The fundamental dilemma in privacy is the same as for security and Ken Thompson nailed it thirty years ago.[1] You have to trust somebody.
If I didn't trust the folks at Mozilla and Ghostery and NoScript more than Google, I'd run Chrome and leave JavaScript and Cookies on by default. If I trusted Facebook and LinkedIn more, I'd stay logged in. I don't so I don't.
What exactly is the problem here? If you care about security, use the TBB, each session is still unique because private browsing. If you really care and use tails or whonix, this still won't de-anonymize you. If you aren't doing that, any website you visit gets your ip.
I'm trying to figure out what attack model you'd have a reasonable basis to think you were protected against, except for the fact that these plugins "phone" home. If you're using a setup in which that matters, you've already lost.
By default, combinations like Firefox+SafeBrowsing+Ghostery+Adblock make an uninformed user (or informed users who prefers convenience) safer against a given adversary: advertising agencies, trackers, malicious sites. They do not protect you from the government, and they won't protect you from Google. To reach this level of protection and user-friendliness, they rely on automated updates, and the use of metrics to improve the software.
If your thread model is different, and your adversary includes Google or the government, there are solutions too like TBB. But you will give up on the convenience that (drumroll) companies like Google provide.
TBB offers a speedy and modern browsing experience. I use it for everything, and wouldn't hesitate to recommend it. You can watch Youtube videos, download large files, and browse most websites without a hitch.
You could sign up for G+ over Tor and get most of the purported benefits of being tracked by Google without tying your browsing activity to your real name or IP.
Doesn't Google now require a phone verification to sign up, thus tying everything to a real id? And you don't get Cloudflare bs all the time on tor?
And have you ever compared speed on downloading large files, or latency? It's bad enough to make me only use it when really needed and not everyday usage.
Off topic disclaimer!
Whonix is a funny name in British English, as to nick something is to steal it. So the name sounds like "who steals?" It's either appropriate for the application, or wildly inappropriate, depending on your personal interpretation.
So what would the author prefer? That security sensitive software doesn't check for updates? WHAT COULD POSSIBLY GO WRONG.
Somewhat later there is this remark:
Why are these add-ons? Why are they not designed-in and built-in to the browser?
Well, this is actually built-into Firefox Nightly. It's called Tracking Protection...and it updates its lists using the exact same SafeBrowsing the original author whines about.
It's hard to take these people seriously, which is bad, because privacy is a serious problem. Not worthy to be left over to whiners that offer no solutions.
> Not worthy to be left over to whiners that offer no solutions.
This is not a fair criticism. I can tell someone, "Hey dude, your house is on fire" without having to offer them either a bucket of water or a new house.
This type of argument is frequently used to forestall any criticism whatsoever. Bad supervisors often say things like, "don't give me complaints without also giving me a solution."
It's sloppy thinking, and rejects valuable feedback.
> Bad supervisors often say things like, "don't give me complaints without also giving me a solution."
This is true, but bad employees often say "Hey this sucks" without providing any constructive reasoning, and expecting someone else to fix a problem that you've seen but they haven't usually results in a lousy fix.
Sure, it's not their job to fix it, but if you come to me and say 'our art pipeline sucks, it's too inefficient' and then walk away, I literally have nothing at all to work on.
> Bad supervisors often say things like, "don't give me complaints without also giving me a solution."
That might be a bad supervisor if they say it to unskilled labor; to professional/analytical staff, the expectation that a problem report to management include a recommended course of action to address the problem is not unreasonable. In fact, since those are the kind of staff that would be called on to propose action to resolve a problem even if someone else reported it, its simply a case of issuing the follow-up assignment in advance to eliminate an inefficient delay step.
What's wrong with telling one's boss, "Hey, I think we have a problem here that you should be aware of"? It sounds like these PHBs are drilling their PHs into the sand...
In some circumstances that attitude is valuable. When it comes to oversubscribed workers noticing something that doesn't seem right, it could save the company a lot in long run.
