Information leaks by search plug-ins

 

If you were using the JonDoFox profile for Firefox you will find search plug-ins installed by default and search plug-ins installed by JonDoFox in the list of search engines:

search plug-ins

 

The search plug-ins installed by default are not very privacy-friendly and may leak information about the used browser and/or operating system. It is possible to discover the user-agent send by JonDoFox as a fake and use minor differences to discriminate between JonDonym users. Some examples of search URLs by using default installed plug-ins:

Google (Windows, Ubuntu, FreeBSD):

  • https://www.google.de/search?q=<word>....&rls=org.mozilla:de:official....
  • https://www.google.de/search?client=ubuntu&q=a<word>....
  • https://www.google.nl/search?q=<word>....&rls=org.mozilla:en-US:unofficial....

DuckDuckGo (Ubuntu, FreeBSD):

  • https://duckduckgo.com/?q=<word>&t=canonical
  • https://duckduckgo.com/?q=<word>&t=freebsd

Amazon (Windows, Ubuntu, FreeBSD):

  • http://www.amazon.de/s?ie=UTF8&field-keywords=<word>....&tag=firefox-de-21
  • http://www.amazon.com/s?ie=UTF8&field-keywords=<word>....&tag=wwwcanoniccom-20
  • http://www.amazon.com/s?ie=UTF8&field-keywords=<word>....&tag=mozilla-20

Conclusion: Do NOT use the search engines installed by default but use the JonDoFox search plug-ins. You may disable unwanted search plug-ins by “manage search engines” dialog.

manage search plugins

 

from here