Friday, December 15, 2017

Firefox studies, disabling along with reporting bug dumps.

Firefox has two options that should be off for full privacy.

One is to allow Firefox to send dumps to Mozilla.  I've no idea if anyone looks at this, but a dump may sweep up enough information to discern your browser history and other items, such as deciphered items which have used your private key to authenticate a site, etc.

The other one which blew up today, is to "allow Firefox to perform studies".  This was abused 12/15/2017 (though not sure what version) to load a useless extension during an update.  This is possibly harmless today (and useless crap to load if you don't use it), and potentially useful if your browser is being compromised to add something to spy on you or otherwise mess with your system.

The extension was able to be installed if you had the "Firefox Studies" checkbox selected. To prevent Firefox Studies from installing extensions on your behalf:
  • Navigate to: "about:preferences#privacy"
  • Scroll down to the "Firefox Data Collection and Use" section
  • Uncheck the "Allow Firefox to install and run studies" checkbox (and the others, if you wish)
This gets rid of the studies problem.  Also uncheck the other options there while you are at it.

No comments:

Post a Comment