Firefox is phoning home once a day
Firefox and Thunderbird are phoning home every 24 hours regardless if update notifications have been disabled in both applications.
This caused some stir yesterday when a post made the Reddit frontpage that informed users about this.
Firefox and Thunderbird are apparently contacting a Mozilla server transmitting information about the IP address, the time, the version number of the product, if any plugins or add-ons are used that are globally blocked and the total number of active users of the software.
While some users might question the reason to transmit some of the data, for example the number of active users, the reason for transmitting it is to make sure that no plugin or add-on is in use that is on the global ban list.
This list contains only five plugins and add-ons currently but it seems to be a way to prevent harm to the products if the user decides to install malicious products.
The five plugins and add-ons that are currently on the blocklist are:
- Internet Download Manager, v2.1-3.3 for Firefox 3.0a1 and newer (see bug 382356).
- Free Download Manager, v1.0-1.3.1 for Firefox 3.0a1 and newer (see bug 408445).
- Yahoo Application State Plugin, v184.108.40.206 and older for Firefox 3.0a1 and newer (see bug 419127).
- Vietnamese Language Pack, v2.0 for all applications (see bug 432406).
- npLegitCheckPlugin.dll, for Firefox 3.0a1 and newer (see bug 423592).
It is possible to disable this feature by setting the extensions.blocklist.enabled to false using the about:config dialog.
I would not disable the feature though unless you are sure what you are doing. The Mozilla team may block plugins and add-ons that are installed on your system using that option. If it is disabled this is not possible and you may end up using malicious or stability-impacting plugins and extensions.
You can check all items that are currently blocked by Mozilla globally on this page.
Update: Firefox in recent time has integrated other "phone home" features. If checks file downloads against Google's safe browsing database for example, and uses other Google services on top of it.Advertisement
>The Mozilla team may block plugins and add-ons that are installed on your system using that option.
And this is somehow a good thing? :)
Anyway, I presume disabling extensions.blocklist.enabled will prevent blocking listed plug-ins/add-ons, but not phoning home, is that correct?
The Vietnamese language pack was found to have a virus payload (see http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/).
I guess the others have similar problems.
Where’s the objectivity? Windows phone home is bad and Firefox phone home is good just because it’s not Microsoft?
They are both equally bad.
This is the sort of thing I would prefer to check manually, and I don’t appreciate Mozilla Corporation doing it automatically without asking me.
Does anyone know, if a proxy is enabled, is the real IP sent, or just the proxy IP? If it ignores the proxy settings, or sends the real IP in some other way, that would make it even scarier.