expn626

About me

Developer Information
Name expn626
User since August 11, 2012
Number of add-ons developed 0 add-ons
Average rating of developer's add-ons Not yet rated

My Reviews

WorldIP - Geo Add-on with Security Features

Versatile geo-loc/country-flag/tracert/who-is tool! But.. Rated 4 out of 5 stars

This seems to be one of a few working alternatives amongst the GEO-location and who-is add-ons. While most competitors only check domain name owners registered location and/or what ISP the IP is registeraed at, this one actually shows the physical location the websites are served from by means of AS number, which is actually used for routing traffic around the net. While it doesn't always have the answer or correct information, corrections can be submitted by any user, anonymously or with OpenID.

You can also check the route that the traffic is taking between the users computer and the webb-server with a simple trace-route from the users computer or from the provided looking glass servers. The looking glass service is also very useful to check if it's only you or your local ISP who's got a network problem or if it's on the other end - is the IP accessible from other locations in the world? Is your own IP available from other locations in the world?

Very useful and versatile tool. I like it!

However, I do have some concerns regarding privacy..

Since the add-on doesn't use a local database, but submits an API-request over the internet for every site visited, please clarify: are the API-requests submitted over secure SSL/HTTPS-connection or just plain HTTP? Plain unencrypted HTTP would "leak" the users browsing habits to any onlooker anywhere on the route between the user and the API-servers. Example from current news: the NSA. I hope the developer can answer that, and fix it if it's not using a secure connection.

For the free version it says "API-servers: 6 via GeoDNS ***", "API in Fort Worth, Texas, USA", "***GeoDNS: USA, Germany, Chile, Singapore, Japan, Australia.". Does that mean my API-requests are sent to Germany (European here - so that's closest), and then on to Texas, USA? If the above mentioned is correct, are my API-requests then anonymized between the Germany-USA-servers, or are they sent over plain HTTP with the users IP included? Some clarification on that subject from the developer would be nice.

It would also be good if the add-on disabled the API-requests in "Private Browsing"-mode, just to be sure nothing is leaking. At least show a privacy warning and give the user a choice whether to disable it during private browsing or not.

Many thanks to the devs for making this add-on!

This review is for a previous version of the add-on (2.2.1.1-signed). 

Smart Referer

Rated 5 out of 5 stars

Great add-on! I'll tell you why; it is simple and "just works"! With the recently added white-list support (which i only have needed for disqus thus far) it is close to perfect for its purpose. One thing though, i wish the strict mode would be disabled per default because many bigger sites use content-servers on a sub-domain and if they require referrer then there will be problems. This way ppl trying it out won't just discard it right away because they run into problems with the default options. Also it would be nice with a link to a test page (test by subdomain, domain, and so on) that reports back what referrer it got, so you can see if it works or not, then you could check if you break it by typing in invalid white-list regular expressions and such..Thanks for a great add-on!

Late update/reply to meh (Aug 1, 2013): I read the description of self-referrer -it seems to be appropriate as the default mode, which it is now. Regarding the test-page: I think the new, easier, white-list feature you now have available (wildcards, not reg-exp) is sufficient to weed out most errors. The rest should be test-able by checking the pages in the white-list (example: Disqus). Also I realized anyone can make their own test-page by posting a link to an HTTP header check page like http://xhaus.com/headers in some random forum, then just click the link to see the results! :)

This review is for a previous version of the add-on (0.0.6.3.1-signed).