funsec mailing list archives

Another Firefox plugin with spyware?

From: phester <funsec () armorfirewall com>
Date: Wed, 21 Apr 2010 21:22:12 -0400 (EDT)


While checking out FF plugins for twitter today, I came across the 
following comment wrt Power Twitter 1.38;

______________________________________________________________________

Cool addon, but...

ever had a look inside?

I did this morning, while trying to find out why one of the images in a 
tweet wasn't properly replaced (it just dissapeared). I found this call at 
startup:

http://powertwitter.me/req.php?agent=firefox&action=userPage&version=1.38&&sViewingUser=&sLoggedInUser=[me]&sViewingUser=&sLoggedInUser=[meagain]&ptPrefEX=off&ptPrefRM=off

That, along that half of the code is downloaded after this call. More than 
that, link replacement also happens in the network:

http://linkmapper.codingsocial.com/map.powertwitter/?action=parseLink&version=1.38&format=json&linkNumber=26&url=[someURI]

I don't know if you do, I don't like being tracked without my knowledge.

Rated 1 out of 5 stars by Ric on April 20, 2010
______________________________________________________________________


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Another Firefox plugin with spyware? phester (Apr 21)
- Re: Another Firefox plugin with spyware? robert_mcmillan (Apr 22)
- Re: Another Firefox plugin with spyware? Rich Kulawiec (Apr 22)