Firefox installs extensions on your devices to collect data without your knowledge ... again

Start

Not so long ago, I got a Nokia 8110 phone, which prompted me to start using WebIDE to experiment with KaiOS. Today I went to the debug page in extensions, and there:



... 2 not-requested guests appeared - fxmonitor@mozilla.org.xpi and telemetry-coverage-bug1487578@mozilla.org .

How so? After all, I remember exactly that I turned off telemetry in the Firefox settings on purpose, have I really cleared the profile and forgot to turn it off?



No, everything is off. Moreover, in the list of add-ons with other add-ons, including Mozilla’s ADB Bridge, nothing is displayed.

Search

The first thing I went to ask was that it could be on Reddit , where I received a response from one of the Mozilla employees that this behavior is the norm , and not data collection and telemetry at all. Judging by the Mozilla blog , these 2 extensions are installed without your knowledge to find out if telemetry is allowed and send this data to Mozilla servers, where they could handle it.

déjà vu

After reading the answer from Mozilla, I felt that I had already seen something like this somewhere. And not only in Windows 10.

A similar situation has already happened once, when Mozilla, without the knowledge of users, installed the “LookingGlass” addon for everyone, asking users if they would like to join the test. Despite the fact that this extension did not start working on its own and was waiting for the consent of the user, it caused a stormy negative reaction, in particular due to the ability of Mozilla to install add-ons on users ’browsers without demand.

At that time, an official apology was published:

We're sorry for the confusion and for letting down members of our community. While there was no intention or mechanism to collect or share your data or private information and The Looking Glass was an opt-in and user activated promotion, we should have given users the choice to install this add-on.

“We apologize for the confusion and for letting the members of our community down.” Despite the fact that we had no intention or mechanism for collecting or exchanging your information and Looking Glass was an optional and user-activated action, we had to provide users with the opportunity to install this add-on themselves.

Judging by what happened, there is reason to doubt how sincere the apology from Mozilla was, although this time it was true, there was no talk of any opt-in.

Conclusion

Anyone who wants to check the availability of the probe in their browser should go to the Debug addons page with about: addons, because the add-ons are hidden by default, you can only verify their availability by knowing where to look for them.

User trust is a rather important resource for each company, especially if the company considers itself a champion in the privacy of its users.