As cookies became manageable, and could be avoided, as well as people became aware of Super Cookies, the use of 1 pixel large Web bugs came in to track you. These requests typically include the IP address of the requesting computer, the time the content was requested, the type of Web browser that made the request, and the existence of cookies previously set by that server. The server can store all of this information, and associate it with a unique tracking token attached to the content request.
Web bugs are typically used by third parties to monitor the activity of customers at a site.
Well a brief read indicates a potential issue with the web shield.
After being installed, FoxBeacon embeds itself into the Firefox browser and acts as a proxy. It reads every incoming web page and trying to find hidden web bugs.
Since the web shield is a proxy we now have two proxies fighting over the same page, so at the very least we have to co-ordinate these by adding the foxbeacon proxy port to the web shield redirect and uncheck ignore local communication, etc.
If only we knew what port foxbeacon used, it is very light on information.
I would say NoScript would up to a point, since many sites require javascript for many functions if you allow it then the web bug could well be activated.
So it isn’t very clear and there is little information on exactly how foxbeacon works to say if noscript might do the job as well.
You can enable FoxBeacon at will, e.g. when you need it to check. What is going on can be found here: chrome://foxbeacon/content/browser.js. For your convenience and mine I will post these questions to Giorgio Maone, the maker of NoScript, and we will have an answer. The source of this addon, Mellon University standard, and professional guidance for the developer makes it is not questionable, then the example after it was build, 'bugnosis", has been used on IE for years and years without many security questions raised. I will just ask Giorgio Maone if NoScript also protects against webbugs at the moment the page is being sent, not at later handling through java script, there I think we have full protection. Also I will ask him what an add-on like ABP can do, and we have to have FoxBeacon enabled to know what to block in ABP for the future, haven’t we?
It isn’t so much an issue of enabling at will but how it works based on it saying it acts as a proxy. If when at will I chose to enable it, if it had an interaction with the web shield I know which protection I would want on and I think you know which that would be ;D
Also as TheSpirit mentioned if NoScript covers this area then perhaps we don’t need foxbeacon, that entirely how foxbeacon works, as to how much crossover there is between the two.
No one is questioning the probity of the origin of foxbeacon, just how it works.
Mind you there also benevolent Web bugs you better not block using NoScript because they are used for alignment and other purposes to make your surfing more enjoyable, especially because you are not on broadband.
The best solution here would be to block the nasties (e.g. undesirable Web bugs) inside your hosts file, at least that is advised. I am sure NoScript protects where Web bugs make acrobatics using of JS in their aftermath, but my concern is at the moment of the page query from the browser. It has nothing to do with being paranoid, but just like you I want to know the underlying mechanism, and for FoxBeacon that is XUL,
I honestly don’t belive there are any security risks for this add-on and I’m certainly not implying that.
My concern is its claim to act as a proxy and the associated problems of getting other proxies and the web shield’s localhost proxy working together.
The problem is as I keep banging on, is there is zero information on how the foxbeacon proxy works, so we can’t tell if it will work with the web shield without having to make any changes to the web shield redirects.
Personally I’m not unduly concerned about web bugs anyway, my concern is someone installing the add-on and not knowing if there might be an issue with it and the web shield.
What are your concerns then for users of the Firefox Torpark browser that also works in combination with a proxy privoxy.
Does this mean that you are against the use of proxies per se?
For those bold enough to play…when you start to play around with this great add-on, some hints. Leave NoScript on, wherever you go, but allow the little Web bug devils to be analyzed. For a test go to this page as an example : http://www.dziennik.pl/ Here you will see the FoxBeacon blink red, click the icon, and you see the analysis window for a dozen or so webbugs, all from: ad2.pl.mediainter.net Severity of the webbug = 1 on a scale from 1 to 3; size pixels 0x0 Set Cookie = info; P3P policy: your data is collected for completion and support of activity for which it (the Web bug) was provided. Furthermore the analysis says it comes from a different domain as that of the page visited, so that is a bunch of info for a little Web bug analysis. Now with blockable items in ABP you can block: ad2.pl.mediainter.net as given there. So while acting whenever FoxBeacon alerts you can build up an ABP block list for the undesirables, read from the analysis page I would go for blocking the 3 category bugs,
The Torpark offering (when I tested it back in 2006) totally prevented any scanning by the avast Webshield.
Indeed the whole point of it seemed to be that it was totally “sealed” and intended to be used without any awareness of the system on which it is running and leaving no traces when removed.
I don’t really care for torpark not my concern and not what this topic was about.
My concern is for the average Joe who if foxbeacon will be totally unaware that they may not be protected by the web shield if there is any interaction that causes web shield not to scan content, leaving the user less well protected. They migh not get a web bug but could well catch a severe cold instead.
Which is why I’m making it plain there ‘could’ be conflict between the two proxies, so any average Joe viewing this topic now or in the future has another opinion or view.
Nothing to do with not liking proxies or otherwise.
I did not have to change anything in the way the browser connects out for FoxBeacon. That is what I see from the Options Advance Network settings inside Firefox, avast connects through localhost through 12080,
NoScript on. so I do not worry,
As I see it, this is another one of those tools best left for the experts.
The average user provided he browses safely and wisely, doesn’t really
need analytical tools. Just my 2cents worth.
I agree with you, we will leave this add-on for those interested. I for one I am always interested what goes on behind my back inside a browser with the 0x0 or 1x1 pixels Web bug I might click. So I expect for those with the Web developer extension, I expect they would like to have this FoxBeacon info.
Later I might present you with a quick and easy list you can paste into ABP Preferences to block the category three or dangerous third party Web bugs. A good thing is the majority of sites with NoScript and ABP installed do not show much Web bugs, but there are some sites that you would not expect that have them (BBC news),
These are or rather were the major Web bug domains:
The one site I would absolutely expect to have them is the BBC.
(/rant on)
When you have to answer to moronic politicians for your funding you absolutely have to be able to justify your existence with irrefutable data on your usage. There are many (and their bought and paid for political hacks) who complain the BBC has no right to provide information over the Web since it might compete with free market offerings. The BBC remains (IMHO) one source of light in a world where the media (in my country and others) has largely become the putrid organ of a geriatric Australian (and others like him) with very decided political views pushed by his media empire for his profit rather than any attempt at fair reporting.
Many of those sites can be blocked with a HOSTS file.
I use hpHosts and MVPS HOSTS files: http://www.mvps.org/winhelp2002/hosts.htm<== has a good description of the HOSTS file and its use
Yes, and that’s why BBC is facing severe cut-backs. We should never discuss good public services. Some politician might spot it and think that there is room for further cost reductions.
Do not understand this, because I run FoxBeacon and the FoxBeacon Menu nest to NoScript in the latest nightly build:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b2pre) Gecko/20081121 Minefield/3.1b2pre ID:20081121034512
The add-on runs superb on ff 3. Because of NoScript and ABP, ABP Watcher, and Element Helper add-ons, I do not see that many Web Bugs with FoxBeacon, but I know now on the MS page I have to additionally block this third domain Web bug: http://m.webtrends.com/dcs4f6vsz99k7mayiw2jzupyr_1s2e/njs.gif?dcsuri=/nojavascript&WT.js=No
Open blockable items in ABP, locate the Web bug and click, bye bye,