|User since||Nov. 7, 2007|
|Number of add-ons developed||0 add-ons|
|Average rating of developer's add-ons||Rated 4 out of 5 stars|
Not yet rated
Default behaviour could be used for phishing!
I downloaded the addon and changed/blocked xmlhttp-requests to report what is going on to me.
Every 0.5 seconds all browsers locations are scanned. If there is a new location it is pushed onto a queue stack. After 10 seconds a request is made to a server (http://18.104.22.168/Headr/).
The problem is:
EVERY url is reported to that server. There is NO filter to restrict reporting. Searches on google including complete search text are reported as well as visits on HTTPS websites!
You don't have to click on a button of that toolbar. ALL your visits are reported to that server automatically!!!
I could not recommend to let this addon out of the sandbox.