
Firefox add-on with 7m downloads secretly tracks your browsing history - toni
http://iwtf.net/2011/05/10/ant-video-downloader-firefox-addon-tracking-my-browsing/
======
fligtar
I'm from the add-ons team at Mozilla.

We've looked into the Ant Video Player and found that it does send information
about websites users visit in order to power its ranking feature displayed for
each website, and also includes a unique identifier in this communication.
While this does not violate our policies, we do require it to be disclosed in
the privacy policy and the add-on's description. We have contacted the
developer and asked them to correct this.

The developer has been in communication with us and says that they destroy all
user-identifiable information from their logs, and that their privacy policy
and add-on description will be updated to reflect that. They'll also show a
notice about this on their first-run website.

Additionally, the AntRank feature that uses this tracking can be disabled.

Add-ons publicly available in our gallery have been reviewed for security
problems, and add-ons that aren't marked as experimental have been fully
reviewed for a range of other issues as described in our hosting policies.
Because developers set their own privacy policies and can update them any
time, it is more difficult for us to review them for compliance with their own
rules. We encourage users to always read an add-on's privacy policy if one is
provided and to use the Report Abuse link if anything suspicious is noticed.

~~~
jimrandomh
You should also require that AntRank be disabled while in private browsing
mode.

~~~
fligtar
Private Browsing Mode is for browsing without storing information on your
computer. It has nothing to do with websites tracking you; that's what the Do
Not Track feature is. We do require that add-ons respect Private Browsing
Mode, and our privacy team is working on a recommendation (not a requirement)
that add-ons also honor the user's Do Not Track preferences.

As the person who implemented Private Browsing describes: _Private Browsing
aims to help you make sure that your web browsing activities don't leave any
trace on your own computer. It is very important to note that Private Browsing
is not a tool to keep you anonymous from websites or your ISP, or for example
protect you from all kinds of spyware applications which use sophisticated
techniques to intercept your online traffic. Private Browsing is only about
making sure that Firefox doesn't store any data which can be used to trace
your online activities, no more, no less._

[http://ehsanakhgari.org/blog/2008-11-04/dont-leave-trace-
pri...](http://ehsanakhgari.org/blog/2008-11-04/dont-leave-trace-private-
browsing-firefox)

------
nikcub
_"This add-on has been preliminarily reviewed by Mozilla."_

What that entails:

 _"When performing a preliminary review, editors will review the source code
for security issues and major policy violations, but will not install the add-
on to test functionality in most cases. Preliminary review will be granted
unless a security vulnerability or major policy violation is discovered."_

From: [https://addons.mozilla.org/en-
US/developers/docs/policies/re...](https://addons.mozilla.org/en-
US/developers/docs/policies/reviews#preliminary)

Extensions marked 'experimental' are not fully reviewed. Which is why they
probably left this plugin marked as 'experimental'.

You can't blame the users since they are installing from a Mozilla page and
trusting the brand. I hope this triggers a review of those procedures at
Mozilla, since I would consider sending back every site you visit a 'major
policy violation'. Very scary.

Edit: they may also want to change the 'experimental' policy and set a time
limit to how long an extension can remain experimental, and not list them in
the default directory unless users (more advanced users) specifically seek out
experimental extensions

~~~
jokermatt999
I'm not sure if this is still the case, but you used to have to make an
account and log in to actually install an experimental add on. There was also
a clear warning as well.

I definitely agree with setting a time limit, if feasible.

------
sudonim
It also makes you wonder what "Verified Safe by Norton" means on the page for
their video downloader.

<http://www.ant.com/video-downloader>

<http://safeweb.norton.com/report/show?url=www.ant.com>

The community rating contradicts norton's rating.... sigh.

------
zerosanity
A quick fgrep found the code making the requests to their servers:
<http://pastie.org/1932287>

Edit: Further code browsing points to the "rank" feature. They rank all URLs
that are http/https and the host isn't "localhost". I'm guessing, but if you
turn of ranking in the preferences, it will stop logging your page views.

~~~
sudonim
Why not try and track down Dima Sidorchenko (the guy in the header of the
source)?

