Firefox ShowIP add-on privacy concerns

Sophos

A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security.

Naked Security reader Rob Sanders alerted us to the activities of the recently updated ShowIP add-on for the Firefox browser.

Currently over 170,000 people are said to be using ShowIP.

What the add-on’s description doesn’t say is that since version 1.3 (released on April 19th 2012) it has also sent – unencrypted – the full URL of sites visited using HTTPS, and sites viewed in Private Browsing mode, to a site called ip2info.org.

The user never realises that the data has been shared with a third-party, unless they use special tools to monitor what data is being sent from their computer.

http://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-add-on/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>