A popular Firefox add-on named Ant Video Downloader and Player has been said to track every single website a user visits and sends the information back to its developer without the user’s knowledge. The tracking is said to happen even when private browsing mode is tuned on or when users are using anonymous services such as Tor.
A web application developer, Simon Newton was in the midst of diagnosing his own app when he launched a packet sniffer and found out that information about every single HTTP request he made was being sent out to a server at rpc.ant.com. After doing more investigating he realized that the packets sent to the server could be easily traced back to his computer as the unique ID of his computer wasn’t changed even after he uninstalled the add-on and reinstalled it. He discovered that the only way to get rid of the tracking ID was to revert Firefox to its original settings and to reinstall the Ant Video add-on.
This means that whatever website he visited could be easily traced back to his computer. Fortunately he wasn’t doing anything he shouldn’t have been doing, but as for the 7 million other users that downloaded the add-on, who’s to say that it won’t come back to haunt them in the future or be used as blackmail?
It is uncertain if this tracking issue is caused by a bug or was deliberately placed in the add-on. Newton contacted the developer of Ant Video Player through but still has yet to receive a reply from them. So for now, if you have the Ant Video Downloader and Player add-on and you’re worried about your browsing history being tracked, it would probably be in your best interest to purge your unique identifier and get rid of the extension until things get solved.
With over 5,000 add-ons available on the Firefox website, it’s no surprise that if one such add-on managed to slip through Mozilla’s watchful eye, there are bound to be others that do the same thing as well. Find out more at Simon Newton’s blog.