Google thinks the name is Dima Sidorenko and offers up this guy who is a
programmer: <http://twitter.com/#!/shadow1278>

Unless it is Sidorchenko and Dima is a nickname in which case "Dmitriy
Sidorchenko" might get better results.

~~~
stevoski
Dima is a standard Russian-language short form for Dmitriy. Like Pete for
Peter in English.

The name Sidorchenko sounds Ukrainian.

------
mickeyben
I don't really see the issue here, isn't all of that stated in the privacy
policy of the extension ?

[https://addons.mozilla.org/en-US/firefox/addon/video-
downloa...](https://addons.mozilla.org/en-US/firefox/addon/video-downloader-
player/privacy/)

 _Ant.com collects non-personally-identifying information when you are
visiting our site or using our software applications, this infomation made
available typically from web browsers and servers. Some of the infomation type
is: the Uniform Resource Locator (URL) of the web page from wich you came, the
date and the time for each page you view, settings such as browser languages,
etc._

 _Ant.com also collects infomation made public to us that can be considered
personally identifyable, such as your internet protocol (IP) address. Ant.com
does not use such information to identify its visitors and does not disclose
such information._

~~~
barrkel
"The web page from wich you came" is just the HTTP "Referer" field; almost
every web site in existence collects that as a matter of course. To claim that
it covers universal monitoring of all users' web traffic is obscene.

I'm also fairly sure that one can find personally "identifyable" information
from URLs that go far beyond mere IP addresses.

Why is ant.com domain info privacy protected anyhow? Seems pretty fishy to me.

------
rsoto
The lesson here: don't install shady addons, just as you aren't installing
every damn toolbar out there.

Also, this is enough to sue, isn't it?

~~~
EwanToo
Rather depressingly, this wasn't so much a shady add-on, as one that was meant
to have been vetted by Mozilla.

From the Mozilla Add-Ons FAQ @ <https://addons.mozilla.org/en-US/firefox/faq>

Are add-ons safe to install? Unless clearly marked otherwise, add-ons
available from this gallery have been checked and approved by Mozilla's team
of editors and are safe to install. We recommend that you only install
approved add-ons. If you wish to install unapproved add-ons or add-ons from
third-party websites, use caution as these add-ons may harm your computer or
violate your privacy. Learn more about our approval process

~~~
starwed
_"Unless clearly marked otherwise"_

This add-on _was_ marked otherwise. (Well, according to the claims above.)

You can definitely argue that having unvetted add-ons on the site at all is
bad, but your particular point isn't relevant.

------
gluejar
about 150,000 people have downloaded the bit.ly preview add-on, which tells
bit.ly everything you visit: [http://go-to-hellman.blogspot.com/2010/05/bitly-
preview-add-...](http://go-to-hellman.blogspot.com/2010/05/bitly-preview-add-
on-leaks-user.html)

------
raintrees
Bigend at work? Blue-Ant? Thanks, Mr. Gibson...

And thanks to Simon, I am having a hard enough time with my work and personal
to do lists, testing all of my tools for their extranet behaviors is not
something I look forward to adding to them...

------
dedward
Privacy policy or not - if it's purpose is to be a video downloader, but it
tracks stuff when you are doing something other than video downloading - it's
sneaky at best, however it's presented.

------
masklinn
And that's why I have Little Snitch on my machine.

~~~
gyardley
I have Little Snitch on my machine too, but I've set up a rule that allows my
browser to make calls to port 80.

Are you saying you don't have a generic rule in place, and are instead using
Little Snitch to approve calls to port 80 for every new domain you visit? If
so, that'd certainly work, but it seems more than a little impractical.

~~~
masklinn
> Are you saying you don't have a generic rule in place, and are instead using
> Little Snitch to approve calls to port 80 for every new domain you visit?

Yes. And I do the same with cookies.

