dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10013
share rss forum feed


FF4m3

@bhn.net

Firefox 'New Tab' Feature Exposes Users' Secured Info

Firefox 'new tab' feature exposes users' secured info: Fix promised:

Privacy-conscious users have sounded the alarm after it emerged the "New Tab" thumbnail feature in Firefox 13 is "taking snapshots of the user's HTTPS session content".

Mozilla acknowledged that the behaviour was undesirable and promised a patch. In the meantime, the browser and email client firm points privacy-conscious users towards various workarounds, as a statement (below) explains.

We are aware of the concern and have a fix that will be released in a future version of Firefox. Mozilla remains resolute in its commitment to privacy and user control. The new tab thumbnail feature within Firefox does not transmit nor store personal information outside the user's direct control.

The new tab thumbnails are based on users' browsing history. All information is contained within the browser and can be deleted at any time. Users can also switch back to using blank new tab screens by clicking the square icon in the top right corner of the browser. That will change the default preference to show a blank page, rather than the most visited websites when a new tab is opened.

Users who share their computer or use Firefox on a public computer should follow best practices for protecting their privacy by utilizing the built-in privacy tools in in Firefox, such as Private Browsing Mode.
Firefox 13 was released on 5 June, adding new features including updated new tab and home tab pages. The updated new tab page feature is broadly akin to the Speed Dial feature already present in other browsers and displays cached copies of a user's most visited websites.

Users can disable the 'New Tab' feature by making the above shown changes in about:config.

art22gg
Premium
join:2005-02-16
Courtenay, BC
kudos:6

Wow...Thanks for that...Made the changes...
I also think this should be posted in the Mozilla forums in case someone misses it here!!
Will reference it...



DownTheShore
Honoring The Captain
Premium
join:2003-12-02
Beautiful NJ
kudos:13
reply to FF4m3

Doesn't look like the Pale Moon iteration of FF has this feature to begin with.



therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to FF4m3

Click for full size
At what point does it capture the thumbs?
Might it have captured my BoA login screen with my account number filed in?

To me, it's like, do I care? (Not.)

(Would you rather it be logging https: or my porn sites .)


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1

chrome and browser in android have a problem with incognito mode.



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

reply to FF4m3

Title's somewhat confusing, I came in here wondering how the heck could opening a new tab expose info, only to find out it's about Firefox's half-assed Speed Dial.

Silly Firefox not stopping to think, "maybe we shouldn't add https sites to this."
--
Think Outside the Fox.



planet

join:2001-11-05
Oz
kudos:1

Doesn't seem to be present in Fx ESR 10.0.5 either.



rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA
Reviews:
·Time Warner Cable
reply to FF4m3

I clicked on the square in the upper right corner of the screen and got the blank new tab screen back. I then looked at about:config and I saw that the new tab option (browser.newtabpage.enabled) is user set to false now. That appears to take care of the issue as described. I left it as user set and closed about:config.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.


HarryH3
Premium
join:2005-02-21
kudos:3
reply to FF4m3

Thanks for the update! I don't use that "feature" anyway so it's now disabled.



goalieskates
Premium
join:2004-09-12
land of big
reply to FF4m3

duplicate post, sorry



goalieskates
Premium
join:2004-09-12
land of big

2 recommendations

reply to FF4m3

quote:
We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate, but this is a good example of why they need to slow down their release schedule a little. You can't just say "oops" and count on the user base all getting the word they need to change a setting.

After all, with silent updates Mozilla took responsibility for security, and they pushed the hell out of FF13 with dire warnings about same.


therube

join:2004-11-11
Randallstown, MD
reply to planet

> Doesn't seem to be present in Fx ESR 10.0.5 either.

It wouldn't be.
ESR is feature frozen, only receiving security fixes (generally).



FF4m3

@verizon.net
reply to planet

said by planet:

Doesn't seem to be present in Fx ESR 10.0.5 either.

the "New Tab" thumbnail feature in Firefox 13


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to FF4m3

Where did the ridiculous name "new tab thumbnail" come from? It is Fx's idea of Speed Dial (which I hate and turned off immediately in browsers that have it). All tabs already have thumbnail don't they in Fx? They do in SeaMonkey. (I use TBE 3 and related extensions on Fx so I have thumbnails via one of those extensions so I don't know what plain Fx has but I assume it has thumbnails already). This new feature should have a better name. Speed Dial has zero relationship to thumbnails on tabs.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to art22gg

 

Wow usually they arent that careless!!! (Thier spying cant be detected by end users)



Its good someone noticed this



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by Dude111:

Wow usually they arent that careless!!! (Thier spying cant be detected by end users)...

So, if the code's open source and end users can't detect spying, on what factual basis do you know they do (spying on users, that is)?
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

Well with all NEWER software you gotta assume some type of spying is going on.... (ESPECIALLY FROM MICROSOFT)



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by Dude111:

Well with all NEWER software you gotta assume some type of spying is going on.... (ESPECIALLY FROM MICROSOFT)

But what is your factual basis for your assertion that some type of spying is going on in Firefox? (Particularly since this is not a Microsoft browser, and in fact is built with open-source code that anyone can inspect.)
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775

LondonOntGuy

join:2004-05-12
London, ON
reply to FF4m3

Re: Firefox 'New Tab' Feature Exposes Users' Secured Info

So tell me, why do people continue to 'update' Firefox?


