A high-rated Firefox extension with more than 7 million downloads secretly collects data about every website the open-source browser visits and combines it with uniquely traceable information tied to the user, an independent security researcher said. The undisclosed behavior of the Ant Video Downloader and Player add-on takes …
Reality Check Network?
The same RCN who gave all their server logs to the FBI last October after a server hosting bittorrent trackers got hacked? Wonder if a "dun-dun-dunnnnn" is indicated.
In fact, with my tin-foil hat off for a minute, it's pretty obvious what this is. The ant.com page about their downloader mentions as a feature "Integrated Traffic Rank indicator for all the sites you visit", and this is very obviously a request-and-reply for the rank of El Reg. You come 4086th. They're presumably mining the data to help build up their search engine's traffic rankings database or something like that.
however, if you google...
Type "ant video downloader" into google, however, and all looks hunky-dory ... nice ant.com site with "Download Now" buttons aplenty.
The only safe browsing is with a machine you completely wipe and then re-install after every session.... hmmm... wonder if virtualbox could be useful here! :)
Or you could just use sandboxie...
"The only safe browsing is with a machine you completely wipe and then re-install after every session.... hmmm... wonder if virtualbox could be useful here! :)"
or maybe dont install the extension?
you could use a liveCD...
People using an extension to download videos which weren't intended to be downloaded, and they have the nerve to complain about THEIR rights being violated? I've got as much sympathy as for torrenters who complain that their downloads are full of viruses.
The extension appears to have been removed from the Mozilla site now, anyway.
Tell me, when you view a streaming video are you downloading or not? When you load up youtube on your mob and then go on the tube how do you think the video is still playing? Obviously the video is meant to be watched or it would not be freely available on youtube..
""We've looked into the Ant Video Player and found that it does send information about websites users visit in order to power its ranking feature displayed for each website, and also includes a unique identifier in this communication," the spokeswoman wrote in an email. "While this does not violate our policies.... "
Well what the fuck WOULD "violate your policies"?
Mozilla. Google. Apple. Microsoft. Adobe. Etcetera etcetera. Spot the biz you can trust.
That would be Etcetera etcetera.
Wow That Sucks
The only good thing is that Firefox is the only browser you might be able to escape tracking.(If you set it up right)(maybe). Every other browser you have a 100% chance of being tracked. Its crazy and while not all tracking is malicious, it still can fall into bad hands. IMO This year this tracking/advertising thing is going to blow up even more then it already has. I hope it gets to the point where some companies have to rethink their business plans before banking on tracking /advertising to bring in the money. If you do some research you will find how this concept of "personalized advertising" has been heavily invested in over the past 3 years so they are banking on this being here to stay. The problem is going to be when they have a way of tracking even when you think they can't. Its kind of hard to tell when you use phones and browsers made by an advertising company..
You can escape tracking with any browser - just run it in a virtual machine that you blow away after each session. VMware player is free (-beer) as is any Linux-based browser application (containing Firefox, Chrome, Opera, ...). If it's IE you are after, MS probably expects you to pay for a second copy of Windows even if it's running inside your first copy.
What's hard is if you want to save state between sessions, but only state you approve of, and not the state that the rest of the world inflicts on you.
The title is required, and must contain letters and/or digits.
Well, at least Mozilla wasted no time removing this addon. Though I wonder how an addon like this could have been reviewed and approved by Mozilla without them noticing this.
>I wonder how an addon like this could have been reviewed and approved
These things are sneaky, as are quite a few applications. They don't start to connect to base until a few days have passed or they've been started a few times. The developers who write these apps are well aware that people monitor network traffic when installing a new product so put in delays for this reason.
Mozilla did NOT remove it. I have just been to the add-on site, and stopped a download that was very wiling to take place. OK I did not try the current version, but an older one. I think our intrepid reporter just hit a speed-bump on the internet and presumed that it was the end of the highway.
Just for the elimination of doubt: Downloads of the add-on are still available.
Suppose that this same app could be embedded as a payload for other apps...
Then, with the same delay, surretitious installation could simply be PUSHED to unsuspecting users who are not of the programmer savviness. If this stuff can be slipstreamed along wth an approved install, and somehow circumvents security checks (again, I'm not a programmer, but i ASSUME this is technically possible, probably having been performed against targets who are wary about their connect times and sites they visit...), then ANYbody who connects is at risk when downloading very large apps that will eclipse the footprint of such an intrusive app.
I still use firefox, but don't trust it after it came to light that a version of ietab contained spyware.
it was reported again and again, but was still up for download about a year later.
Who do ant thinke they are?
i love firefox ,but my default browser is avant browser . firefox is really good ,however,avant browser is better than FF.its very low memory usage,very easy to customize(such disable javascipt,activex...),being able to block ads and pop-ups,by the way,i found that firefox 4.0 didn't release memory thoroughly when i use some time,it's boring...
Ah, proper Spyware.
I wonder if they've done a deal yet with the official spies in the US?
I bet a few people have a nice little log sitting on the ANT server of all their porn viewing history, done while in private browser mode! :)
On the download page on the ant site it says;
"The ant.com add-on for Firefox can be downloaded from Mozilla's site. The source code is systematically reviewed by an independant Mozilla contributor before it is given to the public. It is the same process for every add-on. So you know our add-on is 100% safe. "
What a totally bunch of misleading scammers.
If you're with Vodafone
this is approximately what their network is doing to you.
Every URL you visit is being harvested, and divulged to Bluecoat in California.
Your consent is not sought, and you cannot 'opt in' (or out).
And Vodafone don't pay UK TAX
2 good reasons not to use them
they probably make a large contribution to Conservative Central, so they get to have some rewards ?
