I have been using the Firefox add-on Autocopy for years without complaints on Kubuntu. I just noticed yesterday that since version 1.0.6.1-signed from late 2012 it features a tracking software from WIPS (see the version history). Upon discovering this issue I uninstalled the add-on and replaced it with the similar but WIPS-free Autocopy 2.
After downloading and extracting the latest XPI I found out that the JavaScript files wips.js and wipstats.js are included in every page I open in Firefox; to be more specific an event listener runs wips.init (at the bottom of wips.js) on every load event.
Can someone with some knowledge of JavaScript tell me what information is collected and sent to WIPS by wips.init? Is it the script only registering my use of the add-on and assigning me a GUID? Or is there more to it? In particular is the WIPS script sending any data like my browsing history, form data or passwords?
Here the source code for wips.js:
// CONFIG (spolecny)
WIPS.a00115.config.apiUrl = 'https://api.wips.com/';
//////////////// OBECNE FCE ////////////////
WIPS.a00115.elmID = function(element){
return document.getElementById(element);
}
WIPS.a00115.getActualTime = function(){
var time = new Date();
return time.getTime();
}
//////////////// HLAVNI OBJEKT WIPS ////////////////
WIPS.a00115.C = {
"client_guid": "extensions.wips.client",
"stats": "extensions.wips.stats_permission.a00115",
"extension_id": "extensions.wips.extension_id.a00115",
"install_date": "extensions.wips.preferences.a00115.install_date",
"version": "extensions.wips.preferences.a00115.version",
"stats_lock": "extensions.wips.stats.lock",
"currentFalseUrl": "extensions.wips.stats.current_false_url",
"lastFalseUrl": "extensions.wips.stats.last_false_url",
"stats_reg_lock": "extensions.wips.stats.reglock",
"every_url_lock": "extensions.wips.stats.every_url_lock",
"check_id_timeout": "extensions.wips.check_id_timeout",
"enabled": "extensions.wips.preferences.a00115.enabled",
"download": "extensions.wips.preferences.a00115.download",
"native": "extensions.wips.preferences.a00115.native"
};
WIPS.a00115.prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
WIPS.a00115.wips = {
config: WIPS.a00115.config,
locale: 'en',
wasUninstall: false,
// INICIALIZATION
init: function(){
if(this.getPref(WIPS.a00115.C.client_guid,"char") == "x"){//prvni spusteni
try{
WIPS.a00115.wipstats.register();
}catch(e){}
}
setTimeout(function(){
if(WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid,"char") != "x"){
WIPS.a00115.wipstats.checkId();
}
},10000);
if(this.getPref(WIPS.a00115.C.client_guid,"char") != "x"){
if(!this.getPref(WIPS.a00115.C.extension_id,"bool") || this.getPref(WIPS.a00115.C.version,"char")!=this.config.version){
this.setPref(WIPS.a00115.C.version,this.config.version,"char");
setTimeout(function(){
WIPS.a00115.wipstats.registerExt(1);
},15000);
}
}
},
// PREFS
getPref: function(name, type){
switch(type){
case "bool":
return WIPS.a00115.prefService.getBoolPref(name);
break;
default:
case "char":
return WIPS.a00115.prefService.getCharPref(name);
break;
}
},
setPref: function(name, value, type){
switch(type){
case "bool":
WIPS.a00115.prefService.setBoolPref(name,value);
break;
default:
case "char":
WIPS.a00115.prefService.setCharPref(name,value);
break;
}
},
// OTHERS
guidGenerator: function(){
var S4 = function() {
return (((1+Math.random())*0x10000)|0).toString(16).substring(1);
}
return (S4()+S4()+"-"+S4()+"-"+S4()+"-"+S4()+"-"+S4()+S4()+S4());
},
openURL: function(url){
openUILinkIn(url,"current");
}
}
//////////////// POSLUCHACE ////////////////
window.addEventListener("load", function(){
