What to do about Junk Firefox Ad-Ons??Amen to that VM! Couldn't have been better put. Folks really need to start at Page 1.
#KeepFightingMichael and Alex.
Maybe a new topic could be started (or edit the first post on this one) with all the conclusions and facts gathered here during the last 3 months. It's almost reaching 500 posts, so it's not easy to read it all or even get some sense out of it. It would be handy to filter out all the off-topic / misunderstandings.
What do you think of this?
Anyway, I would like a mod's opinion about making this a new thread (and most probably closing the current one). ---------------------------------------------------------- The purpose of this thread is to make people aware of some tactics used in extensions considered by some people not worth of the AMO (addons.mozilla.org) "trust" seal. It has also the purpose of discussing the AMO quality standards and the views on these and other extensions that might be considered harmful for common users. At the end of September meatus brought to light to the mozillaZine community the actions made by a set of extensions build upon the same code base. Those extensions were collecting data and uniquely identifying users without notifying them. This caused some stir into the community as most of the people thought that AMO had a high quality standard and sought to protect users from such tactics, thing that we realized wasn't true. AMO doesn't even have a policy for extension submitting. After that a lot of discussion was done (you can read the full thread here). Some people treating them as Spyware and some others saying they weren't doing anything wrong. AMO stand on this was mostly ignoring it. The issue took heat again at the end of November when the developers submitting these extensions abused the system because of an AMO code bug (we can't call it a real bug but they put too much trust into developers). They started to bump their extensions into a daily basis effectively hijacking the AMO newest listing. This brought more people concerned about the issue and made some, like me, start a deep review of the extensions inners as well as learning about all the facts about it. The findings are posted at the end of this post (Analysis of a Conduit based extension). A list of the extensions being driven by Conduit code was made (attached next to this introduction). Conduit has a tool for development ignorant people to be able to make toolbar-like Mozilla extensions. With this service they can build a tool integrated into Mozilla related to an already existing community (as they state). Some people say this is a benefit for people and some say they don't serve any useful purpose. AMO doesn't judge the usefulness of an extension. After days passed the dissatisfaction with AMO admins was growing larger as they weren't doing anything to stop the mess, and some heated accusations were issued. To cut down the rage and start moving forward we started to fill bug reports about the extensions that still weren't warning users about the data collection. A policy draft was posted and a talk back page linked so the community can help build the AMO extension policy. A description of an improved review process for extensions to be added to Remora (the next iteration of AMO codebase) was also posted at a personal blog. fligtar, an AMO developer and admin, was the one posting at the original thread as a spokesperson for AMO. Regretfully, there weren't further comments by AMO admins and fligtar told the community that they wouldn't be participating anymore in the thread. They said they would use a blog, that until today is empty, for further communication. This effectively cut down the nexus between the community and the people administering addons site. JohnM555 posted a Greasemonkey user