DevilFrank
join:2003-07-13
 ·T-Com
| Is Firefox/Google Spying on Your News Feeds?
Posted by: jbreland on Wednesday, October 25, 2006 - 11:52 AM
quote:
[...]
So, I have Firefox installed and configured, and I begin testing out the new RSS features. The first time I hit a feed (in this case, my own LegRoom.net feed) I was prompted to accept a cookie from fusion.google.com. I didn't think much of it at first and instinctively denied it, but then I noticed the same prompt after a reinstall, and then again on each other feed I visited. This was clearly being triggered by Firefox itself and not by the feed website.
I couldn't find any explanation for this behavior, so at this point I did what any good little geek would do: I fired up a copy of Wireshark (formerly Ethereal) and started sniffing network traffic. After a bit of analysis, I found that immediately after every feed page is loaded, Firefox makes call to Google.
»www.legroom.net/modules.php?op=m···&sid=215
--
Regards from Germany. Please excuse my stumbling English |
|
SpannerITWks
Premium
join:2005-04-22
| Hi,
I think it might be related to what's going on in this thread - »www.wilderssecurity.com/showthre···t=152484
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to DevilFrank
Say what!? Firefox is spyware? Spyfox??? LOL!! |
|
RemoveSpyWare
@cox.net
thumbs down from:
Jameson 
| reply to DevilFrank
Looks like spyware to me.
Good thing I waited before upgrading to 2.0. I'll stick with 1.5 until the spyware is removed. |
|
Irondell
Always Inside The Box
join:2006-09-12 | reply to DevilFrank
FF 2.0 is a pig in a poke. Half my extensions(or "Add-ons") won't work with it including Nightly Tester Tools(which really fries my a**), it looks hideous, still a problem with memory leak and now its spying on me. No sir, I don't like it. |
|
SpannerITWks
Premium
join:2005-04-22 | reply to DevilFrank
Irondell
It's also got a security bug in it that's still unresolved !
Spanner |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
2 edits | reply to DevilFrank
it tried rss feed and was greeted with a prompt to use either Live bookmarks, Yahoo and Google reader or any other application. Could choosing Google reader be the cause?
edit: never mind i see that is not the app.
Cudni
--
Some are born to failure, others achieve it, all deserve it.Help yourself so God can help you.MVP, Microsoft Windows Security 2006 |
|
ZZZZZZZ
Premium
join:2001-05-27
PARADISE
| reply to hpguru
said by hpguru :Say what!? Firefox is spyware? Spyfox??? LOL!! Oh look ...MR.IE fanatic is making jokes!
--
BRING OUR TROOPS HOME,NOW!!!!! |
|
SUMware
Premium
join:2002-05-21
| reply to DevilFrank
This is also related:
Type 'safebrowsing' into 'about:config' to view the various preferences, then take a look at
this mozillaZine site for information. |
|
mers2
Premium,MVM
join:2004-03-20
USA
clubs:
 ·AT&T U-Verse
| reply to Irondell
The author of Nightly Tester Tools pulled his tool from the Mozilla add ons site. If you want the upgraded version of the extension that works with 2.0 you have to go to his site: »users.blueprintit.co.uk/~dave/we···/nightly
I've found Mr. Tech Local Install extension works better and have begun using that.
I'm using 2.0 with all of my old extensions but TBE. The other 2 that wouldn't run were tweaked with Mr. Local Install »www.mrtech.com/extensions/local_install/ and run perfectly. TBE hasn't been updated in almost a year and has gotten buggy. I'm very happy with 2.0
Cookies are harmless and not true spyware. If you're that paranoid, you can always delete cookies.
--
Team Discovery
|
|
Mele20
Premium
join:2001-06-05
Hilo, HI
1 edit | said by mers2 :I'm using 2.0 with all of my old extensions but TBE. The other 2 that wouldn't run were tweaked with Mr. Local Install » www.mrtech.com/extensions/local_install/ and run perfectly. TBE hasn't been updated in almost a year and has gotten buggy. I'm very happy with 2.0 Cookies are harmless and not true spyware. If you're that paranoid, you can always delete cookies. I sure wouldn't claim that TBE hasn't been updated in "almost a year". Maybe 7.5 months is a year to you (you must be a lot younger than me  ) but to me it isn't. TBE was updated last in March. I have it working fine in 2.0 (with only one small error popping up when opening Fx and occasionally it will popup during using Fx but only maybe once in two or three days) and no other problems after I figured out how to configure it so it wasn't conflicting with 2.0's new abilities for tabs). I see no reason not to use it. The only thing I am unhappy about with TBE in 2.0 is not having favicons in the tabs. I started using Piro's Tab Catalog as a substitute and I like it until I get too many tabs open as there is no way I can see to scroll the catalog.
As for those cookies, I have Fx set to ask each time and I have it set to block all Google cookies. I would never give Google a cookie. (It really pisses me off that this site forces 6 google cookies on me anytime I am logged out for some reason. I never log out but if I use my other computer, I get logged out on this one and get logged out sometimes for no known reason. There is no way to login on Fx , on IE there is though, without allowing the google cookies. Yes, I can delete them but Google has them for long enough and I hate that...almost makes me want to use IE here. Yes, I use Customize Google but contrary to what Nil said that doesn't stop the google cookies from here before I can login but this doesn't happen on IE (although maybe they are hidden when on IE).
