*sigh*
"two thousand zero zero party over,
Oops out of time..."
Is it 2000 yet?
P.
Information security man Clint Ruoho has detailed server-side vulnerabilities in the popular Pocket add-on bundled with Firefox that may have allowed user reading lists to be populated with malicious links. The since-patched holes were disclosed July 25 and fixed August 17 after a series of botched patches, and gave attackers …
"... the popular Pocket add-on bundled with Firefox"
I have to take exception to calling Pocket a "bundled add-on", because it's actually baked into Firefox and can not be removed, even though one can remove it from the toolbar. But that only hides it; it's still there.
And how popular is it, actually? Aside from the circumstance that every Firefox installation is burdened with this crap, how many people actually use it?
Yes, every word of that missive needs scare quotes: "Popular" "add-on" "bundled" "with". Suggested listening as one reads those words would naturally be the "cha-ching" so favoured by capitalists for "every" occasion.
And yet, I still use it. Firefox that is. If only it were as it was. Sigh.
I had one user that installed pocket themselves, the result was not good.
It tended to send multiple requests like "User XYZ is looking at this site now, just in case he decides to save it" seemed just like the tracking Facebook uses with its "like" links in the form "Like link please for user XYZ, currently browsing site ABC" its all just tracking users.
I haven't seen that sort of traffic from a default Firefox install but I was not happy to see the stuff included.
It might be that they need to monetise all browsing, if not right now, later.
Thanks for the hint.
It's easy to search for pocket (search box at the top of the page) to get at the other relevant settings
I also found that if you set
browser.toolbarbuttons.introduced.pocket-button
to false, then the toolbar button is not displayed.
To really put a stake thru its heart, I also nulled the string in
browser.pocket.enabledLocales
and set
browser.pocket.userLocaleList
to false.
"Pocket" is truly the last straw for me, in a seemingly endless string of bad changes that firefox has made in the past year or so.
So i've uninstalled Firefox from my computer for the first time in more than 10 years, and I won't be going back.
I'm not the biggest fan of Opera, but at least they're moving forward, instead of constantly mucking things up like firefox has been.