project - CIO Dive - July 21st, 2017
- How to access the dark web - The Daily Dot - July 20th, 2017
- Your Mailman Is a Drug Dealer. He Just Doesn't Know It. - WNYC - July 20th, 2017
- Want porn? Prove your age (or get a VPN) Naked Security - Naked Security - July 20th, 2017
- Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market - Washington Post - July 19th, 2017
- S. Sudan blocks Sudan Tribune website over hostile coverage - Sudan Tribune - July 19th, 2017
- Assassins and child porn; a darknet offers everything - The Slovak Spectator - July 19th, 2017
- Apple users warned of dangerous new Mac malware that steals banking credentials - ThaiVisa News - July 18th, 2017
- The best security apps to lock down your Android phone - The Daily Dot - July 14th, 2017
- Mozilla is held to a higher standard - Ghacks Technology News - July 14th, 2017
- Russia, China vow to kill off VPNs, Tor browser - The Register - July 11th, 2017
- How to safely search the deep web - The Age - The Age - July 11th, 2017
- ACLU's Gillmor on privacy: 'We pay for what we value' (Q&A) - The Parallax (blog) - July 10th, 2017
- What is Tor browser, and is it safe? | Komando.com - July 7th, 2017