A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security.
Naked Security reader Rob Sanders alerted us to the activities of the recently updated ShowIP add-on for the Firefox browser.
Currently over 170,000 people are said to be using ShowIP.
What the add-on’s description doesn’t say is that since version 1.3 (released on April 19th 2012) it has also sent – unencrypted – the full URL of sites visited using HTTPS, and sites viewed in Private Browsing mode, to a site called ip2info.org.
The user never realises that the data has been shared with a third-party, unless they use special tools to monitor what data is being sent from their computer.