On 11/03/2016 05:28 AM, Phil Wyett wrote: > On Wed, 2016-11-02 at 21:37 -0700, Alice Wonder wrote: >> While doing a browser fingerprinting survey, I was quite surprised to >> see I actually have a FireFox plugin installed. >> >> The culprit is >> >> /usr/lib64/mozilla/plugins/librhythmbox-itms-detection-plugin.so >> >> It appears that whoever maintains the rhythmbox RPM has chosen not to >> package the browser plugin separately like it probably should be. So if >> I have the rhythmbox RPM installed, I have the plugin. >> >> This is rather worrisome because I can find no trace of the plugin in >> the Mozilla preferences panel, so if it is there it is very well hidden >> and if it really isn't there, it can't be disabled there. >> >> Is there some kind of blacklist file I can put in >> /usr/lib64/mozilla/plugins/ or ~/.mozilla/plugins/ to specifically tell >> FireFox not to load that plugin, or do I have to uninstall rhythmbox? >> >> Thank you for suggestions. >> >> PS does anyone actually have a real world use for an itms detection plugin? > > Hi, > > It is possible to rebuild the package ( for CentOS 7) and disable this > plugin being built. Yes but then any update to rhythmbox would re-install it and it would become a pattern of build, rinse, repeat. Hopefully the bugzilla I filed will result in an update being pushed with the plugin either gone or available in a separate package for those who do want it.