多年来,我一直在 Kubuntu 上使用 Firefox 插件 Autocopy,从未遇到过任何问题。昨天我才注意到,自 2012 年底签名的 1.0.6.1 版本以来,它就配备了 WIPS 的跟踪软件(请参阅版本历史)。发现此问题后,我卸载了该插件,并将其替换为类似但不包含 WIPS 的插件自动复制 2。
下载并解压最新的 XPI 后,我发现 JavaScript 文件 wips.js 和 wipstats.js 包含在我用 Firefox 打开的每个页面中;更具体地说,事件监听器会在每次加载事件时运行 wips.init(在 wips.js 的底部)。
有 JavaScript 知识的人能告诉我 wips.init 收集了哪些信息并将其发送给 WIPS 吗?该脚本是否只记录了我对附加组件的使用情况并为我分配了一个 GUID?还是还有其他内容?具体来说,WIPS 脚本是否发送了任何数据,例如我的浏览历史记录、表单数据或密码?
以下是 wips.js 的源代码:
// CONFIG (spolecny)
WIPS.a00115.config.apiUrl = 'https://api.wips.com/';
//////////////// OBECNE FCE ////////////////
WIPS.a00115.elmID = function(element){
return document.getElementById(element);
}
WIPS.a00115.getActualTime = function(){
var time = new Date();
return time.getTime();
}
//////////////// HLAVNI OBJEKT WIPS ////////////////
WIPS.a00115.C = {
"client_guid": "extensions.wips.client",
"stats": "extensions.wips.stats_permission.a00115",
"extension_id": "extensions.wips.extension_id.a00115",
"install_date": "extensions.wips.preferences.a00115.install_date",
"version": "extensions.wips.preferences.a00115.version",
"stats_lock": "extensions.wips.stats.lock",
"currentFalseUrl": "extensions.wips.stats.current_false_url",
"lastFalseUrl": "extensions.wips.stats.last_false_url",
"stats_reg_lock": "extensions.wips.stats.reglock",
"every_url_lock": "extensions.wips.stats.every_url_lock",
"check_id_timeout": "extensions.wips.check_id_timeout",
"enabled": "extensions.wips.preferences.a00115.enabled",
"download": "extensions.wips.preferences.a00115.download",
"native": "extensions.wips.preferences.a00115.native"
};
WIPS.a00115.prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
WIPS.a00115.wips = {
config: WIPS.a00115.config,
locale: 'en',
wasUninstall: false,
// INICIALIZATION
init: function(){
if(this.getPref(WIPS.a00115.C.client_guid,"char") == "x"){//prvni spusteni
try{
WIPS.a00115.wipstats.register();
}catch(e){}
}
setTimeout(function(){
if(WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid,"char") != "x"){
WIPS.a00115.wipstats.checkId();
}
},10000);
if(this.getPref(WIPS.a00115.C.client_guid,"char") != "x"){
if(!this.getPref(WIPS.a00115.C.extension_id,"bool") || this.getPref(WIPS.a00115.C.version,"char")!=this.config.version){
this.setPref(WIPS.a00115.C.version,this.config.version,"char");
setTimeout(function(){
WIPS.a00115.wipstats.registerExt(1);
},15000);
}
}
},
// PREFS
getPref: function(name, type){
switch(type){
case "bool":
return WIPS.a00115.prefService.getBoolPref(name);
break;
default:
case "char":
return WIPS.a00115.prefService.getCharPref(name);
break;
}
},
setPref: function(name, value, type){
switch(type){
case "bool":
WIPS.a00115.prefService.setBoolPref(name,value);
break;
default:
case "char":
WIPS.a00115.prefService.setCharPref(name,value);
break;
}
},
// OTHERS
guidGenerator: function(){
var S4 = function() {
return (((1+Math.random())*0x10000)|0).toString(16).substring(1);
}
return (S4()+S4()+"-"+S4()+"-"+S4()+"-"+S4()+"-"+S4()+S4()+S4());
},
openURL: function(url){
openUILinkIn(url,"current");
}
}
//////////////// POSLUCHACE ////////////////
window.addEventListener("load", function(){
WIPS.a00115.wips.init();
}, false);
WIPS.a00115.uninstallListener = {
onUninstalling: function(addon){
if(addon.id == "{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}"){
setTimeout(function(){
if(!WIPS.a00115.wips.wasUninstall){