Sometimes you don't have the time to find solutions, because you're working on your own stuff.
I couldn't disagree more strongly. There IS a solution. There are even multiple ones. The critics are pointing out that a particular one they focus one isn't perfect on their arbitrary metrics, and so they claim it isn't good.
"I dislike it that the user-friendly software I use (as opposed to TBB) phones home to check for updates and track metrics" isn't valuable feedback. It's stating the obvious without proper qualification. It's ignoring the trade-offs that are obvious. It's not constructive.
You're the person complaining to the fire brigade because they made your house wet.
Really, your post is the kind of thing that must sit framed in every Internet Troll cave. Because that sure is everybodies favorite internet hobby: complain loudly about everything, offer no solutions, and then whine even harder when the authors that are working to make things better (sometimes for free) quit in disgust.
And the entitlement in the replies, you cannot be serious. Yes, you're all entitled to whine, I'm sorry, point out flaws, all day on the internet. Congrats.
He isn't saying their isn't a solution... he's saying that you don't have to offer a problem AND a solution at the same time.
He's right: There shouldn't be an "All or Nothing" mentality.
There are times and places where a problem shouldn't be mentioned without a solution...
There are also times and places where bring up a problem is itself important enough to warrant a talk WITHOUT a solution.
Ignoring the fact that both extremes exist is a larger part of problem in having any kind of constructive conversation these days. "If you don't agree with me 100%, you're an idiot, a troll and your mom should be shot" type of attitude is a troll in of itself and a major problem blocking any kind of conversation on a multitude of topics.
Why can't the problem be discussed without forcing the conversation down the "this is the solution..." path?
It seems that the authors tone is not "whiny," but maybe that was my interpretation. He is raising a serious concern: tools that people think are keeping them safe/anonymous are actually not 100% anonymous. I think this is always important to consider. Most of us on HN are technical, and we are already aware of (even worse) privacy "violations" than those described in the article. Nonetheless, most people who use the internet are not aware of this and it will be important to keep the layman informed for his/her own sake and for the future of the net.
The problem is that this trade-off isn't properly explained or qualified in the original posts.
Do you think I'm doing the uninformed public a favor if I go around yelling:
"Vaccines frequently cause fever, pain around the injection site, and muscle aches. In rare cases, much more severe side effects can result from vaccination."?
I agree. The tradeoff was not properly explained or qualified.
<offtopic>
In regards to vaccinations, I think the uninformed public should be provided with all information possible, including scientific evidence of the utility of vaccination and potential, albeit rare, side-effects of vaccination.
</offtopic>
Deliberately depriving people of information is not ethical.
> Deliberately depriving people of information is not ethical.
Misleading people is unethical. Providing incomplete information is misleading.
80% of Americans say they want labels on food warning if they contain DNA[0]. Not because people fear DNA, but because when you ask, that signals that DNA is potentially bad. Actually providing such a label is also a signal that DNA is bad.
Labeling food with "Warning: contains DNA" is unethical because it misleads people into thinking that's bad.
Adding a label saying "DNA-free" is unethical because it's false, unless you're selling salt. (And probably also misleading: https://xkcd.com/641/ )
But failing to provide such a label? Not misleading, and not unethical.
If someone asks "does X phone home, does Y contain DNA", you should answer honestly, but you should probably also provide explain the pros/cons. Granted, unless you planted the idea in their heads, that's not your responsibility, but if you publish an article saying "Food X contains DNA!" or "Plugin Y phones home!" you _are_ responsible for the resulting fear, and should qualify the information with an honest evaluation of what that means.
Did you know that dihydrogen monoxide was responsible for at least 368,000 deaths[1] worldwide in 2013? In the USA it's the second leading cause of death for children under 12 years old. Surely you'd want to know if a product had dihydrogen monoxide in it.
I'd say you've hit the nail squarely on the head here.
