A popular security plugin for Mozilla’s Firefox browser has been accused of collecting and logging users’ browsing history, according to uBlock Origin developer Raymond Hill. The app, Web Security, supposedly protects users from threats of malware and phishing “so that you will not be decoyed to enter your sensitive information where it is not safe.”

However, users that have installed the add-on may not be safe. Upon using the plugin, Hill noticed some odd behavior in its functionality. “With this extension, I see that for every page you load in your browser, there is a POST to http://136.243.163.73/,” he said. “The posted data is garbled, maybe someone will have the time to investigate further.”

SEE: Cybersecurity in 2018: A roundup of predictions (Tech Pro Research)

Hill mentioned his discovery in response to a Firefox article re-posted on Reddit. Since Web Security had originally been incredibly popular, with 220,000 installs and a 4.5 out of 5 rating, the plugin was included on Firefox’s recommended list of extension downloads. Once the list posted to Reddit, users began responding with speculations concerning Web Security.

After Hill’s warning, Mike Kuketz, a popular German blogger, posted an article echoing the app’s strange behavior. A user responded to Kukez’s post after decoding the “garbled” data Hill referenced and found that the add-on secretly transmits the URLs of users’ visited pages to a separate German server.

Since the vocalization of concerns, Firefox quietly removed Web Security from its list of recommended plugins. However, the add-on is still available for download for Firefox users. Users worried about the excessive tracking should consider removing or disabling the extension, for the time being.

A spokesperson from Web Security’s developers, Creative Software Solutions, gave the following statement to Bleeping Computer:

“The add-on Web Security is, as the name says is, a security add-on, that protects the user from abusive websites to protect their data and privacy. We do not want sites to track and steal the users data or browsing history. One of the security aspects includes checking the requested site against a global blacklist, thus the communication between the client and our servers is unavoidable, while we keep it to a absolute minimum and do not log this communication. Our Servers are all in Germany, thus we are also bound by GDPR and only process data for the specified reasons.

Our add-on has also been processed by Mozillas stringent Verification staff, which have specifically approved all communication that occurs. All data transferred should communicate securely, however as we take these privacy concerns very serious, I have already informed the developers to investigate the issue at hand, to verify and improve if possible.”

The big takeaways for tech leaders:

  • Web Security, a popular Firefox add-on, was found to be excessively tracking users’ browsing history.
  • Since the discovery, Firefox removed the extension from an article listing add-on recommendations, but it is still available for download.