I think that Privacy Protection features are being used against us to sneak blocked URL's through.
Using Windows 10 and current Firefox browser (76.0 64-bit). I was poking around a website that I spotted opening additional browser windows behind my current one. These windows were advertising and the browser windows had most of the toolbars removed. My usual reaction to this is to immediately update my Hosts file with all of the URL's involved in the chain of events that opened up this unwanted window. However, after I did this, they still managed to open up despite being listed in my Hosts file to block! Here's what I noticed:
Blocked URL's listed in my Hosts file remain blocked when attempting to open in my main browser window. But these sneaky windows opened up behind this window had the blue / purple badge displayed. I learned that these "pop down" windows were resembling an incognito session as it did not contain my Firefox account info, or much of anything else. I believe that the use of the Privacy Protection feature is what allowed these advertising windows to open up despite being listed on my Hosts file -because the session is so well protected, that even Windows can't see what's going on in there!
I have to admit, I am actually impressed with the creativity of this trick. But to me this looks like in all simple terms to be an instance of taking a new feature and turning it around and using it against us to ploy their wares. It is advertising now, but I can see this easily progressing into malware if it hasn't already. I can provide addresses of the site I am experiencing this condition but be aware, it contains adult content!
所有回覆 (1)
Although websites can open new windows using the window.open() script command, I don't think they can change the context from regular to private or vice versa.
Can you rule out an extension as the culprit? You can view, disable, and often remove unwanted or unknown extensions on the Add-ons page. Either:
- Ctrl+Shift+a (Mac: Command+Shift+a)
- "3-bar" menu button (or Tools menu) > Add-ons
- type or paste about:addons in the address bar and press Enter/Return
In the left column of the Add-ons page, click Extensions.
Then cast a critical eye over the list on the right side. Any extensions Firefox installs for built-in features are hidden from this page, so everything listed here is your choice (and your responsibility) to manage. Anything suspicious or that you just do not remember installing or why? If in doubt, disable (or remove).
Any improvement?
- - - - -
Also, if your hosts file has completely stopped working, your Firefox may be using DNS over HTTPS. This requests IP addresses from Cloudflare (or another provider) instead of Windows. At no point does either Firefox or Cloudflare look at your hosts file the way Windows does when it looks up addresses. More info on this feature: Firefox DNS-over-HTTPS.