Great companion article here that describes how the extensions obscured their data collections: https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/
I've been trying to make a habit of only getting Firefox extensions that has the source code available. That way if I'm ever paranoid enough I can go to the repository and have a sneek peak at the...
I've been trying to make a habit of only getting Firefox extensions that has the source code available. That way if I'm ever paranoid enough I can go to the repository and have a sneek peak at the internals.
Honestly I wish it were a requirement, or at the very least given a special badge when the source code is available and/or compiled by Mozilla themselves and whatnot.
Great companion article here that describes how the extensions obscured their data collections: https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/
Another reminder for me to 1)stay away from Chrome and 2)don't use add-ons in Firefox unless I research them first.
I've been trying to make a habit of only getting Firefox extensions that has the source code available. That way if I'm ever paranoid enough I can go to the repository and have a sneek peak at the internals.
Honestly I wish it were a requirement, or at the very least given a special badge when the source code is available and/or compiled by Mozilla themselves and whatnot.
You'd also need to lock them from updating. Once you audit the source code it can change at any time.
I was under the impression that Mozilla reviews updated addons, is that not true any more?