WIPS.a00115.wips.init();
}, false);
WIPS.a00115.uninstallListener = {
onUninstalling: function(addon){
if(addon.id == "{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}"){
setTimeout(function(){
if(!WIPS.a00115.wips.wasUninstall){
WIPS.a00115.wips.wasUninstall = true;
//openUILinkIn(WIPS.a00115.config.uninstallPage,"tab");
WIPS.a00115.wipstats.registerExt(0);
}
},Math.floor((Math.random()*300)+1));
}
}
}
And here the source code for wipstats.js:
WIPS.a00115.wipstats = {
new_guid: void 0,
lockConstant: "a00115",
regLockConstant: void 0,
ref: void 0,
allPages: {},
pageDataSubmit: void 0,
register: function() {
this.regLockConstant = WIPS.a00115.wips.guidGenerator();
WIPS.a00115.wips.setPref(WIPS.a00115.C.stats_reg_lock, this.regLockConstant, "char");
setTimeout(function() {
WIPS.a00115.wipstats.regCheckLock()
}, 1E3)
},
regCheckLock: function() {
WIPS.a00115.wips.getPref(WIPS.a00115.C.stats_reg_lock, "char") === this.regLockConstant && this.registerOnce()
},
registerOnce: function() {
this.new_guid =
WIPS.a00115.wips.guidGenerator();
var a = new XMLHttpRequest;
a.open("POST", WIPS.a00115.config.apiUrl + "v2/user", !0);
a.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
var b = {
user_guid: this.new_guid,
conf_guid: WIPS.a00115.config.configGuid,
extension_id: WIPS.a00115.config.extensionId,
user_agent: navigator.userAgent
};
a.onreadystatechange = function() {
201 == a.status && 4 == a.readyState && (WIPS.a00115.wips.setPref(WIPS.a00115.C.client_guid, WIPS.a00115.wipstats.new_guid, "char"), WIPS.a00115.wipstats.registerExt(1))
};
a.send("data=" + WIPS.a00115.encode64(JSON.stringify(b)).replace(/=/, ""))
},
registerExt: function(a) {
var b = new XMLHttpRequest;
b.open("POST", WIPS.a00115.config.apiUrl + "v2/extension", !0);
b.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
var c = {
user_guid: WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid),
extension_id: WIPS.a00115.config.extensionId,
state: a,
version: WIPS.a00115.config.version
};
WIPS.a00115.config.projectId && (c.project_id = WIPS.a00115.config.projectId);
b.onreadystatechange =
function() {
200 == b.status && 4 == b.readyState && (1 == a ? WIPS.a00115.wips.setPref(WIPS.a00115.C.extension_id, !0, "bool") : WIPS.a00115.wips.setPref(WIPS.a00115.C.extension_id, !1, "bool"))
};
b.send("data=" + WIPS.a00115.encode64(JSON.stringify(c)).replace(/=/, ""))
},
checkId: function() {
var a = parseInt(WIPS.a00115.wips.getPref(WIPS.a00115.C.check_id_timeout, "char"));
if (isNaN(a) || a < (new Date).getTime() - 6048E5) {
var b = WIPS.a00115.config.apiUrl + "v2/user?user_guid=" + WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid, "char"),
c = new XMLHttpRequest;
c.open("GET", b, !0);
c.onreadystatechange = function() {
401 == c.status && 4 == c.readyState && WIPS.a00115.wipstats.register()
};
c.send(null);
isNaN(a) ? (a = Math.floor(6048E5 * Math.random() + 1), WIPS.a00115.wips.setPref(WIPS.a00115.C.check_id_timeout, ((new Date).getTime() - a).toString(), "char")) : WIPS.a00115.wips.setPref(WIPS.a00115.C.check_id_timeout, (new Date).getTime().toString(), "char")
}
}
};
WIPS.a00115.keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
WIPS.a00115.encode64 = function(a) {
var b = "",
c, d, e = "",
j, h, f = "",
g = 0;
do c = a.charCodeAt(g++), d = a.charCodeAt(g++), e = a.charCodeAt(g++), j = c >> 2, c = (c & 3) << 4 | d >> 4, h = (d & 15) << 2 | e >> 6, f = e & 63, isNaN(d) ? h = f = 64 : isNaN(e) && (f = 64), b = b + WIPS.a00115.keyStr.charAt(j) + WIPS.a00115.keyStr.charAt(c) + WIPS.a00115.keyStr.charAt(h) + WIPS.a00115.keyStr.charAt(f); while (g < a.length);
return b
};
0 Answers