As an (amusingly directly relevant to the side-discussion) example, in a college English course I took we had a group project and presentation in which we had to take a position on an issue. Despite it being dangerous territory, my group dove directly into the vaccine debate. After beginning our research (note that this was prior to the major cited paper(s) on the issue being retracted) we decided that we would work very carefully, within the guidelines of the project, to advocate that any and all possible links should be researched farther. Technically this position was not a great fit for the directions we had been given, but we wanted to be very careful to say "this might be an issue and should be investigated in more detail" rather than "this is a problem and we fix it with [x]."
TL;DR: Taking the hard line is often a bad call, but calling for something to be looked into (with cause) is often wise. If you read the newsgroup post to the end, this is exactly what the author does, albeit with some important context to the issue omitted.
While true, that's more a problem of the person hearing the truth versus the person sharing the truth.
Since I can already see the objection to saying that, I don't necessary think it's always fair to blame someone for hearing the truth and not comprehending it.
These addons are installed from the Mozilla addons website and Firefox can check automatically for addon updates.
Complaining that software is phoning home is perfectly legitimate. It should ask for consent and at a minimum tell users what information is gathered and for which purposes it is used.
Huh? How is that a non-denial denial? The question is "How do I know that's all you collect?" and the answer is "You can verify it yourself by examining the source code."
The Tracking Protection feature is available in Firefox 36, the current release channel version. It is not exposed in the preferences UI yet, but you can flip the "privacy.trackingprotection.enabled" about:config pref. To verify that Tracking Protection is working, visit cnn.com or nytimes.com and look for the shield icon in the address bar. On my laptop, cnn.com takes 18 seconds to load without tracking protection and 4 seconds with it. If you find a website that is broken by Tracking Protection, please file a bug on Bugzilla in the "Core :: DOM: Security" component. You can click the shield icon to disable Tracking Protection for individual websites.
Will Tracking Protection be enabled by default? I don't know. Mozilla must walk a narrow line between protecting user privacy and angering publishers such that they block Firefox users.
(I work for Mozilla, but not on the Tracking Protection project.)
>Mozilla must walk a narrow line between protecting user privacy and angering publishers such that they block Firefox users. //
Is there any precedent for that, it sounds impossible, that publishers would block one of the major browser brands like this; wouldn't it just mean people would use UA switchers?
The only reason FF wouldn't want to serve it users like this, that I can see, is so as not to annoy those they're in commercial relationships with like the company they forced the browser toolbar button on to everyone's Firefox to get sponsorship from.
> Is there any precedent for that, it sounds impossible, that publishers would block one of the major browser brands like this; wouldn't it just mean people would use UA switchers?
Some websites already detect ad blocker extensions and instruct users to disable them. If Firefox Tracking Protection was enable by default, it's possible publishers might do the same for Firefox users. Another precedent, though different circumstances, was when OkCupid asked its Firefox users to switch to Chrome or IE to protest Brendan Eich's appointment to Mozilla CEO.
Probably less than 1% of Firefox users know what a User-Agent string is. The path of least resistance, and the one likely suggested by the content sites, would be to switch to Chrome or IE. Even if Firefox users changed their User-Agent strings, websites could still detect whether a user is using tracking protection or ad blockers (by requesting known-blocked URLs to see if they are blocked).
> The only reason FF wouldn't want to serve it users like this, that I can see, is so as not to annoy those they're in commercial relationships with like the company they forced the browser toolbar button on to everyone's Firefox to get sponsorship from.
>Some websites already detect ad blocker extensions and instruct users to disable them. //
Indeed but ad blocking and user tracking are different orders of need for the advertisers. Advertisers still want access to FF users even if they can't track them. Currently with browser fingerprinting "don't track" is probably just another high-value data point to make the fingerprinting more successful.
>Probably less than 1% of Firefox users know what a User-Agent string is. //
How many people who've watched a ripped DVD know about DVDCSS. Firefox could just go the IE route and spoof by default (alright they don't quite spoof, just jam everyone else's UA strings in to their own). I see no reason that browser fingerprint spoofing (to coin a phrase) can't be as democratised as adblocking. How many adblock users know how it works?
