Firefox is phoning home once a day

Martin Brinkmann
Jun 26, 2008
Updated • Feb 8, 2015
Firefox, Firefox add-ons
|
6

Firefox and Thunderbird are phoning home every 24 hours regardless if update notifications have been disabled in both applications.

This caused some stir yesterday when a post made the Reddit frontpage that informed users about this.

Firefox and Thunderbird are apparently contacting a Mozilla server transmitting information about the IP address, the time, the version number of the product, if any plugins or add-ons are used that are globally blocked and the total number of active users of the software.

While some users might question the reason to transmit some of the data, for example the number of active users, the reason for transmitting it is to make sure that no plugin or add-on is in use that is on the global ban list.

This list contains only five plugins and add-ons currently but it seems to be a way to prevent harm to the products if the user decides to install malicious products.

The five plugins and add-ons that are currently on the blocklist are:

  • Internet Download Manager, v2.1-3.3 for Firefox 3.0a1 and newer (see bug 382356).
  • Free Download Manager, v1.0-1.3.1 for Firefox 3.0a1 and newer (see bug 408445).
  • Yahoo Application State Plugin, v1.0.0.5 and older for Firefox 3.0a1 and newer (see bug 419127).
  • Vietnamese Language Pack, v2.0 for all applications (see bug 432406).
  • npLegitCheckPlugin.dll, for Firefox 3.0a1 and newer (see bug 423592).

It is possible to disable this feature by setting the extensions.blocklist.enabled to false using the about:config dialog.

I would not disable the feature though unless you are sure what you are doing. The Mozilla team may block plugins and add-ons that are installed on your system using that option. If it is disabled this is not possible and you may end up using malicious or stability-impacting plugins and extensions.

You can check all items that are currently blocked by Mozilla globally on this page.

Update: Firefox in recent time has integrated other "phone home" features. If checks file downloads against Google's safe browsing database for example, and uses other Google services on top of it.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Privacy Concerned Person said on August 2, 2008 at 11:16 pm
    Reply

    This is the sort of thing I would prefer to check manually, and I don’t appreciate Mozilla Corporation doing it automatically without asking me.

    Does anyone know, if a proxy is enabled, is the real IP sent, or just the proxy IP? If it ignores the proxy settings, or sends the real IP in some other way, that would make it even scarier.

  2. Blf said on July 2, 2008 at 4:33 pm
    Reply

    Where’s the objectivity? Windows phone home is bad and Firefox phone home is good just because it’s not Microsoft?

    They are both equally bad.

  3. andymurd said on June 27, 2008 at 6:21 pm
    Reply

    The Vietnamese language pack was found to have a virus payload (see http://blog.mozilla.com/security/2008/05/07/compromised-file-in-vietnamese-language-pack-for-firefox-2/).

    I guess the others have similar problems.

  4. Transcontinental said on June 27, 2008 at 11:26 am
    Reply

    Anyway, I presume disabling extensions.blocklist.enabled will prevent blocking listed plug-ins/add-ons, but not phoning home, is that correct?

  5. Rarst said on June 27, 2008 at 6:09 am
    Reply

    >The Mozilla team may block plugins and add-ons that are installed on your system using that option.

    And this is somehow a good thing? :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.