It’s really annoying that the security updater for Java is trying to install the Yahoo Toolbar.
I briefly enabled the Google Toolbar to check some PageRank stats, and noticed some fields on contact forms were highlighted in yellow. A little experimentation revealed that this was part of the toolbar’s AutoFill capability, which will try to identify standard form fields and fill in your name, address, etc. (There’s a config box where you fill it all in once.)
The weird thing was that this form had name and e-mail fields, but AutoFill only recognized e-mail. I figured, OK, people might be using this, let’s see if I can adjust the page and make it compatible.
This form was using “name” and “email” for the actual names of the fields. They were labeled “Your Name” and “E-mail,” in separate table cells before the fields, with explicit
<label> elements. A bit of searching turned up the fact that AutoFill looks for field names defined in ECML (RFC 3106). That list applies to the actual field names, not the visible labels, and if I’m reading it correctly, both “name” and “email” should work. Continue reading
Many web browser add-ons have features that require contacting a central server. The Google Toolbar will show you a site’s PageRank. Amazon’s A9 Toolbar will show you information from Alexa. If you want this, that’s great—but if you only want it occasionally, you might not want someone tracking your entire browsing session.
After installing the A9 toolbar for testing, I decided I wanted to know just when they were contacting their server. I installed the Firefox versions of four toolbars and used netstat to see when they connected.
- A9 Toolbar: Constant connections to hosts at amazon.com and alexa.com, but only when the toolbar is visible.
- Google Toolbar: Opens initial connection to a Google-owned IP address. If PageRank display is enabled, or was earlier in the session, maintains continuous connections—even when the toolbar is hidden!
- Yahoo! Toolbar: Opens initial connections to a Yahoo server and to unknown.Level3.net (which, based on traceroute, appears to be on the way from here to Yahoo). Sometimes the latter remains open for a long time before closing. It does not appear to reconnect on its own.
- StumbleUpon: Only connects when you press its buttons.
Overall, these toolbars seem to behave in a privacy-friendly way. But it was disturbing that the Google toolbar keeps a connection open even when it’s hidden, and that disabling PageRank display doesn’t seem to stop the connections until you restart Firefox. (Maybe it does eventually, and I didn’t wait long enough.) If I’ve hidden the toolbar, I don’t need the functionality right then. There’s no reason to hold a network connection open until I re-show the toolbar.
If I only want to use these toolbars occasionally, I can just hide most of them through the View→Toolbars submenu. But to keep the Google Toolbar from phoning home, I have to either disable PageRank and restart Firefox, or disable the toolbar in the Extensions—and restart Firefox.