April 6, 2020
firefox add on web security

This Popular Firefox Add-On with Over 220K Downloads was Caught Secretly Collecting Users’ Data

The Firefox Add-on Web Security, an extension with more than 220,000 downloads was clandestinely collecting users’ browsing history…

Firefox by Mozilla uses what it calls “Add-ons” for different purposes. These third-party extension integrate into the third-most popular browser on the web. Combined, there are millions of downloads. One popular Add-on, with over 220,000 installs was just found behaving badly. 

Firefox Add-On Web Security Secretly Collecting User Browsing History

The extension in question is Web Security. It currently claims 222,746 downloads and scores of positive reviews. The Add-on even scooped up a recommendation from the official Firefox blog last week. Ironically, the blog is titled, “Make your Firefox browser a privacy superpower with these extensions.”

However, one reader found something odd with the Add-on and wrote about his discovery on Reddit:

“With this extension, I see that for every page you load in your browser, there is a POST to http://136.243.163.73/. The posted data is garbled, maybe someone will have the time to investigate further.”

Mike Kuketz, a German privacy and security blogger, echoed the same concern.  Within hours of Kuketz posting an article about the behavior, a forum user decoded the mystery. That user found the Add-on was secretly transmitting the URLs of visited pages to a German server.

Firefox Add-On Web Security

This practice violates Mozilla’s Add-on Portal guidelines. In fact, the company recently removed two other extensions, Stylish and Web of Trust, from its platform for nearly the same behavior in the past two years. Meanwhile, the Web Security extension remains in the portal.

A spokesperson from Creative Solutions, the company which built the Add-on, issued a statement which says their team is looking into the matter. It also states the “Addon has also been processed by Mozilla’s stringent Verification staff, which have specifically approved all communication that occurs.”

Owen E. Richason IV

Covers social media, apps, search and like news. History buff, movie and theme park lover. Blessed dad and husband. Owen is also a musician and is the founder of Groove Modes.          

View all posts by Owen E. Richason IV →