note to self....
Monday, April 24, 2006
Intrusive Firefox Extensions - and other stuff
Fukking Klipper! Goddess save us all, the Advertisers have learned what a browser extension is. Can the spyware spooks and the virus kiddies be far behind?
A little while ago, as Firefox 1.5.0.2 (Linux) was crashing spectacularly on one workstation (vertigo) - and this time w/o the help of any extensions or themes, i might add - I was browsing the prefs.js file for another Firefox install on another workstation (spirit).
The first thing I noticed about the install on spirit (and this would have been true for the vertigo install until I blew away the user profile directory in an effort to get Firefox to quit locking up the X server) is that there are an entire assload of settings that are added by extensions, and (in one case) by something that is not even an extension (I think - still looking at this one).
The next thing I noticed was that certain of the settings contained information about me - or rather, about some things that were on my disc drive.
Some examples - not all of these are "intrusive", I suppose, but most of them are remarkable (in some way), to me:
Interesting - Firefox Edit menu options don't seem to interoperate as expected with the Klipboard tool under KDE - more of Gnomish foolishness.
A little while ago, as Firefox 1.5.0.2 (Linux) was crashing spectacularly on one workstation (vertigo) - and this time w/o the help of any extensions or themes, i might add - I was browsing the prefs.js file for another Firefox install on another workstation (spirit).
The first thing I noticed about the install on spirit (and this would have been true for the vertigo install until I blew away the user profile directory in an effort to get Firefox to quit locking up the X server) is that there are an entire assload of settings that are added by extensions, and (in one case) by something that is not even an extension (I think - still looking at this one).
The next thing I noticed was that certain of the settings contained information about me - or rather, about some things that were on my disc drive.
Some examples - not all of these are "intrusive", I suppose, but most of them are remarkable (in some way), to me:
- user_pref("extensions.lastAppVersion", "1.0");
- This one looks to me like an artifact of a prgramming error, probably in an extension. I mean, 'lastAppVersion' of *what*?
- browser.download.dir
- Well, this one seems to be part of the browser, but how much could an untrusted extension - or even an un-noticed Javascript - learn about the directory structure of the local drive from watching this and, say, browser.download.lastDir ?
- browser.startup.homepage_override.mstone, rv:1.7.12
- What is this? I didn't see it listed - maybe I need to look again...
- extensions.mediaplayerconnectivity.*
- Well, these seem to be heirarchaly correct, but - there are a few like '.playerpls, "/usr/bin/xmms" that could conceivably leak system information to other processes that have access to this file, or even to those who released mediaplayerconnectivity
- fgupdater.*
- The fgupdater creators didn't bother with the 'extensions' prefix ... neither did the flashgot guys, or the gmnotifier guys, or the menux guys - perhaps this is a point of disagreement amongst developers? Or maybe it's already been solved, and something here is obsolete?. More of these found are sessionsaver.*, stumble.*
- gm-notifier.users.default
- ... has my username for the service - and menux.editor.path has '/usr/bin/gedit' - need to change that, since I'm not sure this system even has gedit - isn't that some Gnomish editor thing?
- print.tmp.printerfeatures.printer.*
- A bunch of these - odd, considering this workstation has never known a printer.
- security.*
- Seems like a poor place for things like .warn_viewing_mixed setting - couldn't another app [extension] change the value from, say, "true" to "false"
- stumble.784508.interests
- user_pref("stumble.784508.last_incat", "0");
- user_pref("stumble.784508.last_stumble", "1133658391177");
- user_pref("stumble.784508.last_uploaded", "1133658738236");
- user_pref("stumble.784508.newmessage", false);
- user_pref("stumble.784508.nick", "zerohex");
- user_pref("stumble.784508.password", "eshoog");
- user_pref("stumble.784508.prefetch", true);
- user_pref("stumble.784508.referral_count", "0");
- user_pref("stumble.current_user", "784508");
- Bunch of stuff there I'm not entirely comfortable with .... username, password, secret numeric username [usernumber] ... Hmmm, I might want to rethink my use of the StumbleUpon extension...
- user_pref("update_notifications.provider.0.last_checked", 1129893293);
- Huh?
- user_pref("yahoo.photos.yphLastBrowseDir", "/home/zerohex/Pictures");
- Hmmm. Severe discomfort realizing that I am a Yahoo user, and Yahoo has thin scruples... I don't recall installing any Yahoo firefox extensions, though - I will have to look into that.
Interesting - Firefox Edit menu options don't seem to interoperate as expected with the Klipboard tool under KDE - more of Gnomish foolishness.
Labels: add-ons, extensions, firefox, howto, linux
posted by 0x0000 #
04:37
Thursday, April 20, 2006
About a Day
Well, it seems like it's been about a day now, and wurx is still up and running - have not started Mozilla Firefox this session. Posting this under Opera 8.52 -
Went so far before now - okay here it is:
a) Firefox 1.0.7 with various extensions and themes loading was crashing a not-quite-stock install of whatever X server shipped with SuSE 9.2
2) Remove 1.0.7 and install Newest Whizbang 2.5.0.2 or something
[NOTE: Couldn't figure out how to do a system-wide, multi-user install for the newest Firefox - may want to look into that later - running local this time]
3) Only a few extensions plugged in this time.
BANG) it didn't work anyway.
So what do YOU think. This is not life it is a SOAP-OPERA
For the record, just a few moments ago,
$uptime
10:01pm up 10:29, 3 users, load average: 0.05, 0.31, 0.31
Went so far before now - okay here it is:
a) Firefox 1.0.7 with various extensions and themes loading was crashing a not-quite-stock install of whatever X server shipped with SuSE 9.2
2) Remove 1.0.7 and install Newest Whizbang 2.5.0.2 or something
[NOTE: Couldn't figure out how to do a system-wide, multi-user install for the newest Firefox - may want to look into that later - running local this time]
3) Only a few extensions plugged in this time.
BANG) it didn't work anyway.
So what do YOU think. This is not life it is a SOAP-OPERA
For the record, just a few moments ago,
$uptime
10:01pm up 10:29, 3 users, load average: 0.05, 0.31, 0.31
Labels: 10.07, 2.5, add-ons, crash, extensions, firefox, linux, mozilla, opera, problem, suse
posted by 0x0000 #
03:17
Archives
2004/09 2005/03 2005/04 2005/05 2005/06 2005/07 2005/08 2005/09 2005/10 2005/11 2006/01 2006/02 2006/04 2006/05 2006/06 2008/01
Subscribe to Posts [Atom]