Feeds

Firefoxers howl as privacy add-on auto updates with 'bloatware'

Overstuffed TACO

  • alert
  • submit to reddit

Build a business case: developing custom apps

Updated Firefox users are howling that a widely-used browser add-on designed to protect them from unwanted cookie tracking has been automatically updated with what they see as overly intrusive "bloatware".

On June 14, after it was acquired by a software outfit known as Abine, a new version of the TACO behavioral-ad–blocking add-on was pushed out via Mozilla's auto-update process — which means it has received Mozilla's approval — and an army of users are complaining of a kind of privacy add-on bait-and-switch.

"Despicably evil move guys. Using the trusted update path to stealthily 'update' to a bloatware shareware suite is just evil. Now I have to completely blow away this profile and reinstall all my TRUSTED extensions," says one reviewer. "See how easy it is to lose trust. *snapofthefingers* gone."

Speaking with The Reg, Abine has defended the upgrade, saying that Mozilla asks users for their approval before downloading the new add-on and that although the add-on installs a host of new tools, any unrelated to TACO's original cookie management mission are turned off by default.

"That's why we think of it as a legitimate upgrade," co-founder and CEO Eugene Kuznetsov tells The Reg. "You need [Abine's additional cookie management tools] to maintain the level of privacy TACO gave to a year ago. Behavioral ad networks are always adding new tools and you need new tools to stop them."

A Mozilla spokeswoman said: "TACO changed owners, and the new owners changed the add-on radically. It still provides the same core functionality, but the user interface is very different and there are a large number of extra features and privacy tools. The add-on update was approved by Mozilla. It is safe for users and follows our policies set forth in our Add-on Review Process." You can peruse the process here.

Abine TACO

Abined TACO

In March of last year, after Google rolled out its interest-based advertising behavioral ad targeting operation, privacy researcher Christopher Soghoian offered up a Firefox plug-in that opted you out of not only Google's behavioral ad system, but countless others across the web. He called it the Targeted Advertising Cookie Opt-Out project — TACO, for short.

Google was offering its own opt-out plug-in, but this was limited to the company's own tracking. So Soghoian modified the code — Google had released it under an Apache 2.0 license — to handle other networks as well. At the time, TACO blocked behavioral ad cookies from twenty-seven separate networks, and this has since grown to over 100.

It was a sliver of an add-on — about 8K. But this week, it expanded to a whopping 3MB. Soghoian recently sold TACO to Abine, a software outfit based in Boston, and on Monday, Abine rolled out a new version of TACO that's bundled with a host of additional software tools designed to protect your privacy. It also adds a pair of buttons to your browser chrome, and it includes a pop-up interface that appears every time you visit a new site.

Several of the Abine tools installed with the new add-on are turned off by default, and you can turn off the pop-up interface. But dozens of users, including Reg readers and posters on the add-on's Mozilla page, are howling that they've been duped.

"What ethics of a company that take this insidious approach to push their product to the numerous Firefox users out there?" says one Reg reader. "A nearly 3Mb slow-as-treacle monster isn't quite the same thing as 8K of write-locked cookies."

This reader has now erased the add-on from his machine, accusing Mozilla of un-Jobsian behavior. "There's a lesson to be learned here. Two in fact. The first is, I bet the App Store wouldn't have let this fly <smirk> and... be careful who you trust."

But Abine is backing the beefed-up add-on, saying that although TACO 3.0 does install several other Abine tools, only tools related to cookie management are turned on by default.

TACO 3.0, for instance, automatically blocks Flash cookies and various JavaScript web bugs as well as permanently setting generic, non-personally identifiable opt-out cookies for more than 100 behavioral ad networks. It also includes myriad other tools — including a log-ins and passwords manager, a web identities manager, a safe email and phone client, a payments app for securely storing credits cards — but Abine's Kuznetsov defends the inclusion of these apps because they're not activated.

TACO 3.0 is tagged as a beta. But Kuznetsov says the beta tag only applies to the tools that are turned off by default. That said, there is a bit of a glitch in the suite's main UI. Kuznetsov had told us that with this UI, we could turn off the suite's pop-interface — which appear every time you visit a new site, describing what ad networks and cookies are in use. But on the version of the add-on we tested, this isn't the case. You can, however, turn off the pop-up interface from a "Hide this window?" link that appears on the pop-up itself.

"There are glitches in the software," Kuznetsov says. "And we apologize for that." He says that much of the add-on's 3MB is taken up by encryption tools, and that the company is "working to" reduce its size. During anecdotal testing at The Reg, the add-on does seem to slow Firefox considerably.

Abine TACO popup

Abined TACO pop-up

Kuznetsov says that he's aware of the complaints over the new TACO and that he's reached out to several users to address their concerns. On Mozilla's add-on site, the new plug-in has received more than 60 reviews and almost all involved vehement complaints. "TACO is BADWARE!" says another reviewer. "I can't think of any reason why someone should give TACO a try and am recommending that it be avoided completely. Prior version was ok; update is a deliberately malicious social engineering attack to a current version that is: Garbage. Garbage. GARBAGE!"

Some have accused the new add-on of being "spyware". But Kuznetsov says that it collects no user information, and Christopher Soghoian tells The Reg that when he sold the add-on to Abine, he received written assurances that it would not do so.

But Soghoian understands the other complaints. "People are pretty pissed about this, and they have a right to be."

Amidst the howls, one user has forked the TACO project again, offering an Abine-free version known as Beef TACO. "That shows the power of open source," Soghoian says. "If you don't like something, you can change it." ®

Update: This story has been updated with comment from Mozilla.

Boost IT visibility and business value

More from The Register

next story
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Mozilla keeps its Beard, hopes anti-gay marriage troubles are now over
Plenty on new CEO's todo list – starting with Firefox's slipping grasp
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Cloudy CoreOS Linux distro declares itself production-ready
Lightweight, container-happy Linux gets first Stable release
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.