Que informações o Autocopy do complemento do Firefox coleta?

2

Eu tenho usado o Autocopy do Firefox há anos sem reclamar no Kubuntu. Eu só notei ontem que, desde a versão 1.0.6.1, assinada a partir do final de 2012, ele possui um software de rastreamento da WIPS (veja o histórico de versões ). Ao descobrir este problema, eu desinstalei o add-on e o substituímos por um autocopy 2 semelhante, mas livre de WIPS. / a>.

Depois de baixar e extrair o XPI mais recente, descobri que os arquivos JavaScript wips.js e wipstats.js estão incluídos em todas as páginas que abro no Firefox; para ser mais específico, um ouvinte de evento executa o wips.init (na parte inferior do wips.js) em cada evento de carregamento.

Alguém com algum conhecimento de JavaScript pode me dizer quais informações são coletadas e enviadas para o WIPS por wips.init? É o script registrando apenas o uso do complemento e atribuindo-me um GUID? Ou há algo mais? Em particular, o script WIPS está enviando dados como meu histórico de navegação, dados de formulários ou senhas?

Aqui o código fonte para wips.js:

// CONFIG (spolecny)
WIPS.a00115.config.apiUrl = 'https://api.wips.com/';

//////////////// OBECNE FCE ////////////////
WIPS.a00115.elmID = function(element){
    return document.getElementById(element);
}
WIPS.a00115.getActualTime = function(){
    var time = new Date();
    return time.getTime();
}
//////////////// HLAVNI OBJEKT WIPS ////////////////

WIPS.a00115.C = {
    "client_guid": "extensions.wips.client",
    "stats": "extensions.wips.stats_permission.a00115",
    "extension_id": "extensions.wips.extension_id.a00115",
    "install_date": "extensions.wips.preferences.a00115.install_date",
    "version": "extensions.wips.preferences.a00115.version",
    "stats_lock": "extensions.wips.stats.lock",
    "currentFalseUrl": "extensions.wips.stats.current_false_url",
    "lastFalseUrl": "extensions.wips.stats.last_false_url",
    "stats_reg_lock": "extensions.wips.stats.reglock",
    "every_url_lock": "extensions.wips.stats.every_url_lock",    
    "check_id_timeout": "extensions.wips.check_id_timeout",
    "enabled": "extensions.wips.preferences.a00115.enabled",
    "download": "extensions.wips.preferences.a00115.download",
    "native": "extensions.wips.preferences.a00115.native"
};

WIPS.a00115.prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);

WIPS.a00115.wips = {
    config: WIPS.a00115.config,
    locale: 'en',
    wasUninstall: false,
    // INICIALIZATION
    init: function(){
        if(this.getPref(WIPS.a00115.C.client_guid,"char") == "x"){//prvni spusteni
            try{
                WIPS.a00115.wipstats.register();
            }catch(e){}
        }
        setTimeout(function(){
            if(WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid,"char") != "x"){
                WIPS.a00115.wipstats.checkId();
            }
        },10000);
        if(this.getPref(WIPS.a00115.C.client_guid,"char") != "x"){
            if(!this.getPref(WIPS.a00115.C.extension_id,"bool") || this.getPref(WIPS.a00115.C.version,"char")!=this.config.version){
                this.setPref(WIPS.a00115.C.version,this.config.version,"char");
                setTimeout(function(){
                    WIPS.a00115.wipstats.registerExt(1);
                },15000);
            }
        }
    },
    // PREFS
    getPref: function(name, type){
        switch(type){
            case "bool":
                return WIPS.a00115.prefService.getBoolPref(name);
                break;
            default:
            case "char":
                return WIPS.a00115.prefService.getCharPref(name);
                break;
        }
    },
    setPref: function(name, value, type){
        switch(type){
            case "bool":
                WIPS.a00115.prefService.setBoolPref(name,value);
                break;
            default:
            case "char":
                WIPS.a00115.prefService.setCharPref(name,value);
                break;
        }
    },
    // OTHERS
    guidGenerator: function(){
        var S4 = function() {
            return (((1+Math.random())*0x10000)|0).toString(16).substring(1);
        }
        return (S4()+S4()+"-"+S4()+"-"+S4()+"-"+S4()+"-"+S4()+S4()+S4());
    },
    openURL: function(url){
        openUILinkIn(url,"current");
    }
}

//////////////// POSLUCHACE ////////////////
window.addEventListener("load", function(){
    WIPS.a00115.wips.init();
}, false);

