Bug#575039: safebrowsing is enabled by default and sending data without my consent
Holger Levsen
holger at layer-acht.org
Mon Mar 22 22:45:59 UTC 2010
package: iceweasel
Hi,
I've just used a freshly installed Debian lenny system for the first time and
noticed that it accesses safebrowsing.clients.google.com without me doing
anything, just after I started iceweasel.
In http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518357#20 I can read that
iceweasel-3.5.5/browser/app/profile/firefox.js has
pref("browser.safebrowsing.malware.enabled", true);
followed by an URL (which makes the current configuration useless...)
But still, this is not even documented in README.Debian, probably because it's
an upstream "feature" anyway.
But I still wonder what other "services" like this are enabled (I can check
the configuration files but hardly the source..) and whether thats a sensible
default at all. I do realise that packaging that extension seperatly (and
then probably making it a recommends...) is a lot of work for only a few
peoples gain, but I thought I bring it up anyway.
IMO an application sending data over the network to an arbitrary third-party
is buggy by design and this should be at least documented somewhere. Now it's
in the BTS ;)
Thank you for maintaining iceweasel!
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20100322/b0184977/attachment.pgp>
More information about the pkg-mozilla-maintainers
mailing list