Closed Bug 1475330 Opened 6 years ago Closed 6 years ago

Blocklist SearchIncognito 6.9 Add-on

Categories

(Toolkit :: Blocklist Policy Requests, enhancement)

Product:
Toolkit
Component:
Blocklist Policy Requests
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tdowner, Assigned: TheOne)

Details

SearchIncognito 6.9 (@sdfykhhhfg) Reported to cause user's search engines to switch to https://www.safesearch.net/, https://support.mozilla.org/en-US/questions/1225539 is where the user reported this. Reason: New Tab hijack
No longer depends on: 1460331
I can't reproduce that. The add-on does set the newtab page to their own, but searches in the urlbar go to the default search provider directly (in my case google).
I may have mistyped, the user did only mention the new tab being set to their own page. Isn't that still against TOS if done without notifying the user?
Since it's an unlisted add-on, we can't know whether they notify the user on the website before trying to install it. The only reason I see for blocklisting it is because they're not using the standard-way to override the new tab page and therefore bypassing the built-in prompt. Philipp, wdyt?
Flags: needinfo?(philipp)
Yes, I think it would be acceptable to block if they are overriding the prompts.
Flags: needinfo?(philipp)
This add-on appears to be coming from malware on the user's computer. I'm considering running a Heartbeat message, targeting these users with steps to check for malware. What is the population with this add-on?
The developer has been notified, we plan to block within the next 72hrs. Extension name: SafeSearch Incognito Extension UUID: @sdfykhhhfg Extension versions to block: 5.7 - 6.9 Applications, versions, and platforms affected: All Firefox versions and platforms Block severity: (hard/soft): hard Homepage, AMO listing, other references and contact info: https://reviewers.addons.mozilla.org/en-US/reviewers/review-unlisted/safesearch-incognito18 Reasons: * Data Collection Policy violation (user data collection without user control) * No Surprises Policy violation (new tab override prompt bypass)
Assignee: nobody → awagner
Status: NEW → ASSIGNED
Can we block?
Yes, some time this week.
A user had all these add-ons installed: ProSearch - MediaTab.TV 0.916 (pro-search-unlisted@mozilla.com) SafeSearch Incognito 2.24 (@safesearchincognito) SafeSearch Incognito 5.9 (@safesearchavsext) SafeSearch Incognito 6.3 (@asdfsdfwe) SafeSearch Incognito 7.1 (@sdiosuff) Search Incognito 2.1.17 (@searchincognito) SearchAssist Incognito 0.2.1 (@searchassistincognito) SafeSearch Incognito 2.1.7 (@safesearchscoutee) (Inactive) Start 1.3 (@4aec09f1-f1c9-456d-8c40-e0e86f302a0d) (Inactive) They all seem related https://support.mozilla.org/en-US/questions/1227223
Yes, I found some similar add-ons as well, but I am waiting on the last files in bug 1478346. Until that one is resolved, this bug can't move forward.
I propose that all of the following variants of this add-on family should be hard-blocked because of * search engine hijacking, * new tab override avoiding the prompt) or * analytics without disclosure @asdfjhsdfuhw @asdfsdfwe @asdieieuss @dghfghfgh @difherk @dsfgtftgjhrdf4 @fidfueir @hjconsnfes @isdifvdkf @iweruewir @oiboijdjfj @safesearchavs @safesearchavsext @safesearchincognito @safesearchscoutee @sdfykhhhfg @sdiosuff @sdklsajd @sduixcjksd @sicognitores @simtabtest @sodiasudi @test13 @test131 @test131ver @test132 @test13s @testmptys {ac4e5b0c-13c4-4bfd-a0c3-1e73c81e8bac} {e78785c3-ec49-44d2-8aac-9ec7293f4a8f}
I'm planning on using Heartbeat to target users with these add-ons with a message warning them they may have malware on their computers, and pointing them to a SUMO article on how to check. This is a test of expanding Heartbeat's self-heal abilities, and we will just run as a limited test to measure engagement as well as track user concerns with a survey.
The blocks have been staged. Jorge, can you please review and push? Tyler, please wait for approval from Amy before pushing any Heartbeat messages, thank you!
Flags: needinfo?(jorge)
Flags: needinfo?(atsay)
Conversations on HB messages are occurring elsewhere.
Done.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(jorge)
Resolution: --- → FIXED
Flags: needinfo?(atsay)
You need to log in before you can comment on or make changes to this bug.