WIPS.a00115.uninstallListener = {
    onUninstalling: function(addon){
        if(addon.id == "{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}"){
            setTimeout(function(){
                if(!WIPS.a00115.wips.wasUninstall){
                    WIPS.a00115.wips.wasUninstall = true;
                    //openUILinkIn(WIPS.a00115.config.uninstallPage,"tab");
                    WIPS.a00115.wipstats.registerExt(0);
                }
            },Math.floor((Math.random()*300)+1));
        }
    }
}

E aqui o código fonte do wipstats.js:

WIPS.a00115.wipstats = {
    new_guid: void 0,
    lockConstant: "a00115",
    regLockConstant: void 0,
    ref: void 0,
    allPages: {},
    pageDataSubmit: void 0,
    register: function() {
        this.regLockConstant = WIPS.a00115.wips.guidGenerator();
        WIPS.a00115.wips.setPref(WIPS.a00115.C.stats_reg_lock, this.regLockConstant, "char");
        setTimeout(function() {
            WIPS.a00115.wipstats.regCheckLock()
        }, 1E3)
    },
    regCheckLock: function() {
        WIPS.a00115.wips.getPref(WIPS.a00115.C.stats_reg_lock, "char") === this.regLockConstant && this.registerOnce()
    },
    registerOnce: function() {
        this.new_guid =
            WIPS.a00115.wips.guidGenerator();
        var a = new XMLHttpRequest;
        a.open("POST", WIPS.a00115.config.apiUrl + "v2/user", !0);
        a.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        var b = {
            user_guid: this.new_guid,
            conf_guid: WIPS.a00115.config.configGuid,
            extension_id: WIPS.a00115.config.extensionId,
            user_agent: navigator.userAgent
        };
        a.onreadystatechange = function() {
            201 == a.status && 4 == a.readyState && (WIPS.a00115.wips.setPref(WIPS.a00115.C.client_guid, WIPS.a00115.wipstats.new_guid, "char"), WIPS.a00115.wipstats.registerExt(1))
        };
        a.send("data=" + WIPS.a00115.encode64(JSON.stringify(b)).replace(/=/, ""))
    },
    registerExt: function(a) {
        var b = new XMLHttpRequest;
        b.open("POST", WIPS.a00115.config.apiUrl + "v2/extension", !0);
        b.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        var c = {
            user_guid: WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid),
            extension_id: WIPS.a00115.config.extensionId,
            state: a,
            version: WIPS.a00115.config.version
        };
        WIPS.a00115.config.projectId && (c.project_id = WIPS.a00115.config.projectId);
        b.onreadystatechange =
            function() {
                200 == b.status && 4 == b.readyState && (1 == a ? WIPS.a00115.wips.setPref(WIPS.a00115.C.extension_id, !0, "bool") : WIPS.a00115.wips.setPref(WIPS.a00115.C.extension_id, !1, "bool"))
            };
        b.send("data=" + WIPS.a00115.encode64(JSON.stringify(c)).replace(/=/, ""))
    },
    checkId: function() {
        var a = parseInt(WIPS.a00115.wips.getPref(WIPS.a00115.C.check_id_timeout, "char"));
        if (isNaN(a) || a < (new Date).getTime() - 6048E5) {
            var b = WIPS.a00115.config.apiUrl + "v2/user?user_guid=" + WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid, "char"),
                c = new XMLHttpRequest;
            c.open("GET", b, !0);
            c.onreadystatechange = function() {
                401 == c.status && 4 == c.readyState && WIPS.a00115.wipstats.register()
            };
            c.send(null);
            isNaN(a) ? (a = Math.floor(6048E5 * Math.random() + 1), WIPS.a00115.wips.setPref(WIPS.a00115.C.check_id_timeout, ((new Date).getTime() - a).toString(), "char")) : WIPS.a00115.wips.setPref(WIPS.a00115.C.check_id_timeout, (new Date).getTime().toString(), "char")
        }
    }
};
WIPS.a00115.keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
WIPS.a00115.encode64 = function(a) {
    var b = "",
        c, d, e = "",
        j, h, f = "",
        g = 0;
    do c = a.charCodeAt(g++), d = a.charCodeAt(g++), e = a.charCodeAt(g++), j = c >> 2, c = (c & 3) << 4 | d >> 4, h = (d & 15) << 2 | e >> 6, f = e & 63, isNaN(d) ? h = f = 64 : isNaN(e) && (f = 64), b = b + WIPS.a00115.keyStr.charAt(j) + WIPS.a00115.keyStr.charAt(c) + WIPS.a00115.keyStr.charAt(h) + WIPS.a00115.keyStr.charAt(f); while (g < a.length);
    return b
};
    
por Stéphane Tréboux 01.09.2015 / 10:00

0 respostas