search

EFForg / privacybadgerfirefox-legacy

LEGACY Privacy Badger for Firefox SEE README
https://www.eff.org/privacybadger
Other
407 stars 68 forks source link

Badger App phones home #816

Closed sonicou closed 7 years ago

sonicou commented 8 years ago

After installing the app via the firefox add on page, I noticed that with every start of firefox there were tcp connections already started before I opened any url. Since normally there would be absolutely no traffic unless site are opened that menas badger causes this traffic, phoning home. Tested this several times and as soon as I deaktived badger the traffic stopped.

To be clear it is not relevant what this is used for, this behaviour is unacceptable.

The connections used the following ips: 52.38.97.120, 151.101.12.201

jaredhirsch commented 8 years ago

@sonicou Hi, I don't think these network requests are anything to worry about.

If you enable and open the browser toolbox, then install Privacy Badger, then look at the browser toolbox network tab, you'll see that the addon fetches some files from the EFF website. These are named cookieblocklist.txt, domain_exception_list.json, and dnt-policies.json, and contain just the sort of content you'd expect. You can examine the file contents in the browser toolbox (the 'response' tab in the right panel of the network tab), or copy and paste the URLs into your browser's address bar.

Here's a screenshot from my browser toolbox:

screen shot 2016-11-12 at 1 35 04 pm

You can also search the code for each of those file names to see how they're used. In particular, this comment and the following comment explain that those files are re-fetched daily and whenever Firefox starts up.

sonicou commented 8 years ago

I'm sure they are needed and the intent is not malicious but thats actually not the point.

Having a browser extension start a network connection every time the application is started is a very bad design choice and also leaks the information about this extension being installed to anyone listening on the network. There is no reason to do that. Having a 24 hour fetch or rather a weekly update is usually more then enought and practiced by many other apps that take privacy seriously.

jaredhirsch commented 8 years ago

Cool, it sounds like you think weekly pings would be preferable. You could submit a PR to change the ping frequency, and see what feedback you get :-)

sonicou commented 8 years ago

Great idea. Just did that. I believe this should solve the issue: #819

cooperq commented 7 years ago

Hi @sonicou I'm not convinced that checking for updates on startup presents more of a fingerprinting problem than checking for them every 24 hours. I do it on startup because some people don't consistently leave their browser open for 24 hours straight (much less a week!) and might then never receive the update.

I would consider checking for updates on startup and then again 1 week later. Or storing the update time in local storage and then only checking once per week. But I'm still not clear on how that actually limits fingerprinting. Could you clarify that for me?

Also, we have now switched to https://github.com/eff.org/privacybadger as the codebase for both firefox and chrome as of the next version of privacy badger. Would you mind posting your issue there instead? (and making any future pull requests against that repo instead?)

sonicou commented 7 years ago

It was not my intent to do the update after having the app run for 24 hours, but I assumed that this would still trigger 24 or 48 hours after the last check.

Some people open and close their browser hunderts of times a day and every time badger connects to the eff servers. That is not appropriate for a privacy app.

cooperq commented 7 years ago

@sonicou that is a fair point. I would accept a pull request that ran the check every 24 hours instead of every time the browser is started. But please make that PR against https://github.com/EFForg/privacybadger instead.

jaredhirsch commented 7 years ago

@sonicou @cooperq Hey, I might instead suggest: "if it's been 24 hours since last check, then check on startup".

There have historically been issues with Firefox users having very stale addons precisely because addon updating uses a "once per day, if FF is open" update model, and some users tend to be offline at the magic time.

jaredhirsch commented 7 years ago

hmm, or maybe, "if it's been > 24 hours since last check, check on startup, otherwise check once a day, if online". le sigh

cooperq commented 7 years ago

What I was thinking was something like (pseudocode):

on startup and once per hour do:
  if time_since_last_update >= 24_hours:
    do_update()

On 12/12/2016 11:22 AM, Jared Hirsch wrote:

@sonicou https://github.com/sonicou @cooperq https://github.com/cooperq Hey, I might instead suggest: "if it's been 24 hours since last check, then check on startup".

There have historically been issues with Firefox users having very stale addons precisely because addon updating uses a "once per day, if FF is open" update model, and some users tend to be offline at the magic time.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/EFForg/privacybadgerfirefox-legacy/issues/816#issuecomment-266525342, or mute the thread https://github.com/notifications/unsubscribe-auth/AAD91TuCgfqhh1P1_pohTbw8n6bBDhrSks5rHZ7egaJpZM4KquBk.