Information leaks by search plug-ins

If you were using the JonDoFox profile for Firefox you will find search plug-ins installed by default and search plug-ins installed by JonDoFox in the list of search engines:

search plug-ins

The search plug-ins installed by default are not very privacy-friendly and may leak information about the used browser and/or operating system. It is possible to discover the user-agent send by JonDoFox as a fake and use minor differences to discriminate between JonDonym users. Some examples of search URLs by using default installed plug-ins:

Google (Windows, Ubuntu, FreeBSD):<word>....&rls=org.mozilla:de:official....<word>....<word>....&rls=org.mozilla:en-US:unofficial....

DuckDuckGo (Ubuntu, FreeBSD):<word>&t=canonical<word>&t=freebsd

Amazon (Windows, Ubuntu, FreeBSD):<word>....&tag=firefox-de-21<word>....&tag=wwwcanoniccom-20<word>....&tag=mozilla-20

Conclusion: Do NOT use the search engines installed by default but use the JonDoFox search plug-ins. You may disable unwanted search plug-ins by "manage search engines" dialog.

manage search plugins


    No Trackbacks


Display comments as (Linear | Threaded)

    No comments

The author does not allow comments to this entry