On Wed, 2016-11-02 at 21:37 -0700, Alice Wonder wrote: > While doing a browser fingerprinting survey, I was quite surprised to > see I actually have a FireFox plugin installed. > > The culprit is > > /usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so > > It appears that whoever maintains the rhythmbox RPM has chosen not to > package the browser plugin separately like it probably should be. So if > I have the rhythmbox RPM installed, I have the plugin. > > This is rather worrisome because I can find no trace of the plugin in > the Mozilla preferences panel, so if it is there it is very well hidden > and if it really isn't there, it can't be disabled there. > > Is there some kind of blacklist file I can put in > /usr/lib64/mozilla/plugins/ or ~/.mozilla/plugins/ to specifically tell > FireFox not to load that plugin, or do I have to uninstall rhythmbox? > > Thank you for suggestions. > > PS does anyone actually have a real world use for an itms detection plugin? Hi, It is possible to rebuild the package ( for CentOS 7) and disable this plugin being built. Attached is a diff of the changes required. In RHEL 7.3 rhythmbox is supposed to rebase. https://bugzilla.redhat.com/show_bug.cgi?id=1298233 Unsure if it has been pushed as yet, being 7.3 release day, not all info is available. What this package does contain is to be found out. Regards Phil -- Google+: https://goo.gl/CPjvNo Blog: https://philwyett-hemi.blogspot.co.uk/ GitLab: https://gitlab.com/philwyett_hemi/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20161103/5d6ba81f/attachment-0005.sig>