Privacy blunder? Firefox’s Get Add-ons page uses Google Analytics


The Firefox web browser ships with an increase-on administration interface that buyers may possibly load directly by typing about:addons in the browser’s handle bar, or by making use of menus of the browser the webpage is joined from.

The administration interface arrives with various web pages that individual extensions from themes, plugins, expert services, scripts and other “increase-ons” that buyers may possibly increase to Firefox in one particular way or one more.

There is also a Get Add-ons webpage that lists increase-on recommendations to buyers. It is producing the rounds appropriate now connects to Google Analytics when buyers obtain it.

Nicolas Petton posted a concept on Twitter on July 11, 2017 that Mozilla was making use of Google Analytics on the about:addons webpage. The concept was picked up on social information web sites this sort of as Reddit and Hacker News shortly thereafter.

Some buyers voiced anxious about the integration of Google Analytics in Firefox (on this one particular webpage), stating that a browser that advertises with getting privateness-concentrated must not do that.

Mozilla workforce offered in-depth data on the implementation on a variety of web sites, including on GitHub where a issue was elevated by a anxious consumer.

According to Mozilla worker Matthew Riley MacPherson, recognised as tofumatt on GitHub, about:addons hundreds an iFrame with written content hosted on a Mozilla web-site which has the Google Analytics script.

Mozilla has a particular agreement with Google which means that the details is aggregated and anonymised. A different Mozilla worker, who goes by the handle potch, extra on Hacker News that Mozilla negotiated a particular offer with Google that only a “subset of details” is gathered, and that the “details is only employed for statistical needs”.

When requested why Mozilla was not making use of self-hosted analytics scripts like Piwik, Matthew replied that internet hosting their individual analytics product or service — Piwik in individual — was a lot more perform for “a worse product or service”.

Matthew recommended to disable the tracking for buyers who have opted out of Telemetry tracking in the Firefox browser. This has not been implemented however, and it is unclear regardless of whether this is going to occur.

Ultimately, this appears to be to be Mozilla’s stance on the issue appropriate now according to Matthew:

We will not be discontinuing our usage of analytics for our web properties, but I do believe it would be nice to look at quick decide-outs for buyers like by yourself who plainly do not want to participate in analytics sharing.

The maker of uBlock Origin posted an interesting observation in the thread as perfectly. The legacy model of uBlock Origin can block the requests on interior Firefox web pages, though the WebExtension model can not.

Legacy uBlock Origin can block the community ask for to GA.

Having said that webext-hybrid uBO as for every Network pane in dev tools does not block it. Similar for pure webext Ghostery, the community ask for to GA was not blocked, all over again as for every Network pane in dev tools.

What is relating to is that equally uBO webext-hybrid and Ghostery report the community ask for to GA as getting blocked, though it is seriously not as for every Network pane in dev tools. It’s as if the order to block/redirect the community ask for was silently dismissed by the webRequest API, and this triggers webext-based mostly blockers to improperly and misleadingly report to buyers what is seriously occurring internally, GA was not seriously blocked on about:addons, but there is no way for the webext blockers to know this and report effectively to buyers.

The Tor browser developers, a browser that is a modified model of Firefox for extra stability and privateness, have voiced concerns as perfectly.

Disallow ‘about:addons’ except the extensions listing is volatile, since regardless of what Mozilla PR claims about respecting privateness, loading Google Analytics in a webpage that receives loaded as an IFRAME as component of an ‘about:’ interior webpage, is just about anything but.

firefox-no-discovery Privacy blunder? Firefox’s Get Add-ons page uses Google Analytics

Idea: Firefox buyers who never use Get Add-ons can disable the operation in the pursuing way:

  1. Load about:config?filter=extensions.webservice.discoverURL
  2. Double-simply click on the choice, and take out all characters so that the worth is blank.
  3. Restart Firefox.

See how to block computerized connections that Firefox will make for extra data, or the list of Firefox stability and privateness preferences.

Closing Text

It is obvious that there are a number of details of see on the issue at hand:

  1. Some buyers believe that Firefox must never hook up to 3rd-parties devoid of explicit consumer consent.
  2. Other individuals believe that the issue is blown out of proportion, as it is confined to a one webpage in the browser.
  3. Mozilla acknowledges that tracking is having spot, confirms that it has a particular offer in spot with Google, and that it considers opting buyers out that have opted out of Telemetry tracking.

My particular stance on the subject is that I believe it is unwise to integrate just about anything that connects again to Google in the Firefox browser. Unwise since it torpedos Mozilla’s stance on privateness in the eyes of some Firefox buyers.

Now You: What’s your just take on this?

Ghacks wants you. You can obtain out how to assist us here or assist the site directly by becoming a Patreon. Thank you for getting a Ghacks reader.

The submit Privateness blunder? Firefox’s Get Add-ons webpage employs Google Analytics appeared very first on gHacks Technological innovation News.