script that hides these toolbars from AMO. A solution for people that really hate to see them listed at AMO. List of extensions (93 extensions, updated to November 26) Abandonia Toolbar by SupSuper: Version 1.0.1.18, released on Jun 12, 2006 All Yours Chat Toolbar by Admin: Version 1.0.1.18, released on Jun 12, 2006 Anderson Tech Club Toolbar by Kuru Oujou: Version 1.0.1.18, released on Jun 12, 2006 Atom-Sounds Toolbar by Atom Sounds: Version 1.0.1.18, released on Jun 12, 2006 Australia-Radio Toolbar by Joni: Version 1.0.1.29, released on Nov 1, 2006 BBC Bar by Adams: Version 1.0.1.29, released on Nov 4, 2006 Bibirmer Toolbar by David Gordon: Version 1.0.1.29, released on Nov 9, 2006 BobDawgs Pad Toolbar by Robert LaFont, Jr: Version 1.0.1.18, released on Jun 12, 2006 BX Toolbar by Shaggy Software: Version 1.0.1.26, released on Oct 3, 2006 CaresforKids Toolbar by Terry Ballantini: Version 1.0.1.20, released on Jul 25, 2006 Casino Free Money Toolbar by Sergiy Zapisniy: Version 1.0.1.19, released on Jul 15, 2006 Celebs Toolbar by ToolooT Promotions: Version 1.0.1.29, released on Nov 10, 2006 Cengoo.de Toolbar by dersimli: Version 1.0.1.25, released on Sep 28, 2006 CGToolbar by amit: Version 1.0.1.18, released on Jun 23, 2006 Cowgirl Image Toolbar by Cowgirl Image: Version 1.0.1.19, released on Jul 15, 2006 Cowgirl Model Toolbar by Cowgirl Model: Version 1.0.1.19, released on Jul 10, 2006 Dating & Personals Toolbar by Nancy: Version 1.0.1.29, released on Nov 9, 2006 Deutschland Radio by Guy Levy: Version 1.0.1.30, released on Nov 13, 2006 digg.com extension Toolbar by Gareth Poole: Version 1.0.1.28, released on Oct 21, 2006 DVDEmpire Toolbar by Erik Truby: Version 1.0.1.30, released on Nov 12, 2006 EMail_Notifier Toolbar by Shay Refaely: Version 1.0.1.29, released on Nov 7, 2006 ezPharmacyFinder Toolbar by Stuart: Version 1.0.1.18, released on Jun 12, 2006 Forecaster by Arvi: Version 1.0.1.30, released on Nov 1, 2006 Free The Dog Toolbar by FreeTheDog: Version 1.0.1.24, released on Sep 24, 2006 GameSpot Deluxe Toolbar by CorporatBologna: Version 1.0.1.18, released on Jun 12, 2006 GAVSGUIDANCE HELPER Toolbar by Gavin Davies: Version 1.0.1.18, released on Jun 13, 2006 Grigor's_Blog Toolbar by Gregory: Version 1.0.1.18, released on Jun 13, 2006 H2Press Toolbar by Mike Riess: Version 1.0.1.18, released on Jun 13, 2006 Holy Land Radio by Guy Levy: Version 1.0.1.29, released on Nov 3, 2006 HOT-IL Toolbar by Shay Refaely: Version 1.0.1.18, released on Jun 27, 2006 HotWildMisty Toolbar by Hot Wild Misty: Version 1.0.1.18, released on Jun 12, 2006 iasec Toolbar by gerald: Version 1.0.1.18, released on Jun 26, 2006 Indian Radio ToolY Toolbar by Arpit Arora: Version 1.0.1.30, released on Nov 13, 2006 international football Toolbar by steve: Version 1.0.1.29, released on Nov 11, 2006 isr Toolbar by Sharon Steiman: Version 1.0.1.29, released on Nov 1, 2006 Israel Radio (Hebrew Version) by Guy Levy: Version 1.0.1.29, released on Nov 3, 2006 Israel Radio by Guy Levy: Version 1.0.1.29, released on Nov 3, 2006 Jazz Radio by yotam mazar: Version 1.0.1.29, released on Nov 1, 2006 krenar Toolbar by krenar: Version 1.0.1.18, released on Jun 12, 2006 MailMan by Adams: Version 2.0, released on Nov 7, 2006 marvz14 Toolbar by Marvin: Version 1.0.1.18, released on Jun 12, 2006 Michad Computer Consulting Toolbar by Wolf Windshadow: Version 1.0.1.28, released on Oct 30, 2006 MikeAndPetra Toolbar by Petra Richardson: Version 1.0.1.18, released on Jun 12, 2006 MillBar Toolbar by Pelle: Version 1.0.1.14, released on May 12, 2006 Mojabosna Toolbar by Ado: Version 1.0.1.30, released on Nov 12, 2006 Movie Toolbar by Guy Malachi: Version 1.0.1.18, released on Jun 21, 2006 My Informational Toolbar by John: Version 1.0.1.14, released on May 14, 2006 myCampusDates Toolbar by Terry