Mozilla removes recommended security extension from blog post after criticism
Firefox removed the Web Security security extension from its own blog post after recommending it there. It was criticized after its release for allegedly tracking users’ browsing history. The developer of the extension disputes this.
The related Mozilla blog post was about improving the privacy protection of the Firefox browser by installing various extensions. The organization mentions well-known names such as Privacy Badger, Disconnect and Decentraleyes, but the mention of Web Security, an add-on with about 222,000 users, has since disappeared. That happened, according to Bleeping Computer, after Raymond Hill, the developer of the uBlock Origin extension, told Reddit that Web Security makes a POST request to a remote server every time a user visits a website.
Then similar posts appeared on the blog of German pentester Mike Kuketz, in which he stated that the extension does indeed transmit sensitive data about users’ surfing behavior via an unencrypted connection. For example, the extension would forward a visited page along with the previously visited page. That data itself would be encrypted.
The extension’s developer, Creative Software Solutions, said in a response to Bleeping Computer that it monitors sites a user visits against a blacklist, making “communication between the client and the server unavoidable.” The company would keep the data collection as small as possible and not record it in logs. It points out that its servers are located in Germany and that the protection of the GDPR applies. In a response to The Register, the developer also states that it is working on a new version of the extension to prove that everything works properly.
The company further claims that Mozilla has verified its extension. A Mozilla spokesperson told the site that it is investigating the “comments from the community.” The reference to the extension would have been removed as part of this investigation. Similar cases have occurred before with extensions like Web of Trust and Stylish.
Description of the extension, via Mozilla Add-ons