expn626

About me

Developer Information
Name expn626
User since Aug. 11, 2012
Number of add-ons developed 0 add-ons
Average rating of developer's add-ons Not yet rated

My Reviews

WorldIP - Geo Add-on with Security Features

Rated 4 out of 5 stars

This seems to be one of a few working alternatives amongst the GEO-location and who-is add-ons. While most competitors only check domain name owners registered location and/or what ISP the IP is registeraed at, this one actually shows the physical location the websites are served from by means of AS number, which is actually used for routing traffic around the net. While it doesn't always have the answer or correct information, corrections can be submitted by any user, anonymously or with OpenID.

You can also check the route that the traffic is taking between the users computer and the webb-server with a simple trace-route from the users computer or from the provided looking glass servers. The looking glass service is also very useful to check if it's only you or your local ISP who's got a network problem or if it's on the other end - is the IP accessible from other locations in the world? Is your own IP available from other locations in the world?

Very useful and versatile tool. I like it!

However, I do have some concerns regarding privacy..

Since the add-on doesn't use a local database, but submits an API-request over the internet for every site visited, please clarify: are the API-requests submitted over secure SSL/HTTPS-connection or just plain HTTP? Plain unencrypted HTTP would "leak" the users browsing habits to any onlooker anywhere on the route between the user and the API-servers. Example from current news: the NSA. I hope the developer can answer that, and fix it if it's not using a secure connection.

For the free version it says "API-servers: 6 via GeoDNS ***", "API in Fort Worth, Texas, USA", "***GeoDNS: USA, Germany, Chile, Singapore, Japan, Australia.". Does that mean my API-requests are sent to Germany (European here - so that's closest), and then on to Texas, USA? If the above mentioned is correct, are my API-requests then anonymized between the Germany-USA-servers, or are they sent over plain HTTP with the users IP included? Some clarification on that subject from the developer would be nice.

It would also be good if the add-on disabled the API-requests in "Private Browsing"-mode, just to be sure nothing is leaking. At least show a privacy warning and give the user a choice whether to disable it during private browsing or not.

Many thanks to the devs for making this add-on!

This review is for a previous version of the add-on (2.2.1.1-signed.1-signed).