A unknown addon in firefox addon store with 4.5+ rating.
(From, most of the comments it’s seems like this addon is suspicious and don’t have enough proof or evidence to trust it with our data. So please everyone avoid using this addon. A better one is “UBLOCK ORIGIN”).
I’m not going to tell you what to use instead, but how you make the judgement for yourself: audit the code yourself
The source code is linked right there, and you don’t need trusting someone to make the call. You’re making the call. Mind you, the actual add-on installed from Mozilla Add-Ons might contains different code then what shown in the repo. I never release any add-ons so that is just a wild guess and a hint possibility this could happen.
To give you an head start: look for URLs and any encoded strings in all files, be it Base64 or something else. And follow them to find out why there it is there, how is it triggered, etc. Same goes for encoded strings with the added question: what was encoded within.
Still, that is just the basic, and I’m not too into JavaScript but there could be other ways of hiding information, like in an image file via steganography.
@umami_wasbi @Alb087 auditing code is complicated, not everyone will know how to do that, and even the people who do can miss a lot
Yes, but we are not auditing security or cryptography implementation.
Instead, the goal is get a sense how it works, and look for suspicious codes or have if parts hidden (encoded) and doesn’t want people to know. That’s relatively way easier than a serious audit.
I think you greatly overestimate the average person’s ability to understand even the most basic code. Let alone in multiple languages.
Really? Maybe I got too used to it.