digg

Facebook Connect Join Digg About

Gmail Analyzes your Firefox Plugins

cogmios.nl If you want to use Firebug, Google has something to say about it.

Who dugg this? Made popular Nov 10, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

51 Comments

show profanity settings
expand all
  • t3soro, on 11/13/2007, -1/+44It's really not a big deal... Firebug makes Gmail slow, and most likely the warning comes from client side scripting (javascript) instead of server side. There's obviously something about Firebug that makes it not too difficult to detect its presence. Nothing to worry about here.
  • BevansDesign, on 11/13/2007, -2/+41Yet another reason to use Internet Explorer.

    Just kidding! Just kidding!
  • poonaka, on 11/13/2007, -0/+28I'd be more worried about them analyzing my email...
  • luchid, on 11/13/2007, -1/+21Don't you ever kid with that! Hundreds of thousands of web developers die due to migraines caused by IE.
  • zeptobyte, on 11/13/2007, -0/+13RememberTheMilk has a similar warning, also about Firebug. The code RTM uses to detect it is:

    if (!cookie_exists && "console" in window && "firebug" in window.console && window.console.firebug.indexOf("1.0") > -1)

    So it checks for the console object, and checks if firebug is in the console, and checks if it's version 1.0. Big deal. And the !cookie_exists checks whether they've already warned you this week.
  • spicytuna, on 11/13/2007, -0/+12I'm guessing that it detects firefox and then checks if the object console exists. Not a big deal at all.

    You can put your tinfoil hats away.
  • corevette, on 11/13/2007, -0/+11Firebug is the only extensions it analyzes....
  • Blafhert, on 11/13/2007, -0/+10If it's only a client-side script the information could still be sent to the server. I'm hoping this is possible due to Firebug and not due to a standard 'feature' in Firefox Addons because that would give Google and other sites yet another great way to mine data from its users.
  • ikamos, on 11/11/2007, -1/+11not something to worry about...
  • aliguana, on 11/13/2007, -0/+10i think he was being sarcastic
  • xerowhite, on 11/13/2007, -4/+14how do you think it knows what ads to put on the page?
  • Kickboy, on 11/13/2007, -0/+9You can't "scan" extensions. Firefox won't just hand out a list of extensions a person is using, that's now how it works. Firebug can be detected because it probably sets a specific JS variable designed for this very purpose. Not all extensions can be detected through this method, in fact only a small fraction of extensions have support for this. So you can't easily use this technique to spy on "competitor's extensions".

    Plus, I noticed this feature like 3 weeks ago.

    "Maybe there is a workaround to turn it off for gmail specifically?"

    You can easily disable firebug for only mail.gmail.com, in fact that help page the article linked to tells you how.
  • Audacitor, on 11/13/2007, -1/+9Well, for a time those Block Firefox nuts were able to detect AdBlock until the developer put some cloaking code on it. In any case, I don't mind google knowing what addons I have. It's when other companies decide to start snooping. Then I'll start making serious use of User Agent Switcher.
  • latova, on 11/13/2007, -1/+9Lets hope it is. There's a few anal webmasters out there who have some personal vendetta against adblock for firefox that are going to investigate this.
  • Blafhert, on 11/13/2007, -0/+8I've found this on the subject, which shows that it can be done with a lot of add-ons: 'In tracking down the chrome element, I realized that it too has a similar issue to Internet Explorer where items can be mapped if they are registered. Specifically, images of all things. Now the naming convention isn’t standard, so you can’t just write one that works for everything but I took the time to map out each of the ones I could find so you wouldn’t have to dig.'
    From: http://ha.ckers.org/blog/20060823/detecting-firefo ...
  • edelwater, on 11/13/2007, -0/+7Still I havent seen this yet before popping up except for the "guard your privacy sites" where the list of your used plugins is shown...
  • mmazing, on 11/13/2007, -0/+7I think gmail's warning is actually helpful. The fact that they saw an extension that was causing some problems for people, researched and added a notice to their site, shows a lot more than most other websites out there. I do use firebug, and after seeing the notice, all I had to do was disable it for gmail.com, easy enough. Go google!
  • EnderMB, on 11/13/2007, -0/+7I smell Bias!

    All it checks for is Firebug, and all it says is to disable it when using Gmail. No biggie'
  • ridd1e, on 11/13/2007, -0/+6You totally don't understand that Firebug extends DOM by adding "console" object to "window" object. Google checks it:
    if (typeof window.console != 'undefined') and knows if you use it or not. So please stop making conspiracy.
  • aazn, on 11/13/2007, -0/+4wrong, that'll be like "variable console undefined, syntax error"

    if(typeof console != "undefined") {
    // firebug installed
    }
  • BlogCruiser, on 11/13/2007, -0/+4It is crazy how much people do not realize what can be found out about you just by surfing on the internet. There is a lot of communication going on behind that code. It would not work if there wasn't and when people find out some times it does make them nervous. I wonder how many people realize that anything that was in your clipboard last can be seen by each website if they are looking for it? Technology can be great but scary too.
  • dupswapdrop, on 11/11/2007, -0/+3The server encountered an internal error or misconfiguration and was unable to complete your request. Wow now thats good.
  • Phlosten, on 11/13/2007, -0/+3..and why do you think I avoid using Google for any kind of data storage?

