According to the reports by Mike Kuketz, an independent security blogger from Germany and uBlock Origin, an add-on named “Web Security” has been caught collecting users’ browsing history.
The add-on’s description says that it is meant for protecting users from malware, tampered websites or phishing sites that are a threat to your data. Interestingly, the Web Security browser has 222,746 installations till date, and one of the reasons behind such a large number of users using is the fact that it was mentioned by Mozilla on their official blog last week in a list of recommended add-ons for security and privacy.
Raymond Hill from uBlock Origin unearthed that the blocker is behaving strangely and when the extension is installed, with every loaded page there is a POST to https://126.96.36.199. He said, “The posted data is garbled, maybe someone will have the time to investigate further.”
Soon after this discovery by Hill, Kuketz added a post on his blog about the same extension pointing to the same strange behavior of the add-on. A user on Kuketz’s blog decoded the garbled data and found that the add-on was collecting users’ browsing history and sending it to a German server.
Although it is normal for an add-on meant for keeping for users safe from phishing websites to check the visited URLs and record the URLs, the Web Security addon in question was collecting more than just URLs.
The decoded data revealed that the add-on was tagging each user with a unique ID and recording their browsing patterns and was recording how users went from an “oldUrl” to “newUrl.” According to the Mozilla’s guidelines for extensions, no extension must make a log of users’ browsing history.
Mozilla has removed the add-on from their official blog post but has not banned it yet. Usually, after any such discovery, the engineers from Mozilla perform several tests to analyze the wrongdoings of the extension in question before putting a ban on it. The Web Security add-on is expected to be removed from the Mozilla extension store soon.