How do Firefox extensions use an anonymous proxy IP? Can the original IP address be exposed?

Examining Firefox Extension Connections

I read the Firefox Extensions FAQ ( ) and looked through their community forums for information, but couldn't find anything about how extensions actually connect and collect your data.

The closest I found was the Mozilla Wiki page on data collection ( ), but it gives you a basic choice / output of data collection levels.

What I am trying to understand:

If I use a manually configured anonymous proxy in Firefox, can the extension potentially send my actual IP address (not my proxy IP address) back to a third party?

Example: Expanding Translation

For example, if I use Google Translate for Firefox, can Google see my original IP address?

What i thought

Since a proxy is the only way the browser can connect to the Internet, the extension will have to use the proxy's IP to connect and thus only be able to see the proxy's IP. However, I would like to be sure that there is no backdoor or expansion method showing my original IP.

Any insight is greatly appreciated. We are not doing anything unethical, we just need to maintain separate IP usage for different clients and do not want to risk confusing their information. Thanks again.


source to share

1 answer

Firefox extensions are usually not limited in what they can do, only extensions based on the WebExtensions Framework are sandboxed - currently most Firefox extensions are still either classic XUL based extensions or based on the Add-on SDK, they are have no inherent limitations. So in theory, an extension can do a lot of things to de-animate you, for example:

  • Use nsIDNSService to get your local IP address (usually this address is not valid outside of your local network).
  • Change your browser settings, in particular, disable the configured proxy server.
  • Use external command line tools to read system information or send a request to bypass the browser.
  • Read the files on your hard drive to find your name.

Note that Chrome also offers an API for modifying browser proxy extensions , and a similar API is planned for WebExtensions. Therefore, even the sandbox does not always protect against deanonification, and you need to trust the extensions you install.

However, extensions hosted on Addons.Mozilla.Org are usually viewed by Mozilla (those that have not yet been viewed have a yellow install button and warning). One aspect that the reviewers are looking at is: does this add-on do what it claims, or are there unexpected side effects? Any unexpected functionality should be strictly prohibited, with full explanation of the consequences. It was introduced in 2009 as a No Surprises policy and works remarkably well. The Chrome Web Store has no comparable policy.



All Articles