It's available again https://addons.mozilla.org/en-US/firefox/addon/video-downloader-player/
I've offered a 'review' explaining all of this information. I doubt that it will be published.
Certainly not for me. Although I doubt I could make use of it. It seems a huge privacy price to pay for some meaningless traffic ranking.
Did you just throw Tor in there to look technical ? How the hell is a web browser meant to know you're running either an outbound port redirect, or that the proxy you told it to use is going to forward over Tor ?
In short, wtf.
I think the idea was to highlight that using TOR to browse anonymously would not help in this situation as all of your browsing history would still be logged by Ant Video.
The site you visited, such as youtube, wouldn't have access to your IP address as it would appear as the TOR exit node, but the fact you went to youtube, along with the date, time and your real IP, would still be sent to the addon makers.
From the context...
From the context it was mentioned in, I think the point was that, the Ant.com identifier would persist even if you switch your browser to use Tor (or private browsing), thus linking your "private" browsing to your IP address. This kind of thing is why I always recommend using completely separate browser for anything you really care about keeping private.
The title is required, and must contain letters and/or digits.
"behavior ... takes place ... when the Firefox private browsing mode is turned on or when [using] Tor"
My point is: well, yes, *of course* because that's not the problem Tor solves. So why mention Tor ? Tor *could not help* here, as you say ! if you are using Tor, you should already know this. Right ? Right ?
Tor Browser Bundle
Tor Browser Bundle has no add-ons, except Tor button & https-everywhere, last I checked when you start it up.
So what you say makes no sense.
Unless you install this add-on specifically inside the browser bundle.
just block the ant.whatever address.
Yet another trash company secretly spying
Tracking gits! Glad I don't use there secret tracking software disguised as something else! Hopefully people will trash their secret spy tracking software.
Scary that it was only detected
because it makes zero effort to cover its tracks. It would have been easy to mildly encrypt the page url and the unique identifier (possibly by compressing them) and there would be nothing readable to see.
Smartscreen built into IE does somthing similar
It' s on by default in IE8 and IE9 and there must be millions of people still using it.
When you use SmartScreen Filter to check websites automatically or manually, the address of the website you are visiting will be sent to Microsoft, together with standard computer information and the SmartScreen Filter version number. To help protect your privacy, the information sent to Microsoft is encrypted. Information that may be associated with the address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com and entered "Seattle" as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent.
Address strings might unintentionally contain personal information, but this information, like the other information sent, is not used to identify, contact, or target advertising to you. In addition, Microsoft filters address strings to try to remove personal information where possible. When you use Internet Explorer to download a program, SmartScreen Filter will send the information above, along with information about the downloaded program, such as a file identifier (a “hash”), results from installed antivirus tools, and the program’s digital certificate information, if available.
Periodically, information about your usage of SmartScreen Filter will also be sent to Microsoft, such as the time and total number of websites browsed since an address was sent to Microsoft for analysis. Some information about files that you download from the web, such as name and file path, may also be sent to Microsoft. Some website addresses that are sent to Microsoft may be stored along with additional information, including web browser version, operating system version, SmartScreen Filter version, the browser language, the referring webpage, and information about whether Compatibility View was enabled for the website.
A unique identifier generated by Internet Explorer is also sent. The unique identifier is a randomly generated number that does not contain any personal information and is not used to identify you. This information, along with the information described above, is only used to analyze performance and improve the quality of our products and services.
"This addon is secure : it was verified by Norton Safe Web and McAfee's Site Advisor . It contains no malware. "
Phew. That's all right then.
Time to update my blocked list...
...so nothing ever connects to their servers from home or work.
Server: thin 1.2.7 codename No Hup
Would that be like Hup Two Three Fo'?
We all have to get used to this
The commercial value of usage data is enormous. So the spooks can easily piggy back on that. Expect lots more pf the same.
Sounds like TACO all over again
Although this is slightly different, whereas TACO used to be trusted and slim, then got bought out and turned into bloatware. The way they got it past Mozilla that time was to have one of the Firefox add-on's board members in their back pocket.
I wouldn't be surprised if something similar happened here.
Checkout the DivX WebPlayer ActiveX Control for IE. Tries to connect to DivX's servers every page load, leaks tracking info though the headers, and doesn't use SSL, so one gets annoying mixed-content (secure/insecure) warnings on https sites. I think it might be beta.
It does more...
it's sending "heartbeat" notifications, install/uninstall etc.
Also, UUID is stored in extensions.antrankservice.uuid
Your privacy matters to us
We have addressed these comments and questions regarding our privacy policies on our website: http://www.ant.com/note_about_privacy
Hello Ant.com team,
I like to think that many of us can accept a bit of tracking with good grace as long as the motives are relatively benign, and my surface impression is that that's true of your ranking feature. I also applaud that you offer an opt-out. However, it's a different story if you have failed to be up-front about behaviour like this, as people have to know the opt-out is necessary in order to use it!
As stated in our "Note about privacy", we are currently working on the necessary improvements to both our add-on and our website to make privacy-relevant options very clear to our users. Those changes should roll-out "soon" (tm).
How can we combat this?
I don't know much about web security, but if the location where the UUD is stored (extensions.antrankservice.uuid) is known, then might it be easy enough to write a "scrambler" code that finds and randomly regenerates a new UUD every time the browser sends a HTTP request?
Well for those of a certain age...
"Why Don't You turn of your TV set, go outside and go do something less boring instead!"
( Jesus, I feel old now! )
How can we combat this? ...Answer
Tools/Add Ons... Uninstall.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Find email DIFFICULT? Print this article out and give it to someone 'techy'
- Back to the ... drawing board: 'Hoverboard' will disappoint Marty McFly wannabes
- Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date