I do allow connections (and cookies) permanently to "trusted sites", but
that's the exception rather than the rule.

~~~
Pistos2
Wow, and here I thought I was the only one that did that! I do the same,
though with Opera's built-in cookie control features.

------
cake
I've seen this before in an other smaller extension (I can't remember which)
while I was studying how it worked, but fortunatly the code was commented.

Firefox extensions are just plain zip files, I wonder why he hasn't checked
the code.

------
benmccann
I'm not familiar with Mozilla's add-on policies. Is this an issue due to the
user tracking? Or is it because the privacy policy didn't make it clear this
was happening?

------
neanderdog
do a 'whois' on ant.com. I thought it interesting.

~~~
user24
Why, because they have whois privacy? That's not so unusual.

~~~
barrkel
For individuals, e.g. blogs and the like; sure. Something which seems awfully
like a company (it looks like they're trying to build a search engine); that's
much dodgier to my mind.

------
spydum
Yet another reason to browse through an interception proxy. Know what you are
sending -- it can be enlightening.

------
derleth
The Ant Video Downloader has been reported as spyware.

------
runjake
Spoiler: Submission title is bait. He calls out "ant video downloader".

------
suyash
You should talk to a good attorney and file a Lawsuit against Mozilla and
Ant.com, this could be big!

------
willidiots
Seems like an overreaction, imho. This is likely a case of poor Privacy Policy
writing and general ineptitude, rather than deliberate evil.

From their feature list: "Easy to use : when a video is detected, the download
button becomes clickable." - i.e. our plugin sends all URLs to us for
analysis, we respond telling the plugin whether to activate the button

"Integrated Traffic Rank indicator for all the sites you visit." - i.e. we
need a way of measuring unique visits to everything

Still, interesting, and good on this guy for bringing it into the public eye.

~~~
cont4gious
but absolutely none of that requires a unique identifier, which is where this
article focuses most of it's gripe.

~~~
willidiots
It seems like the "Integrated Traffic Rank indicator" could, if they wanted to
distinguish uniqueness by _users_ rather than unique IPs.

Not that it's a good idea.

~~~
beagle3
While I usually follow "do not ascribe to malice that which is adequately
explained by stupidity", I don't think this case is adequately explained by
stupidity.

------
feydr
oh no! say it isn't true!!! it tracks our browsing history!!??!?! that's like
as bad as dropping bombs on 8 year olds in iraq isn't it!

------
natmaster
Chrome tracks your browsing history... why do people suddenly care when
there's an addon for Firefox that does that?

~~~
MattBearman
I'd like to see some proof of that. Or in the words of Wikipedia, 'Citation
Needed'

~~~
sp332
Chrome sends every keypress in the URL bar back too Google.
<http://www.google.com/chrome/intl/en/privacy.html> _When you type URLs or
queries in the address bar, the letters you type are sent to your default
search engine so the Suggest feature can automatically recommend terms or URLs
you may be looking for._

~~~
code_duck
The autocompletion can easily be turned off.

Anyhow, what is typed on the URL bar is only a small subset of sites visited.

------
WalterGR
Like Apple products, Firefox branded itself as malware proof.

\---

[http://web.archive.org/web/20041127034451/http://www.mozilla...](http://web.archive.org/web/20041127034451/http://www.mozilla.org/products/firefox/)

"“Beware of spyware. If you can, use the Firefox browser.” - USA Today"

"Privacy and Security

Built with your security in mind, Firefox keeps your computer safe from
malicious spyware by not loading harmful ActiveX controls. A comprehensive set
of privacy tools keep your online activity your business."

\---

While that's technically correct - Firefox couldn't (can't?) load ActiveX
controls, therefore it could't load _harmful_ ActiveX controls - the Firefox
extensions system has permitted installation of executable code for a long
time, if not since its inception. Since that's what ActiveX is, more or less,
Firefox has never been any more secure in that respect than e.g. Internet
Explorer.

Like Apple products, as Firefox becomes more popular (and therefore a jucier
attack target) there will be more malware that targets it.

~~~
kevindication
The difference being that you have to decide to install this harmful
extension. ActiveX just gets loaded during regular browsing.

~~~
WalterGR
ActiveX hasn't worked that way for a long time. At least since XP SP2,
released 2004. Possibly even before then - I'm not sure exactly what XP SP2
changed.

Edit: Fix typo.

