Firefox 57 lists third-party accessibility tools that may spy on users
Mozilla plans to list all third-party accessibility tools that integrate with the Firefox web browser on about:support in Firefox 57.
The developers of the Firefox web browser plan to add a new preference to the browser's privacy settings on top of that that Firefox users may enable to prevent accessibility services from accessing the web browser.
Bug 1384567 and Bug1384672 on [email protected] highlight the reason behind the decision to list third-party accessibility tools and add the option to Firefox's privacy preferences:
We're detecting a long list of obscure and some not so obscure 3rd party Windows applications that use accessibility to snoop on user activity. We want to cut down on this by better communicating when a11y is active. This bug is about adding a new section under preferences -> privacy that displays a11y active state and provides a switch to force accessibility off.
Firefox 57: third-party accessibility tools handling
The new feature is already implemented in the most recent version of Firefox Nightly. Firefox Nightly is the cutting edge development version of the web browser.
The screenshot above shows the new option in the Firefox privacy preferences:
- Load about:preferences#privacy in the browser's address bar to display the privacy preferences of the web browser.
- Scroll down until you find "Prevent accessibility services from accessing you browser".
- Check the box to block access.
- Restart Firefox
If you run Firefox 57, you may check which third-party accessibility tools are accessing the browser, and base the decision on whether to block access or not on that.
- Load about:support in the Firefox address bar.
- Scroll down until you come to the Accessibility section. You may want to use the on-page find by tapping on F3 and searching for accessibility to jump to the section quickly.
- All third-party accessibility tools are listed under "accessibility instantiator".
This shows all executable file names that are watching the Firefox browsing activity locally.
Mozilla plans to link to a wiki page that provides additional information on third-party accessibility tools and user privacy. The page is not up yet however.
Well, I would imagine that security applications such as Malwarebytes Premium version for example would require access to Firefox in order to monitor which sites users visit in order to be effective.
However, it wouldn’t surprise me to learn that Windows 10 is keeping a close eye on everything which goes on in Firefox since that particular OS is one big spying application.
A good, privacy-conscious security application should NOT require that kind of browser access at all. There are better ways to prevent visiting malware sites, without intercepting browser HTTP(s) traffic with dubious methods (like browser extensions that lots of security software have the bad tendency to install – I’d avoid any “security” software that does this).
Stopped using ff after the last issue, not news next please!