>Which toolbar button is that?
"Hello" button that kept re-appearing had Telefonica's name with it; perhaps FF didn't view that as advertising but I imagine the market rate for "we'll put a button that links to your name in the browser of every Firefox user and when they remove it we'll put it right back" has got to be in the 10s of millions of USD.
> So what would the author prefer? That security sensitive software doesn't check for updates?
Considering that we normally use the OS's distribution channels (repositories for *nix, markets for windows/os x), it's completely useless for me that any software calls home to check for updates. My OS handles this already.
I am OK with people pointing out things that are/could be wrong without offering a solution. There are usually more solutions to a problem than we need, so why muddy the waters.
Check out Iridium Browser. We try hard to build a Chromium which does not phone home (to Google). It's work in progress but completely open and transparent.
function recordInstall() {
if (utils.prefs('install_recorded')) { return; }
sendReq('install');
}
So the if statement that the OP highlights does not actually phone every time it is called like the OP claims, but only on the first install. The message that the add-on sends to ghostery.com includes the Ghostrank preference, the version of Ghostery, the OS, and the Firefox version (Android or desktop). That said, it does appear that the add-on phones home on each upgrade, and I don't see anything in the Ghostery Privacy Policy about this (it only discusses GhostRank).
Yes, its an ongoing issue that people are increasingly unable to read simple if statements. The world has been plagued with academics attempting to analyze the simplest of statements without success. This is what led us to form the "Leave No Academic Behind" (LNAB) group. To inform academics in the err of their ways and show them the path to success.
There have been increase in tin-foil theories about these scripts even when the source is available and very easy to read through. It honestly blows my mind.
Several popular Firefox privacy/security add-ons have become much worse in the last year. BlockSite added ads and full tracking of user browsing. (That one is really bad.) AdBlock Plus added a "whitelist" of ads they let through. (The advertisers pay AdBlock)
Firefox itself reports installed add-ons to Mozilla AMO each day for tracking and update purposes. Add-ons don't need to check for updates themselves.
AdBlock Plus is published under a GPLv3 license, so it is open source even if it doesn't have your preferred default settings. AdBlock Edge is a fork of AdBlock Plus that just disables the acceptable ads preference.
Personally, I don't use AdBlock Plus, but I think it is silly to criticize it for allowing some ads. Even in the first version it had a preference for allowing Google text ads -- the developers have always presented it as a tool for blocking annoying ads, not as a means for blocking all ads. That said, it is very easy to subscribe to another filter list in AdBlock Plus that blocks all ads.
It's not in the source code, but instead in a subscription that ABP uses by default (it remembers if you unchecked "Allow some non-intrusive advertising" so it doesn't re-enable this list on every update): https://adblockplus.org/en/acceptable-ads
I don't know if disconnect.me is an exact alternative to AdBlock since I have never used AdBlock, but I like what it's doing and it's open source.
https://disconnect.me/opensource
Adblock Edge is a fork of Adblock Plus without the whitelisted ads, although I don't really see the point as the whitelist can be disabled from a simple checkbox in settings.
It's faster, on less resources, does what Adblock and Ghostery does, and is so far void of any dubious business model.
Back on topic, I believe the author points out things that you need to be aware of, especially if you use tor. They made the Tor Browser for a reason. Use it!
Last I heard the person controlling the repo was doing funny stuff like removing the info of the creators and there was some dispute over control. Any idea what's up?
More accurately it was about importing code changes manually without attribution, thus forfeiting authorship info in the commits. I believe it's all resolved now. The person is a kid (to me), I had no idea, so when I learned this I see this differently now, he was just being misguided. I originally thought I was dealing with a fully grown adult, so I did not hold back on the criticism. My own mistake was to not consider I was maybe dealing with such a young person.