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

A lot of folks have Fx 10 Enterprise which is frozen except for security updates. It doesn't have new tab and won't have all the crap that is to soon be foisted on Fx users who are on the regular update channel.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable
reply to goalieskates

said by goalieskates:

quote:
We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate,

It wasn't an accident.
The developers thought it was a good feature.


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12

1 edit

1 recommendation

reply to LondonOntGuy

 

quote:
So tell me, why do people continue to 'update' Firefox?
I dunno bud.... To me the FF 1.5 series is the best! (1.5.0.5 to be exact) looks and runs the best!


Anon users

@anonymouse.org
reply to Snowy

Re: Firefox 'New Tab' Feature Exposes Users' Secured Info

Oh, i see, Mozilla didn't fix 10.0.5esr for Flash 11.3 bug to push ya to v13... fine, my https is very safe with AES256, not RC4


Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to Snowy

said by Snowy:

said by goalieskates:

quote:
We are aware of the concern and have a fix that will be released in a future version of Firefox.
I'm sure it wasn't deliberate,

It wasn't an accident.
The developers thought it was a good feature.

No, they thought that since Chrome has the feature, and Opera then decided to add it, that Fx better have it also....heaven forbid that Fx actually be a unique browser rather than a "me too" one constantly imitating the rival it fears.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA
Reviews:
·Time Warner Cable

1 recommendation

I am glad to see that it is easy to turn the new tab feature off, because it was somewhat annoying to have the screen open with all the "thumbnails." To find out that using the thumbnails, which I never did, to open a link would be a security issue, was more than annoying.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.


Bobby_Peru
Premium
join:2003-06-16

said by rcdailey:

I am glad to see that it is easy to turn the new tab feature off, because it was somewhat annoying to have the screen open with all the "thumbnails." To find out that using the thumbnails, which I never did, to open a link would be a security issue, was more than annoying.

Luddite!


Grail Knight

Premium
join:2003-05-31
Valhalla
kudos:6
Reviews:
·Verizon Online DSL
·Time Warner Cable
reply to Snowy

quote:
The developers thought it was a good feature.
Well it is a good feature IMO abet not planned out with an eye on security yet as it is easily disabled the issue is fixing it and letting users now about the potential security issue.
--
"Paranoia, the destroyer"


Davesnothere
No-BHELL-ity DOES have its Advantages
Premium
join:2009-06-15
START Today!
kudos:7
reply to Mele20

said by Mele20:

....heaven forbid that Fx actually be a unique browser rather than a "me too" one constantly imitating the rival it fears.

 
Very True.

More recently along the way, Fx has changed many functionalities/layouts/appearances to be more like the newer IE, enough so that MY goat has been gotten.

I feel that one of the larger OLD reasons for many of us switching to earlier Fx from IE (other than security) was that M$ had made such drastic changes in IE7 (& Vista) that Fx became a way to have a newer browser which looked more like IE6, but with TABs, a reason quite valid at the time.

--

We have only 2 things about which to worry :
(1) That things may never get back to normal
(2) That they already HAVE !
-
START Forum »Start Communications
Or you can still use Canadian Broadband.



FF4m3

@bhn.net
reply to FF4m3

Firefox’s New Tab Page Not Showing Websites or Thumbnails?:

There are two major issues with the new tab page that users may experience. They first may notice that no websites are added to the new tab page, regardless of what they do. The feature is linked to the browser’s history, and most users who do not see websites added to the new tab page have either turned the history feature off, have configured Firefox to delete the history when the browser closes, or are using a tool like CCleaner to remove the information from the browser regularly.

If you see no thumbnails at all, the reason is likely linked to the clearing of the Firefox cache. Firefox uses the cache for the thubmnails, and if you clear the cache from within Firefox, for instance on exit, or with the help of a disk cleaner, you end up without thumbnails on the page.

Firefox "New Tab" Feature Using Screen Shots of Browsing Sessions Including Banking Visits... by Sean Kalinich:

Firefox has caught up with Google’s Chrome browser when it comes to insecurity.

After forcing updates on unsuspecting users (we turn on the computer the other day to be told it was already updated) the newest version of Firefox apparently takes screen shots of your pages to put them into their Tab-Thumbnail view including sites that might be encrypted or secure connections (like your banking information). This is a pretty big privacy issue and one that has quite a few people upset.

Firefox has been made aware of the issue and are working on a fix, but do not have one just yet. When they announced the decrease in the amount of time between releases of Firefox builds we worried that this might be a side effect. After all with the smaller timeline more bugs are bound to get through QA. In fact we do not even get why FireFox and Google need this style of release schedule. More often than not a new update breaks plug-ins changes some security settings and in general screws things up.

If Firefox and Google really want to compete they need to slow down and get things right. After that Google needs to remove all of the tracking and other unneeded crap from Chrome (do you really need to change the registry entries for .html and .htm to force the use of the chrome extensions?).

I do not know about you, but I still think that taking a screen shot and storing it even if it is only contained in the browsing history is a problem. No Browser should be taking screen shots of what a user is doing; it really is as simple as that. We tend to be on the extremely paranoid side these days and wipe all data when the browser closes just to be sure…



whizkid3
Premium,MVM
join:2002-02-21
Queens, NY
kudos:9
reply to FF4m3

said by FF4m3 :

Users can disable the 'New Tab' feature by making the above shown changes in about:config.

Thanks. Can someone explain how to get to about:config ?
(Some of us are not as savvy.)