[plasma-browser-integration] [Bug 399449] New: [PRIVACY VIOLATION] plasma-browser-integration-host creates network connections

Sat, 06 Oct 2018 09:05:53 -0700 

https://bugs.kde.org/show_bug.cgi?id=399449

            Bug ID: 399449
           Summary: [PRIVACY VIOLATION] plasma-browser-integration-host
                    creates network connections
           Product: plasma-browser-integration
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: Firefox
          Assignee: k...@privat.broulik.de
          Reporter: chemob...@gmail.com
  Target Milestone: ---

After upgrading to F29 beta with Plasme 5.13.5 I got the reminder about the
Browser integration. I installed the Firefox extension and started to test it.
No problems there....

firefox-62.0-3.fc29.x86_64
plasma-browser-integration-5.13.5-1.fc29.x86_64
[this might also apply to Chromium, but I didn't activate the integration for
it]

...but afterwards I had a look at "netstat -tp" and was surprised to see that
the browser integration seems to create *outgoing* network connections on its
own. Which is rather surprising when you read the statement from the Wiki
https://community.kde.org/Plasma/Browser_Integration#Privacy:

    Everything is handled on your PC between the browser and your desktop, no
additional data is sent via the web. 

Snapshot from my test system:

$ netstat -tnp | fgrep -e plasma- -e firefox
tcp        0      0 192.168.3.6:39846        xxxx:443       ESTABLISHED
1753/firefox
tcp        0      0 192.168.3.6:33556        xxxx:443       ESTABLISHED
1753/firefox
... many more open connections from firefox ....
tcp   2194537      0 192.168.3.6:49664       xxxx:443       ESTABLISHED
1753/firefox

tcp        1      0 192.168.3.6:35696       104.16.111.25:443       CLOSE_WAIT 
2686/plasma-browser
tcp       32      0 192.168.3.6:57386       151.101.193.69:443      CLOSE_WAIT 
2686/plasma-browser
...
tcp     8692      0 192.168.3.6:50810       104.20.117.11:443       CLOSE_WAIT 
2686/plasma-browser
[NOTE: at other times I also saw ESTABLISHED connections. I tried to reverse
look up the IPs but didn't get any usable information from them]

$ ps -efw | fgrep 2686
stefanb   2686  1753  0 09:38 ?        00:00:00
/usr/bin/plasma-browser-integration-host
/usr/lib64/mozilla/native-messaging-hosts/org.kde.plasma.browser_integration.json
plasma-browser-integrat...@kde.org


The above connections are not created by firefox, because firefox connections
are associated with the firefox process.

I haven't yet studied the source code for the messaging host binary to check
for network connection creation, but I'll try to do so when I get the time.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to