Jump to content


Photo

Upcoming Firefox 57 Gets New Protection Against Apps That Snoop on Users

Firefox 57

  • You cannot start a new topic
  • Please log in to reply
3 replies to this topic

#1 ranchhand

ranchhand

    Moderator

  • Moderators
  • 1,423 posts
  • LocationMidwest

Posted 30 August 2017 - 04:53 PM

Mozilla engineers say that recently they've discovered apps abusing Firefox's accessibility (a11y) feature to access and collect user data stored inside Firefox.

"We're detecting a long list of obscure and some not so obscure 3rd party Windows applications that use accessibility to snoop on user activity," explains Jim Mathies, Software Engineering Manager for Mozilla.

"We want to cut down on this by better communicating when [accessibility] is active," Mathies added. "This bug is about adding a new section under preferences -> privacy that displays a11y active state and provides a switch to force accessibility off."

In addition, Mozilla engineers have also added a new section in the Firefox "about:support" page called "Accessibility." If access to Firefox accessibility is enabled, this section will list all apps currently using the feature.

This will allow users to detect rogue apps that use Firefox's accessibility feature to spy on users and surreptitiously collect telemetry data.

 

Link


Fishing Fanatic - gimme a fishing rod, point me North and turn me loose.


#2 Angoid

Angoid

    Administeriosis Extremus

  • Administrators
  • 1,567 posts
  • LocationEast Midlands, UK

Posted 31 August 2017 - 09:34 AM

With Firefox, none of your add-ons will work soon anyway unless they've been rewritten:
 
https://www.bleeping...y-three-months/
 
(that's three months as of August 14th 2017)
 

On November 14 Mozilla will take the biggest gamble in its long history when the organization will ship Firefox 57, the first version of its browser that will stop supporting legacy Firefox add-ons.
 
This means that starting with Firefox 57 the browser will support only new add-ons written on top of the newer WebExtensions SDK.
 
All legacy Firefox add-ons written on the old XUL-based Add-Ons SDK will stop working.

 
I was checking in my Firefox a few days ago, and TBH I don't use extensions very much.  I'm very careful and finnicky about what I add to any browser.  But I did notice that they were all marked as "Legacy."
 
I've learned that, in computing, the word "legacy" usually means "disowned", "abandoned" and "manufacturer won't touch with a barge-pole."

If you don't know what eschatology is then don't worry; it's not the end of the world.
Please do not send uninvited PMs requesting support; post into the appropriate forum instead and we'll all learn. See our Private messaging policy.


#3 ranchhand

ranchhand

    Moderator

  • Moderators
  • 1,423 posts
  • LocationMidwest

Posted 31 August 2017 - 02:13 PM

Wow!  You're right! One of the things I liked about FF is the ability to add safety features that protect. I see that NoScript, Self-Destructing Cookies, No Google Analytics, and U-Block Origin are marked as "Legacy".

Ok, so what now? Are we back to risking Java infections again and tracker cookies?

Fortunately, Privacy Badger is not marked (for now, anyway).

So....does that mean there are no extension, or that the authors will have to update their products to integrate with the new FF version?


Fishing Fanatic - gimme a fishing rod, point me North and turn me loose.


#4 Angoid

Angoid

    Administeriosis Extremus

  • Administrators
  • 1,567 posts
  • LocationEast Midlands, UK

Posted 01 September 2017 - 08:18 AM

I think I read that only some 19% of extensions have been rewritten using the newer technology to date.
However, not sure what they are.

You can bet your bottom dollar that the malicious actors are already rewriting their garbage in the new technology and pulling FF to bits with a view to bypassing the new data collection snoopology.

Let's hope the good guys get there first.

If you don't know what eschatology is then don't worry; it's not the end of the world.
Please do not send uninvited PMs requesting support; post into the appropriate forum instead and we'll all learn. See our Private messaging policy.