Ballantini: Version 1.0.1.20, released on Jul 25, 2006 myDirtyDates Toolbar by Terry Ballantini: Version 1.0.1.20, released on Jul 25, 2006 myMatchDates Toolbar by Terry Ballantini: Version 1.0.1.20, released on Jul 25, 2006 MyOrkut Toolbar by Arvi: Version 1.0.2.28, released on Nov 1, 2006 myVegasBets Toolbar by Terry Ballantini: Version 1.0.1.20, released on Jul 21, 2006 Nederland Radio by Guy Levy: Version 1.0.1.29, released on Nov 3, 2006 neoaddict Toolbar by Brian: Version 1.0.1.24, released on Sep 26, 2006 NewYork Radio Addon by Ronen Chen: Version 1.0.1.29, released on Oct 31, 2006 Nifty Gifts Toolbar by Tyler Munder: Version 1.0.1.18, released on Jun 12, 2006 night life Toolbar by ToolooT Promotions: Version 1.0.1.29, released on Nov 10, 2006 Online Games Toolbar by Guy Malachi: Version 1.0.1.29, released on Nov 1, 2006 Online Video by Shay Refaely: Version 1.0.1.29, released on Nov 7, 2006 Partnerprogramme Toolbar by Karsten Windfelder: Version 1.0.1.18, released on Jun 12, 2006 PartyPokerBar Toolbar by Richard gold: Version 1.0.1.19, released on Jul 9, 2006 Podcast Search Toolbar by Alex: Version 1.0.1.19, released on Jul 10, 2006 Poker Bar Toolbar by Richard gold: Version 1.0.1.18, released on Jun 16, 2006 profadi Toolbar by Radarette O'Reilly: Version 1.0.1.18, released on Jun 13, 2006 Radio & Gobierno de Puerto Rico - ApoyoTecnico.Com by Magallanes: Version 1.0.1.29, released on Nov 8, 2006 Radio DE Toolbar by dersimli: Version 1.0.1.24, released on Sep 27, 2006 Radio Denmark Toolbar by Ehud Z.: Version 1.0.1.30, released on Nov 12, 2006 Radio Russia by Guy Levy: Version 1.0.1.29, released on Nov 3, 2006 Radio UK by Guy Levy: Version 1.0.1.29, released on Nov 10, 2006 RadioMan by Arvi: Version 1.0.1.29, released on Nov 1, 2006 ralphtips Toolbar by Amer: Version 1.0.1.18, released on Jun 12, 2006 Reel New Media Toolbar by Roula Eatrides: Version 1.0.1.27, released on Oct 12, 2006 Runescape Toolbar by Chris Cunliffe: Version 1.0.1.21, released on Aug 12, 2006 ServMap Toolbar by ServMap: Version 1.0.1.20, released on Jul 19, 2006 SETI-HOME Toolbar by Sharon Steiman: Version 1.0.1.29, released on Nov 1, 2006 SK Software Toolbar by SK Software: Version 1.0.1.18, released on Jun 13, 2006 SparkleBox Toolbar by SparkleBox Teacher Resources: Version 1.0.1.18, released on Jun 12, 2006 Subliminal Directions Toolbar by Subliminal Directions: Version 1.0.1.28, released on Oct 20, 2006 Tbtoyl Toolbar by Massimo DAmico: Version 1.0.1.20, released on Jul 22, 2006 Telliss Toolbar by Terry Ballantini: Version 1.0.1.20, released on Jul 25, 2006 The Fuller Brush Place Toolbar by LadyPzaz: Version 1.0.1.29, released on Nov 1, 2006 Torrent Search by Guy Levy: Version 1.0.1.30, released on Nov 13, 2006 Torrent-Bar Toolbar by Joni: Version 1.0.1.30, released on Nov 14, 2006 torrentools Toolbar by Francesco Passantino: Version 1.0.1.24, released on Sep 27, 2006 trovando Toolbar by Francesco Passantino: Version 1.0.1.24, released on Sep 27, 2006 Turkije.Org Toolbar by Turkije.org: Version 1.0.1.18, released on Jun 12, 2006 webpedia Toolbar by Francesco Passantino: Version 1.0.1.24, released on Sep 27, 2006 Wikipedia Toolbar by Arvi: Version 1.0.2.28, released on Nov 1, 2006 WineZap Toolbar by Enos: Version 1.0.1.18, released on Jun 27, 2006 Worldgroups Toolbar by Playful: Version 1.0.1.29, released on Nov 3, 2006 Ynet News RSS (Hebrew Version) by Guy Levy: Version 1.0.1.17, released on May 31, 2006 Ynet RSS English by Guy Levy: Version 1.0.1.29, released on Nov 3, 2006 YOUTHERE1.com's Toolbar by YOUTHERE1.com: Version 1.0.1.19, released on Jul 10, 2006 NOTE: if you find one not listed here please tell me so and also, if there is one listed that isn't related to the issue please tell me so I can remove it and I give the developer my advanced apology for including