Mozilla-endorsed security plug-in accused of tracking users
Web Security says there's nothing nefarious to its URL collection
A security plug-in for the Firefox browser is under fire after users discovered it was collecting and uploading their online activity.
The outcry began after Mozilla featured the Web Security extension on its blog with a post titled "Make Your Firefox Browser a Privacy Superpower." The plug-in, developed by German company Creative Software Solutions, bills itself as a tool for blocking malicious pages and phishing sites.
Chrome, Firefox pull very unstylish Stylish invasive browser pluginREAD MORE
It also, allegedly, logs what web pages the user visits. Shortly after the post went up, uBlock Origin developer Raymond Hill noticed that the plug-in was gathering and transmitting the address of visited websites to a server in Germany.
Word got back to Mozilla, and the org moved to strike the link to Web Security from its blog and investigate the matter.
"We’ve received concerns from the community about the Web Security extension, and are currently investigating those concerns," a Mozilla spokesperson told The Register.
"The reference to the extension has been removed from the blog post as part of the investigative process."
El Reg reached out to Creative Software Solutions, whose managing director Fabian Simon says that the collection of browsing information is only done to check a site against Web Security's global blacklist.
"This is a necessary step to assure the functionality of the add-on and has nothing to do with tracking the users browser behavior, thus these reports only showed a part of how the add-on works to protect the user," Simon explained.
"We take privacy very important and do not use this server communication for tracking the users browsing history."
Simon says he company does not know why Mozilla pulled the link to Web Security, but Creative plans to submit an updated version the extension for review, to prove that everything is on the level.
"I am sure that if they look into the issue they will see that this is a normal and necessary behavior," he said. ®
Sponsored: Becoming a Pragmatic Security Leader