WIPS.a00115.wips.wasUninstall = true;
//openUILinkIn(WIPS.a00115.config.uninstallPage,"tab");
WIPS.a00115.wipstats.registerExt(0);
}
},Math.floor((Math.random()*300)+1));
}
}
}
以下是 wipstats.js 的源代码:
WIPS.a00115.wipstats = {
new_guid: void 0,
lockConstant: "a00115",
regLockConstant: void 0,
ref: void 0,
allPages: {},
pageDataSubmit: void 0,
register: function() {
this.regLockConstant = WIPS.a00115.wips.guidGenerator();
WIPS.a00115.wips.setPref(WIPS.a00115.C.stats_reg_lock, this.regLockConstant, "char");
setTimeout(function() {
WIPS.a00115.wipstats.regCheckLock()
}, 1E3)
},
regCheckLock: function() {
WIPS.a00115.wips.getPref(WIPS.a00115.C.stats_reg_lock, "char") === this.regLockConstant && this.registerOnce()
},
registerOnce: function() {
this.new_guid =
WIPS.a00115.wips.guidGenerator();
var a = new XMLHttpRequest;
a.open("POST", WIPS.a00115.config.apiUrl + "v2/user", !0);
a.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
var b = {
user_guid: this.new_guid,
conf_guid: WIPS.a00115.config.configGuid,
extension_id: WIPS.a00115.config.extensionId,
user_agent: navigator.userAgent
};
a.onreadystatechange = function() {
201 == a.status && 4 == a.readyState && (WIPS.a00115.wips.setPref(WIPS.a00115.C.client_guid, WIPS.a00115.wipstats.new_guid, "char"), WIPS.a00115.wipstats.registerExt(1))
};
a.send("data=" + WIPS.a00115.encode64(JSON.stringify(b)).replace(/=/, ""))
},
registerExt: function(a) {
var b = new XMLHttpRequest;
b.open("POST", WIPS.a00115.config.apiUrl + "v2/extension", !0);
b.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
var c = {
user_guid: WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid),
extension_id: WIPS.a00115.config.extensionId,
state: a,
version: WIPS.a00115.config.version
};
WIPS.a00115.config.projectId && (c.project_id = WIPS.a00115.config.projectId);
b.onreadystatechange =
function() {
200 == b.status && 4 == b.readyState && (1 == a ? WIPS.a00115.wips.setPref(WIPS.a00115.C.extension_id, !0, "bool") : WIPS.a00115.wips.setPref(WIPS.a00115.C.extension_id, !1, "bool"))
};
b.send("data=" + WIPS.a00115.encode64(JSON.stringify(c)).replace(/=/, ""))
},
checkId: function() {
var a = parseInt(WIPS.a00115.wips.getPref(WIPS.a00115.C.check_id_timeout, "char"));
if (isNaN(a) || a < (new Date).getTime() - 6048E5) {
var b = WIPS.a00115.config.apiUrl + "v2/user?user_guid=" + WIPS.a00115.wips.getPref(WIPS.a00115.C.client_guid, "char"),
c = new XMLHttpRequest;
c.open("GET", b, !0);
c.onreadystatechange = function() {
401 == c.status && 4 == c.readyState && WIPS.a00115.wipstats.register()
};
c.send(null);
isNaN(a) ? (a = Math.floor(6048E5 * Math.random() + 1), WIPS.a00115.wips.setPref(WIPS.a00115.C.check_id_timeout, ((new Date).getTime() - a).toString(), "char")) : WIPS.a00115.wips.setPref(WIPS.a00115.C.check_id_timeout, (new Date).getTime().toString(), "char")
}
}
};
WIPS.a00115.keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
WIPS.a00115.encode64 = function(a) {
var b = "",
c, d, e = "",
j, h, f = "",
g = 0;
do c = a.charCodeAt(g++), d = a.charCodeAt(g++), e = a.charCodeAt(g++), j = c >> 2, c = (c & 3) << 4 | d >> 4, h = (d & 15) << 2 | e >> 6, f = e & 63, isNaN(d) ? h = f = 64 : isNaN(e) && (f = 64), b = b + WIPS.a00115.keyStr.charAt(j) + WIPS.a00115.keyStr.charAt(c) + WIPS.a00115.keyStr.charAt(h) + WIPS.a00115.keyStr.charAt(f); while (g < a.length);
return b
};