it. Analysis of a Conduit based extension Well, I did the check of the Torrent Search 1.0.1.30 Conduit on a sandbox installation with an Open Source network protocol analyzer (ethereal, last version). First I have to say that when you start Firefox without this Conduit (my normal setup has 14 different extensions) you have 0, that means zero, outgoing/incoming traffic. There is some traffic after a while because of the phishing feature associated with Google that you can disable if you prefer but no more than that. After I installed this Conduit I had a lot of traffic at startup. Of course, this could be only each time you start up Firefox but I didn't test it much so I can't say for sure. That might be why some people said these Conduits slow down their Firefox installation. I'm not saying this is wrong (if you are aware of it), just that it bothers me. ![]() The first packet is of course the resolution of users.conduit.com that leads to IP 212.150.236.80. Then we have an HTTP connection on port 80 doing a post to /iis2ebs.asp with this data:
It's suspicious that they use a USERID so I reviewed the code and got this:
The GenerateUserId() function is based on the date to the millisecond level. Of course there could be duplicates but how much people would install the toolbar at the same millisecond? ![]() As you see in the code, they are identifying each one of us with a single ID. They can track you between different IPs this way and you have that number stored in your PC. Moving on the next packets we see another POST telling them we need to update their Conduit #CT329536 (the given number for the Torrent Search Conduit) an because LAST_UPDATE_TIME is empty they know this is the first time we launch it.
The next POST is a request for settings. I assume this brings the last data for each of the Torrent sites supported by the Conduit (that is logo images and last RSS feeds from the Torrent site URL), but I might be wrong.
After this there is a lot of traffic of images and rss feeds (for each of the supported Torrent sites). And the last packet to users.conduit.com is a request for translated strings.
After that there is no more outgoing traffic for users.conduit.com but there is traffic with other sites, and not only to get RSS feeds. It has this call for example, that I don't know for what it is:
I checked the BBC toolbar and it has a similar behavior, but just created another unique ID (UN20061126154548937). I should say that the uninstalling procedure of these Conduits is not bad. It removes everything included the unique ID and I didn't see any side effect. I didn't have any crash but granted I didn't use it much and I was working with an almost clean installation. i suggest to keep this thread to hash out stuff before it is posted here - http://forums.mozillazine.org/viewtopic ... 41#2655241
This way I can't edit/update the data and I didn't see any mod's opinion yet.
I don't like your rather jumpy ways zmanzero and this is like the third time I say it. I'm sorry but I won't continue in these threads either. DonGato, i can eliminate that thread in the blink of an eye. it is up to you to continue or not, i will be happy to edit it if you want to start one. months have passed, this has turned into a tea party. i like your post, i like your words. the mods have nothing to do with this. waiting for them? why? we're the one's running this thread, all of us who are sick of what amo is. if you want to crap out, go ahead. you are one of the most logical and valuable people in this discussion. you can pm me or whatever, i do not care. i will edit that thread and you can start the new one, it matters not to me. if you quit we lose a very valuable person in this endeavor. dude, mods have nothing to do with the direction of this subject. get a grip.
