Firefox extensions that hurt privacy (was Re: Warnings on the download page)

Roger Dingledine arma at mit.edu
Tue Mar 13 06:27:35 UTC 2007


On Thu, Mar 08, 2007 at 05:30:57AM -0500, Roger Dingledine wrote:
> Mike and I just whipped up an early version of this here:
> 
> http://tor.eff.org/download.html.en#Warning

I've just added another sentence to the pile of warnings:

"Consider removing extensions that look up more information about the
websites you type in (like Google toolbar), as they may bypass Tor and/or
broadcast sensitive information."

I added this because periodically people show up on the IRC channel
saying they followed our instructions exactly, but their sniffer still
says they're doing DNS resolves. And in many cases we track it down to
some esoteric extension that does geolocation for the websites they type
in, or lists the IP address that they're hitting, or something like that.

I guess that some Tor users have a whole mess of other extensions
installed. I have no idea if these users are smart enough to realize
potential problems, but probably not all of them are.

The last person who had this problem wrote this wiki page for us:
http://wiki.noreply.org/noreply/TheOnionRouter/DangerousFirefoxExtensions

Have you experienced other extensions that have this behavior? (Perhaps
you're running one right now and you didn't realize? ;) Would somebody
here like to take charge to organize a list and keep it maintained?

Thanks!
--Roger



More information about the tor-talk mailing list