Possibly a naive question: Wouldn't hosts entries block this? i.e. informaction.com 127.0.0.1, etc.
If so, then one would only comment out the entries when specifically after updates, otherwise they run as-is, and no phone home problem.
Although this depends on a browser using the host system's specified DNS: I seem to have caught Chrome ignoring my entries in favor of Goggle's DNS (on Linux) whilst doing web design for a client. :(
Thanks for the reference, I had never run into APK as a meme/topic.
As to the HOSTS question, I am currently working through Terpstra's SAMBA-3 By Example, and after spending enough time on small business networks chasing down odd stuff every time a Microsoft Small Business Server goes down (runs its own DNS and DHCP servers for the LANs in question), I am beginning to consider static mapping some of these smaller networks for better resiliency, which seems to be a frequent consideration of that author.
I apologize for the naivete, but I did specifically label my comment as such, and my question was an honest one with a simplistic security model in mind, when it comes to specific outside resources that may be untrustworthy.
edit: And that search for APK derived my answer at pineight.com, so again, thanks.
>Ghostery is supported by Ghostrank, our 100% opt-in feature that collects information about the trackers you see and the sites on which you see them. Our parent company, Evidon, packages that information and sells it back to sites who use it for privacy, performance, and security audits; and also ad tech companies who use it for competitive intelligence about each other.
>That information is totally anonymous - it's all intelligence about the tracking industry, none about our users. And Ghostery works exactly the same whether you choose to share that with us or not.
But at that point, what exactly is it phoning home about? If it's still sharing the data you explicitly refused to share, then that's one thing. If it's simply asking home if there's an update, then that's something totally different.
Firefox is managing extension updates already. As an app developer, you don't need to know this data.
As a security surface, you really don't want this data in real-time. It makes you a target.
I presume the problem is that Firefox isn't sharing this install/update data with the extension developers. So, they're trying to collect it themselves.
Getting updates published on the Firefox add-on site takes a few weeks [1], and as I understand it (haven't needed to do it myself recently) queuing a new version bumps you all the way to the back of the line. If the add-on needs to update non-code things (such as what sites to block) on a shorter time frame having its own service is pretty necessary.
See also the various lists adblock plus / uBlock / lightbeam use. Or for that matter the safe browsing lists Mozilla uses instead of shipping it in a new version of the app.
(I still don't use Ghostery because their relationship with the advertising industry freaks me out, but that doesn't mean I have to be critical of them about the list updates.)
So, you are saying that every single extension in existence uses Mozilla's update feature and doesn't have an internal system for updating? Because it seems to me I've seen a few that seem to update themselves with no involvement of the add-on panel of Firefox.
How else is one supposed to react to this other than with cynicism? This is the nature of going on the Internet, you will be tracked whether you like it or not. No one is anonymous. The Internet, while being one of the greatest inventions by mankind, has succumbed like all the others to the maladies of greed. Unless some billionaire Elon Musk-esque figure funds a private service to actually not, really, no-for-real track you, it won't happen. Personal incentives motivate people, and until this hypothetical billionaire sees an incentive other than profit, it's not happening.
> How else is one supposed to react to this other than with cynicism?
How about empowerment instead of cynicism?
Maybe it's possible to build browsers and advertising and mobile devices that don't relentlessly erode privacy. I work at Mozilla to help build that tech. I firmly believe the dystopian corporate future isn't the only option.
I respect the work you do and mozilla does many great things - however, when I start freshly installed firefox (on ubuntu), I have already a google cookie set. Why?
> Maybe it's possible to build browsers and advertising and mobile devices that don't relentlessly erode privacy.
That's nice a nice sentiment. I'd be less skeptical if Firefox didn't change my default search engine behind my back. (After updating Android from 31 to 36.)
If you changed the defaults, it was kept. If you never set a search engine, the shipped default was changed (and clearly mentioned as such in the release notes not to mention all over the press, so saying "behind my back" is quite funny).
