funsec mailing list archives
Re: FlashGot Firefox plugin, now spyware
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 16 Feb 2010 19:14:06 +0200
On 2/16/10 6:29 PM, Reed Loden wrote:
On Tue, 16 Feb 2010 11:47:48 +0200 Gadi Evron<ge () linuxbox org> wrote:Just to make sure we have the same terminology, as a friend of mine disagrees: 1. It adds content to web pages I visit (so far just Google) by suggesting tweaked searches, possibly (unconfirmed) by sending data about my searches, which would make it spyware. 2. When I click these suggested better searches for what I was looking, it sends me off to a different search engine, which I define as adware.Thanks for the information. I can confirm that the latest version of FlashGot does include code that adds "search refinements" via "Surf Canyon" to all Google, Bing, and Yahoo! search result pages. This new "feature" was added in the most recent version of FlashGot (v1.2.1.13), is enabled by default, and can be disabled by modifying the "flashgot.surfcanyon" preference in about:config to "false". As far as I can find, the only place where this change is mentioned is a one-line entry on http://flashgot.net/changelog. I can't speak for our AMO admins, but I'll definitely be following-up with them to see what our current policies are concerning such things and whether this change/addition violates any of those policies. Thanks again for the report.
If it isn't, we can always shame FlashGot. This may not be covered by current policies, but as we have seen time and time again, legalities often come following new technologies rather than legal systems expecting them. And when abuse policies are tough, offenders find ways around them. By letter of the law or not, this *Feels* wrong. So I am hopeful Mozilla will do something about it. However, I can't really blame them if they can't. I am unsure that an AUP *anywhere* currently covers that "apps" can provide only with features users agree to, or that they should need to notify of a major change in functionality. It's certainly a very interesting question. The good old comp.virus FAQ defines a Trojan horse as functionality which if the user knew what it did, he or she wouldn't be happy about it. In reverse, this fits quite well. Let's see what happens. Thank you very much for taking a look at this. Gadi.
~reed Mozilla Security Group _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- FlashGot Firefox plugin, now spyware Gadi Evron (Feb 15)
- Re: FlashGot Firefox plugin, now spyware Reed Loden (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Gadi Evron (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Reed Loden (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Gadi Evron (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Reed Loden (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Gadi Evron (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Daniel Veditz (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Gadi Evron (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Gadi Evron (Feb 16)
- Re: FlashGot Firefox plugin, now spyware Reed Loden (Feb 16)