[opensuse] Firefox phones home/Google
Hi list. Just when I wanted to debug a web problem, I saw tcpdump showing Firefox making silent requests to Google. (wtf at this point!) To reproduce: Open a random webpage (preferably one that does not reference external content, e.g. http://jengelh.hopto.org/ ; local files don't trigger it) 14:23:03.581788 IP 10.10.106.161.50386 > 134.76.10.66.3128: P 1:691(690) ack 1 win 5840 E....a@.@... j..L B...8"..%.g..P.......GET http://sb.google.com/safebrowsing/update?client=navclient-auto-ffox2.0.0.2pre&mozver=1.8.1.2pre-2006102300&version=goog-white-domain:1:19,goog-white-url:1:371,goog-black-url:1:8400,goog-black-enchash:1:17514 HTTP/1.1 Host: sb.google.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: UTF-8,* Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: PREF=ID=b81b7fa78ae17cf1:TM=1168225067:LM=1168225067:S=xIIiZGyQbydqdfSG Can I _please_ get information why there's spyware like this in Firefox? Added by SUSE? (I don't have the Google Toolbar installed, which, in itself, already transmits data unwanted, leading to congestion on modem lines.) Jan -- ft: http://freshmeat.net/p/chaostables/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 31 January 2007 08:26, Jan Engelhardt wrote:
Hi list.
Just when I wanted to debug a web problem, I saw tcpdump showing Firefox making silent requests to Google. (wtf at this point!) To reproduce: Open a random webpage (preferably one that does not reference external content, e.g. http://jengelh.hopto.org/ ; local files don't trigger it)
14:23:03.581788 IP 10.10.106.161.50386 > 134.76.10.66.3128: P 1:691(690) ack 1 win 5840 E....a@.@...
j..L B...8"..%.g..P.......GET http://sb.google.com/safebrowsing/update?client=navclient-auto-ffox2.0.0.2p
^^^^^^^^^^^^^^^' Do you have the website checker on? The one that looks for fake sites? Nick -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 31 Jan 2007 08:30:27 -0500, Nick Zentena
* Charles R. Buchanan
Also does he have the googletoolbar installed? That phones home all the time. I
You DID read his original post? <quote> (I don't have the Google Toolbar installed, which, in itself, already transmits data unwanted, leading to congestion on modem lines.) </quote> -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 31 Jan 2007 10:34:59 -0500, Patrick Shanahan
Jan Engelhardt wrote:
B...8"..%.g..P.......GET http://sb.google.com/safebrowsing/update?client=navclient-auto-ffox2.0.0.2pre&mozver=1.8.1.2pre-2006102300&version=goog-white-domain:1:19,goog-white-url:1:371,goog-black-url:1:8400,goog-black-enchash:1:17514 HTTP/1.1 Host: sb.google.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2pre)
Can I _please_ get information why there's spyware like this in Firefox?
Looks like you have enabled the phishing protection using external blacklists like Google. If you don't have it might be a bug.
Added by SUSE?
Why would you think that? SUSE is not getting money from Google while the Mozilla Corporation does. (What doesn't mean that's the reason for the option) Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, Jan 31, 2007 at 02:26:16PM +0100, Jan Engelhardt wrote:
Hi list.
Just when I wanted to debug a web problem, I saw tcpdump showing Firefox making silent requests to Google. (wtf at this point!) To reproduce: Open a random webpage (preferably one that does not reference external content, e.g. http://jengelh.hopto.org/ ; local files don't trigger it)
14:23:03.581788 IP 10.10.106.161.50386 > 134.76.10.66.3128: P 1:691(690) ack 1 win 5840 E....a@.@...
j..L B...8"..%.g..P.......GET http://sb.google.com/safebrowsing/update?client=navclient-auto-ffox2.0.0.2pre&mozver=1.8.1.2pre-2006102300&version=goog-white-domain:1:19,goog-white-url:1:371,goog-black-url:1:8400,goog-black-enchash:1:17514 HTTP/1.1 Host: sb.google.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: UTF-8,* Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: PREF=ID=b81b7fa78ae17cf1:TM=1168225067:LM=1168225067:S=xIIiZGyQbydqdfSG
Can I _please_ get information why there's spyware like this in Firefox? Added by SUSE?