chris edit - i do apologize for saying this thread has become a tea party. to be frank, i'll quit this thread too. nothing is gonna change, they don't care, the site's a farce, and it's just the way it is. funny, the people in power turn a deaf ear to reality. go ahead and download those toolbars to the unsuspecting user. later. edit - DonGato, the other thread is eliminated. please continue to post on this subject, your contributions are many many more times important than mine. i'm outta here. Well, I would like to hear mod's opinion on two things:
- opening a new thread for an issue that is already being discussed in another thread (this one) - the closing of this thread to avoid duplicated discussions I don't think mods have nothing to do with this. And I also wanted some initial feedback from people as my view of some parts of the thread can be limited or wrong. Maybe including technical information is not really needed for such a post. Telling me what is missing or what should be modified in the proposed post is what I expected from community collaboration. I don't want o give Conduit supporters any basis to discredit us, so being civilized is what I think should be practiced by all people participating in the discussion. DonGato:
you made an excellent post, with which I agree entirely. I would just add 3 more issues to it. 1- these toolbars used to be called " Effective Brand toolbars " and their site http://www.effectivebrand.com/ this could help searching more info about it on the web. 2- the authors have also abused AMO by placing their toolbars in every extension category, effectively spamming the site. 3- some authors are using these toolbars to make a profit (by means of tracking usage data) at the expense of AMO hosting services. the code review is a good point. the googleadservices link is too long and it forces me to use horizontal scroll so I (and everyone else with a small screen) can read the post. perhaps some suggestions presented here to temporarily solve the problem could be mentioned: create an extension section on AMO, stop accepting new toolbars until the new AMO site is working or even removing the toolbars. of course, AMO people rejected these ideas (I guess). thanks DonGato,
Just edit your post to break that last line of code. It's messing up the whole page. Thanks. ![]() DonGato,
I would have no problem with a new topic for a summary of this. This topic is a bit difficult to wade through now. If you would also like this one locked, let me know. Added those changes and opened the new thread ( http://forums.mozillazine.org/viewtopic.php?t=500994 ).
Feedback and new information would be appreciated. Maybe the topic name should be changed. Daifne, if you think (a me) that is better to concentrate the discussion in only one thread close this one. ![]() It's up to you.
![]() That last line should be:
Daifne, if you think (as me) that is better to concentrate the discussion in only one thread close this one. So, yes I think so. Having two threads about the same discussion can only bring chaos to it. Last edited by DonGato on December 18th, 2006, 11:10 am, edited 1 time in total.
This is not entirely accurate. I had been monitoring the 'Newest Extensions' RSS Feed for months and observed incessant bumping, finally making made a complaint(/suggestion for the new version of AMO called Remora) about the SPAM-bumps on the Wiki Remora 'Idea Dump' on 18th September. I mentioned 2 toolbar extensions in particular that I observed to be updating most frequently, but there were plenty of other toolbars (note: toolbars specifically) that had been bumping unnecessarily for quite some time. 'development ignorant' -- hmm... I think you mean "Conduit offers simple template-built toolbar extensions for Firefox which can be made in a matter of minutes by anyone - no programming know-how required." See previous comment, this had been going on for months. This whole section is kinda pointless as it's inconclusive. At risk of certain users calling me an idiot again, all you proved was that Conduit toolbars identify a user's computer so they can track usage. It is still "anonymous" as they claim because other than this unique identifier, there is no information read or passed to Conduit servers that is private. Ok, so they know your IP address as well, but that is a given (as long as it is stated on their AMO page that the toolbar connects to their server -- which it seems the extension-posters are now including in their AMO extension description). Do they know your name? Your address? Your bank account #? Your income? Your SSN? Your birthdate? Anything? All they know is 'user_123' has browser abc.com/whatever.html followed by def.com/somethingelse.php and so on. This is obviously something to do with Google AdWords - I installed the Torrent Search bar to see when it comes up but after 30 mins still hadn't seen it being called in my monitoring app. If it's to do with the bar, I'd guess it's just a "hey don't forget to pay me for that click"-type thing from the bar to Google. Is that considered a 'privacy' issue? ![]() OK I'm locking this one. RenegadeX, if you want to continue, use the new topic.
Here: http://forums.mozillazine.org/viewtopic.php?t=500994 Who is onlineUsers browsing this forum: No registered users and 2 guests |
![]() |