    I love Google and what they have contributed to the world, but there is no way I am letting their scripts index my mail.
  • Firehed, on 11/13/2007, -0/+3What are you on about? This just uses a bit of javascript trickery in order to guess whether Firebug is installed. If you're paranoid about it, disable Javascript. Then all they get to see is your IP address and a few other random bits of header information (most of which are required for the internet to work), and I'm sure you could block most of that or replace it with something else if you're so inclined.

    More importantly, a site's owner would have to go out of his way to code in datamining stuff that you mention being possible. It's not like clipboard history just starts showing up in server logs.
  • smek2, on 11/13/2007, -0/+2Really? How do you know?
  • MeatBiProduct, on 11/13/2007, -2/+4if (console != undefined) {
    alert('firebug installed');
    }
  • nalgae, on 11/13/2007, -0/+2I don't have firebug installed. It gave me that message anyway.
    Though I do have the web developer extension. Hmm.
  • fatas, on 11/13/2007, -0/+2Don't forget the Milk also checks for Firebug too.
  • PlancksCnst, on 11/13/2007, -1/+3Seriously; that's no joke. You wouldn't laugh about calling a black man a slave. You wouldn't suggest starting another holocaust. Don't joke about switching to IE.
  • luchid, on 11/13/2007, -0/+2Yup, but like Audacitor above me said, the adblock dev added a cloaking system to it.
  • MeatBiProduct, on 11/13/2007, -0/+2Wrong again d'z nutz on yah chin
  • MeatBiProduct, on 11/13/2007, -0/+2It sets up a lot of javascript objects, hooks, etc. - its a js debugger.
  • kday, on 11/13/2007, -0/+2Wrong again. Not a good way to check if firebug exists. Try this instead.

    javascript:if (typeof(console) != 'undefined') if (console.firebug) alert ('firebug enabled');
  • rYno, on 11/11/2007, -0/+1yeah I got the warning tonight... it's not that big of a deal - seems like they're just analyzing firebug
  • the1wraith, on 11/12/2007, -3/+4*yawn* not even a new thing
  • edelwater, on 11/10/2007, -0/+1Apart from detecting JS variables there are other methods. I noticed in my website logs that I could see my company's extension being installed as part of the browser string. Somehow it added something to it. Maybe there are other methods.
  • alchemista, on 11/11/2007, -0/+1Website is dead
  • Agret, on 11/13/2007, -0/+1lol nice sarcasm digg++
  • inactive, on 11/11/2007, -0/+1Yup, the website is down. Probably a bad case of Digg-ititis.
  • Zerocool898, on 12/31/2007, -0/+0Not true, it looks at Greasemonkey and other plugins too. Any plugin that uses Javascript programing.
  • mikesum32, on 11/13/2007, -2/+1It works right through TOR. That's with Java Script turned on though.
  • edelwater, on 11/12/2007, -3/+1It's not a conspiracy. There's nothing wrong with doing it I think. I understand the DOM, I understand the technical part, although I don't know the complete http://www.devguru.com/technologies/javascript/ by heart anymore, that was some years ago. When I wrote this I was thinking of the moment that I detected persons from my own IT company because they showed up in my (private) webserver logs with (i thought) was the voice extension which the user can choose to install in firefox when visiting the "global who is who" application (it speaks your name, handy for global usage, dont know why they made it a firefox extension). When I saw this message in gmail I was thinking that this was the second time I encountered this and wrote this. Someone picked it up and submitted it to DIGG meaning my webserver is down haha. I do admit the title of the blogposting is a newspaper headline though, it's part of the click me in the thousands of RSS feed lines and can be seen as a conspiracy tactic haha. But technically seen I now at least that I can detect plugins from either my webserver logs (at least people from my own company who have installed the voice plugin) and, as I now know more often used DOM. Anyway the information in this DIGG comments list was usefull to fiddle around some more with detecting plugins. Is there a site somewhere that gives you a list of detectable installed plugins?
  • .Steven, on 11/11/2007, -6/+4http://www.duggmirror.com
  • inactive, on 11/12/2007, -3/+1But it's not causing any trouble. On or off it's the same.
  • Jukey, on 11/12/2007, -4/+2there's a firefox plugin that customizes gmail...i'm assuming this is the same idea?

    no big deal...dug for lameness
  • malkir, on 11/12/2007, -3/+1edited.
  • eean, on 11/12/2007, -3/+1When I installed Firebug it was off by default, and you had to whitelist sites to enable. That makes sense.
  • edelwater, on 11/13/2007, -5/+1Hey... handy thanks, I'm going to implement this in my blog.
  • unoriginal, on 11/11/2007, -6/+1http://duggmirror.com
  • CJChesterson, on 11/12/2007, -7/+2The above message just showed up in my gmail.

    Holy cow! my Google gmail is checking my installed Firefox plugins….uh… scary! (Then again Google probably knows already everything about me including the hidden Johari window parts).

    But… pretty pro-active of a web application, absolutely, thumbs up. It gave me this advice (disabling the Net feature), which I can’t do because I use it pretty often. Maybe there is a workaround to turn it off for gmail specifically?

    I wonder how many websites will start displaying messages like these based on installed plugins starting … now.

    The reason this is somewhat more scary for some than for others is depending on the plugins a user has installed. If you have a plugin specifically created by your company and you surf to a website of e.g. a customer or the competition it could be used for all kinds of interesting things.

    I do realize that this information is already used but when it just pops up in your face it has a whammo in-your-face effect!

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.