(I don't have the Google Toolbar installed, which, in itself, already transmits data unwanted, leading to congestion on modem lines.)
We did not add this code. I suspect the anti phishing filter or similar. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 31-01-2007 at 15:26, Jan Engelhardt
wrote: Hi list. Just when I wanted to debug a web problem, I saw tcpdump showing Firefox making silent requests to Google. (wtf at this point!) To reproduce: Open a random webpage (preferably one that does not reference external content, e.g. http://jengelh.hopto.org/ ; local files don't trigger it)
Jan, Maybe you could have a look at this site: http://www.google.com/tools/firefox/safebrowsing/ The link it requested there is the Web Forgery Protection. Dominique Oh: I don't think SUSE did add this link... it's a known feature of FireFox 2, isn't it? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Jan 31 2007 14:50, Dominique Leuenberger wrote:
On 31-01-2007 at 15:26, Jan Engelhardt
wrote: Hi list. Just when I wanted to debug a web problem, I saw tcpdump showing Firefox making silent requests to Google. (wtf at this point!) To reproduce: Open a random webpage (preferably one that does not reference external content, e.g. http://jengelh.hopto.org/ ; local files don't trigger it)
Maybe you could have a look at this site: http://www.google.com/tools/firefox/safebrowsing/ The link it requested there is the Web Forgery Protection.
Ah thanks for the info. (And I don't run Google Toolbar, it phones home even more often and for modem users, I have seen it congesting their line.) Jan -- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Jan Engelhardt wrote:
j..L B...8"..%.g..P.......GET http://sb.google.com/safebrowsing/update?client=navclient-auto-ffox2.0.0.2pre&mozver=1.8.1.2pre-2006102300&version=goog-white-domain:1:19,goog-white-url:1:371,goog-black-url:1:8400,goog-black-enchash:1:17514 HTTP/1.1 Host: sb.google.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2pre) Gecko/20061023 SUSE/2.0.0.1-0.1 Firefox/2.0.0.2pre Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: UTF-8,* Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: PREF=ID=b81b7fa78ae17cf1:TM=1168225067:LM=1168225067:S=xIIiZGyQbydqdfSG
Can I _please_ get information why there's spyware like this in Firefox?
I just checked mine, and no such thing happening here. I suspect it is your phishing filter. That is your configuration item. BTW, mine is turned on but set to check using a downloaded list of suspected sites. What is yours set to. I noticed Google is the default choice if set to Check by asking <download list> about each site I visit. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, 2007-01-31 at 14:26 +0100, Jan Engelhardt wrote:
Hi list.
Just when I wanted to debug a web problem, I saw tcpdump showing Firefox making silent requests to Google. (wtf at this point!) To reproduce: Open a random webpage (preferably one that does not reference external content, e.g. http://jengelh.hopto.org/ ; local files don't trigger it)
Can I _please_ get information why there's spyware like this in Firefox? Added by SUSE?
Assuming you are running Firefox 2, you almost certainly have the anti-phishing filter turned on. Go to Edit->Preferences->Security and see if the checkbox labeled "Tell me if the site I'm visiting is a suspected forgery" is checked. If so, you have the anti-phishing filter turned on. There are two ways to have Firefox check for phishing sites. You'll notice two radio buttons. One is labeled "Check using a downloaded list of suspected sites" and the other says "Check by asking Google about each site I visit." If you select the first option, Firefox will regularly (I think once a week though I could be wrong) and automatically a file of suspected sites from Google. For every site you visit it will check that site against the local file that it downloaded. If you select the second option, Firefox will check every site you visit by sending the site URL to Google for comparison with the online file they have. The first option is faster but the information on phishing sites might not be as up-to-date as the second option. Rick -- Rick's Law: What cannot be imagined will be accomplished by a fool. PGP Key Id: 9E1125E0
participants (9)
-
Charles R. Buchanan
-
Dominique Leuenberger
-
Jan Engelhardt
-
Joe Morris (NTM)
-
Marcus Meissner
-
Nick Zentena
-
Patrick Shanahan
-
Rick Friedman
-
Wolfgang Rosenauer