Then he can switch it after having read the release notes pointing it out? The behind the back part was unwarranted, so the only thing that's remaining really is "I preferred the previous default" which doesn't quite jive with the "I'm skeptical regarding privacy" complaint that was made.
Then that's just bad design. If there was a possibility of them switching out the pre-determined defaults then the default choices should have been asked of the user from the beginning.
But then, it's hard to make money that way so I can understand why they wouldn't do that.
EDIT: you edited, but I agree the "behind the back" isn't quite right.
There's default settings, and then there's "default" settings. I think of Debian's debconf and how there are different levels of prompts when installing a package.
A good compromise would be to ask on use. The first time someone searches say "What service do you want to complete this with?" and have Yahoo/Yandex pre-selected. Then never ask again.
The never asking again is the key part. IE's setup dialog is a problem because it's either answer a bunch of annoying questions now or answer a bunch of annoying questions later. It should be a choice of setup now or don't bother me again (unless I activate the setup wizard myself).
I don't think I stated they should ask for every single setting in the app. Exaggerating to support your claim is not the way to go.
But, considering we're discussing a rather popular and commonly used feature that is front-facing in the browser; yes, they should ask up front which search engine provider you would prefer to use. Especially if they plan for the likelihood to change the default, which may be a user's preferred choice.
Also, since they were receiving money from Google to have it be the default search engine and they switched to Yahoo because they got another/better deal; it is about the money.
EDIT: another thought, if the choice provided has a high bounce rate then obviously it would just go with a determined default in that case. Hopefully it wouldn't prevent them from using the app because they declined to set preferences on first run. If they chose not to set the preference and the default later changes, then it's on them.
Internet Explorer 8 used to do this on first run - that is, prompting you to confirm your default search provider and whatnot. [1]
It sucked, because most people would open IE, expect the browser, instead get this dialog instead of the browser, and just click the "ask me later" button each time, thereby loading the browser with defaults. And then of course, it comes up again the next time you start the browser.
Back in my technician days, I dealt with a lot of tickets about this. Even a cursory glance at the window explains what it is and what it does, and it only takes like three clicks to finish the process and then never deal with it again. Most people didn't care, they just wanted the damn window out of their way so they could open the browser and do their job, so they select the option that leads to the lest friction - go away and ask me later.
The point being, what you suggest is not an improvement of the user experience. The number of people so invested in the default search engine that they make value judgments about what comes set by default is much lower than the people who would be annoyed by a prompt to set it.
Average users don't freaking read their screens. If they did, frontline tech support people would be nearly out of a job.
I'm not sure about the latest version since I rarely use it, but I'm fairly sure that feature existed beyond IE8. But that feature existed for those very people that complained about it, because they were also the types to complain about some setting or another that wasn't doing what they expected even though the browser asked for them to make that setting. It's you either get complaints at the beginning or the end. You will always, always have a percentage of people who not only don't understand how things work, they'll go out of their way to avoid learning how it works. You can't avoid that. The prompt is for people who may actually want to know how the software they are using actually works.
But hey, everybody has their opinion on the matter. I, for one, feel that if the app is going to have settings with defaults then the developers shouldn't be changing them at random times changing the experience of the user without prompting them. But if they are, then the user should be prompted at the beginning with an explanation that "hey! we may change this setting later so this is to make you aware of it" so that they can choose their own default that hopefully should never be changed again. My advocating for the prompt in the beginning isn't because I think it's a good idea, it's because I think changing settings that a user has been operating under without their consent is a bad idea. This is my proposed solution to what I feel is a bad idea.
I woke up one day (after clicking update) to find my default search engine set to Yahoo and ads in my new tab page. You can mention it all you want in the release notes, but users don't expect nor want those kinds of things to change.
The only thing more behind-the-back than that is Chrome yanking Java (well, NPAPI) with no warning in Update 42
I had it set to DDG prior. After upgrade it was Yahoo.
I know that Hanlon's Razor tells me to suspect it was just a bug. But the current environment of money and politics makes it hard to ignore the alternative.
