Firefox扩展如何使用匿名代理的IP地址？原始IP可能被暴露？ [英] How Do Firefox Extensions Use IP Address With Anonymous Proxy? Original IP May Be Exposed?

问题描述

关于Firefox扩展连接的研究

我已经阅读了Firefox扩展的常见问题（ https://addons.mozilla.org/en-us/faq ），并查看了他们的社区论坛的信息，但不能找到有关扩展程序实际连接和收集数据的任何信息。

我发现最接近Mozilla维基页面的数据收集（ https://wiki.mozilla.org/Firefox/Data_Collection ），但它只给你基本的选择进/出数据收集水平。

示例：转换扩展

例如，如果我要使用Google Translate for Firefox，Google能否看到我的原始IP？

我在想

因为代理是浏览器连接到互联网的唯一方式，所以扩展将不得不使用代理IP地址来连接因此只能看到代理IP地址。不过，我很乐意确定没有后门或扩展方式来显示我的原始IP。

任何洞察力都将不胜感激。我们没有做任何不道德的事情，我们只需要为各种客户保持单独的IP使用，不要冒着混淆他们的信息的风险。再次感谢。

解决方案

Firefox扩展通常不限制他们可以做什么，只有基于 WebExtensions框架是沙箱化的 - 目前大多数Firefox扩展仍然是传统的基于XUL的扩展，或者基于附加SDK，这些没有固有的限制。所以在理论上，一个扩展可以做很多事情来消除你的匿名性，例如：

• 使用nsIDNSService来检索您的本地IP地址（通常这个地址在您的本地网络之外是无效的）。
  
• 更改浏览器设置，特别是禁用已配置的代理服务器。


• 使用外部命令行工具读取系统信息或发送绕过浏览器的请求。 b $ b
• 阅读硬盘中的文件，以便找到您的名字。

请注意，Chrome还提供 API来修改浏览器的代理设置扩展，并为WebExtensions计划一个类似的API。因此，即使沙盒并不总是防止反匿名化，并且您需要信任您正在安装的扩展。

然而，作为没有意外的政策和工程非常好。 Chrome网上应用店没有任何类似的政策。

Research On Firefox Extensions Connections

I have read the FAQ's on Firefox Extensions (https://addons.mozilla.org/en-us/faq) and have looked at their community forums for information but wasn't able to find anything on how extensions actually connect and collect your data.

The closest I found was the Mozilla Wiki page on data collection (https://wiki.mozilla.org/Firefox/Data_Collection) but it only gives you the basic opt in/out data collection levels.

What I'm trying to understand:

If I'm using a manually configured anonymous proxy in Firefox, could the extension potentially send my actual IP address (not my proxy IP address) back to a third party?

Example: Translate Extension

For example, if I were to use the Google Translate for Firefox, would Google be able to see my original IP?

What I was thinking

Since the proxy is the only way for the browser to connect to the internet, the extension would have to use the proxy IP address to connect and thus, would only be able to see the proxy IP address. However, I would love to be sure that there is no back door or way of the extension revealing my original IP.

Any insight is greatly appreciated. We are not doing anything unethical, we just have to maintain separate IP usage for various clients and do not want to risk mixing their information. Thanks again.

解决方案

Firefox extensions are usually not limited in what they can do, only extensions based on the WebExtensions framework are sandboxed - currently the majority of Firefox extensions is still either classic XUL-based extensions or based on the Add-on SDK, these don't have inherent restrictions. So in theory an extension can do lots of things in order to deanonymize you, for example:

• Use nsIDNSService in order to retrieve your local IP address (usually, this address isn't valid outside your local network however).
• Change browser settings, in particular disable your configured proxy server.
• Use external command line tools in order to read out system information or send a request bypassing the browser.
• Read files on your hard drive in order to find your name.

Note that Chrome also offers an API to modify browser's proxy settings extensions, and a similar API is planned for WebExtensions. So even sandboxing doesn't always protect against deanonymization, and you need to trust the extensions you are installing.

However, the extensions hosted on Addons.Mozilla.Org are usually reviewed by Mozilla (the ones that aren't reviewed yet have a yellow install button and a warning). One aspect that the reviewers look into is: does this add-on do what it claims to do or are there unexpected side-effects? Any unexpected functionality has to be strictly opt-in, with full explanation about the implications. This was introduced in 2009 as the No Surprises policy and works remarkably well. Chrome Web Store doesn't have any comparable policy.

这篇关于Firefox扩展如何使用匿名代理的IP地址？原始IP可能被暴露？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！