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.ie7.com/ |
|
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| said by Mele20 :As for those cookies, I have Fx set to ask each time and I have it set to block all Google cookies. I would never give Google a cookie. (It really pisses me off that this site forces 6 google cookies on me anytime I am logged out for some reason. I never log out but if I use my other computer, I get logged out on this one and get logged out sometimes for no known reason. There is no way to login on Fx , on IE there is though, without allowing the google cookies. Yes, I can delete them but Google has them for long enough and I hate that...almost makes me want to use IE here. Yes, I use Customize Google but contrary to what Nil said that doesn't stop the google cookies from here before I can login but this doesn't happen on IE (although maybe they are hidden when on IE).
What site are you referring to here? DSLR? I log in all the time without any Google cookies. Is Nil one of the posters in this thread? Sorry you've lost me. |
|
ttiiggy
Premium
join:2001-03-27 | reply to DevilFrank
I guess I will just stay with something that I KNOW has all of these bugs built in: MS Internet Explorer. |
|
yock
TFTC
Premium
join:2000-11-21
Fairfield, OH
| reply to DevilFrank
Has anyone stopped to think that maybe Google just wants to see which feeds are the most popular so they can rank them in a google search? It's how everything else they do works...
--
Wiki Wiki
Laughter is the closest distance between two people. --Victor Borge |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
| reply to Mele20
quote:
It really pisses me off that this site forces 6 google cookies on me anytime I am logged out for some reason.
What six cookies are you saying are being forced upon you?
Please list them for me/us.
No Google cookies are asked to be set when visiting here but being you YMMV .
--
"Wise men talk because they have something to say; fools, because they have to say something". - Plato |
|
rgillis70
Premium
join:2002-12-30
Herndon, VA
| reply to swhx7
said by swhx7 :What site are you referring to here? DSLR? I log in all the time without any Google cookies. Is Nil one of the posters in this thread? Sorry you've lost me. Nil is one of the people that does web design for this site for Justin. |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
2 edits | reply to DevilFrank
The mechanism described in the legroom.net page is spyware by any reasonable definition: it transmits data about what the user is reading, without consent that would be appropriately informed on the part of a typical user.
Google is more reputable than the makers of sneakier spyware, and if asked about this may point to some beneficial purposes, but these circumstances do not exempt the favicon trick from the spyware category. The Google/Firefox collaboration has crossed a line here.
said by yock :Has anyone stopped to think that maybe Google just wants to see which feeds are the most popular so they can rank them in a google search? It's how everything else they do works...
That probably is one purpose, and it is innocuous. However, it does not rule out additional purposes. Another obvious use of the data is for marketing. Advertisers will pay a lot for detailed profiles on individuals. Maybe employers, lenders, and investigators can buy them too. And of course Google has the same profiles available when FBI/HS requests with a subpoena or "National Security Letter". Also the fact that some purposes are harmless doesn't mitigate the lack of informed consent.
The article goes too far in this statement:
said by article :
After all, Google already knows what you search for, what and who you e-mail, who you chat with and what you chat about, who you socialize with, what your social life looks like, what files are stored on your computer, what documents and spreadsheets you work on, what you blog about, what pictures you share, what you shop for, what newsgroups you read, what current events you keep up with, how you run your website, what stocks you monitor, what books you like to read, and, of course, what newsfeeds you read.
This holds true only for a person who uses all the Google services and with persistent cookies or user IDs on all of them. Most web frequenters use only a few of the Google services.
Edit: fixed typo |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
2 edits | reply to DevilFrank
When users open a feed, FF2 grabs 4 favicon.ico files from www.bloglines.com, add.my.yahoo.com, fusion.google.com, and the site hosting the feed. When the request is made to fusion.google.com it responds with a 302 redirect and attempts to set a cookie. FF2 redirects the request to »www.google.com/favicon.ico.
So FF isn't spying but grabbing remote files from sites unrelated to the initial request seems blatantly stupid at best.
--
Where's Jesus?
Dear Jesus! |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| hpguru, you've merely re-described the same set of facts and interpreted it as dumb implementation rather than spying.
The fact remains that data about the user is transmitted without informed consent and linked with a unique user ID. Certainly smart people can make mistakes, but when it's well-designed to serve certain purposes it's more likely intended than accidental. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| said by swhx7 :hpguru, you've merely re-described the same set of facts and interpreted it as dumb implementation rather than spying. The fact remains that data about the user is transmitted without informed consent and linked with a unique user ID. Certainly smart people can make mistakes, but when it's well-designed to serve certain purposes it's more likely intended than accidental. FF2 is just doing what browsers do. It connected to a site and that site tried to set a cookie. Seems normal. Now if you don't like 3rd party cookies then just disable them in Firef... Oh, never mind. 
You can call it malicious or whatever if you like but it is still bad design. They could have with permission stored the icons in a dll or just do without them altogether. Downloading them is stupid if for no other reason than it gives rise to controversies like this one. Dumb!
--
Where's Jesus?
Dear Jesus! |
|