Come on, it's not really "behind your back" if it's something you can immediately see on the page. The search engine thing is the one thing you'd have to deal with as it just about pays for all of Mozilla.
Cynicism? I react with annoyance to people who think that:
* Auto-updates to software with a high need for security patches are not important enough to ping a server, which (of course!) exposes your IP.
* Businesses aren't interested in collecting usage metrics for their software for non-nefarious reasons. Collection of metrics is one of the most amazing advances in software design in the last 20 years, after all.
* Businesses shouldn't have a profit motive: Ghostery found a way to both provide a service and make money off of the people who track others. Seems reasonable to me.
Cynicism is misplaced, here. Annoyance at blowing up a non-issue to the front page of HN is appropriate, though.
> important enough to ping a server, which (of course!) exposes your IP.
It's "of course" for you and me, but not for the vast majority if end users. Also, there's no reason this can't be done anonymously, even as a policy from the vendor that IPs are not logged.
> Businesses aren't interested in collecting usage metrics for their software for non-nefarious reasons
Absolutely some businesses have good intentions; also some have bad intentions and some have intentions that they think are non-nefarious but about which their customers disagree. A few thoughts:
* Many of these businesses are secretive about this behavior; if it's all ok and for the good, what are they hiding? Why don't they announce it to every customer when they start using the product?
* The collection of usage metrics goes way beyond what is needed, with many vendors collecting everything they can get their hands on.
* The bad actors damage everyone's reputations; consumers have no way to distinguish good guys from bad. If this was properly regulated, consumers might trust everyone more. The good guys should be pushing for regulation.
> Businesses shouldn't have a profit motive
I don't recall a criticism of profit, but maybe I overlooked it.
It's pointless to talk about what 'many businesses' do; we're having a discussion about some specific businesses. I also fail to see what the kerfuffle is because when I installed these anti-tracking plugins it was made quite clear to me, in plain English, that they would download updates from time to time.
The whole thing has an air of 'locksmiths - do they know too much about how we keep our doors closed?!'
To me the key question is whether these checks are anonymous. If not -- if Firefox or a plug-in is sending a unique ID, than any advertiser or government agency could pay for that tracking information and then your privacy would be toast, at least until you can reset that ID.
Even if there's no unique ID, if you've installed a lot of plugins this combination can uniquely identify you. If you query addon updates daily, they could associate your IP of the day with your "I have installed these addons"-fingerprint.
A debian style update mechanism could solve this, but this would be really bandwidth expensive.
> Even if there's no unique ID, if you've installed a lot of plugins this combination can uniquely identify you
This is a good thing to remember, but I'm not sure it undermines the parent's point. No matter what security you use for anything, you always are exposed to another threat; that doesn't make all security useless. The value of security is to make attacks more difficult.
Well, technically you are not talking to 3rd parties, you are checking for updates on the author's site. For extensions that rely on up-to-date lists and definitions to work this is a crucial step, otherwise they'll be pointless. Antivirus software does the same thing. OS does the same thing. How it is now all of the sudden a problem?
I don't understand your post because it's full of blanket meaningless statements.
A government agency doesn't need to pay anything, they could use legal means to extract the information.
I don't think there's anything stopping plug-ins from sending unique IDs. SafeBrowsing uses a cookie that makes up a unqiue ID. (The latter discussion is well documented in Mozilla's Bugzilla)
But what tracking information would make your privacy toast? Privacy has levels. SafeBrowsing leaks your WAN IP to Google. (You already leak this to every site you visit) Plug-ins likely leak details about the plugin configuration (as Ghostery does). What's the value there?
If I didn't trust the folks at Mozilla and Ghostery and NoScript more than Google, I'd run Chrome and leave JavaScript and Cookies on by default. If I trusted Facebook and LinkedIn more, I'd stay logged in. I don't so I don't.
[1]: http://cm.bell-labs.com/who/ken/trust.html