Review for WorldIP - Geo Add-on with Security Features by expn626
Rated 4 out of 5 stars
This seems to be one of a few working alternatives amongst the GEO-location and who-is add-ons. While most competitors only check domain name owners registered location and/or what ISP the IP is registeraed at, this one actually shows the physical location the websites are served from by means of AS number, which is actually used for routing traffic around the net. While it doesn't always have the answer or correct information, corrections can be submitted by any user, anonymously or with OpenID.
You can also check the route that the traffic is taking between the users computer and the webb-server with a simple trace-route from the users computer or from the provided looking glass servers. The looking glass service is also very useful to check if it's only you or your local ISP who's got a network problem or if it's on the other end - is the IP accessible from other locations in the world? Is your own IP available from other locations in the world?
Very useful and versatile tool. I like it!
However, I do have some concerns regarding privacy..
Since the add-on doesn't use a local database, but submits an API-request over the internet for every site visited, please clarify: are the API-requests submitted over secure SSL/HTTPS-connection or just plain HTTP? Plain unencrypted HTTP would "leak" the users browsing habits to any onlooker anywhere on the route between the user and the API-servers. Example from current news: the NSA. I hope the developer can answer that, and fix it if it's not using a secure connection.
For the free version it says "API-servers: 6 via GeoDNS ***", "API in Fort Worth, Texas, USA", "***GeoDNS: USA, Germany, Chile, Singapore, Japan, Australia.". Does that mean my API-requests are sent to Germany (European here - so that's closest), and then on to Texas, USA? If the above mentioned is correct, are my API-requests then anonymized between the Germany-USA-servers, or are they sent over plain HTTP with the users IP included? Some clarification on that subject from the developer would be nice.
It would also be good if the add-on disabled the API-requests in "Private Browsing"-mode, just to be sure nothing is leaking. At least show a privacy warning and give the user a choice whether to disable it during private browsing or not.
Many thanks to the devs for making this add-on!
Thank you for your comment!
In the next week, the new version will be released, with bug fixes, new features and a lot of improvements. HTTPS will be added, too.
In the actual version api requests are sent as plain text, but the new one contains https, so, all the requests will only be sent encrypted.
There is the paid version of API for only users, who buy API for their own websites. For add-on users all the information is free.
That's right, the requests are sent to the closest server, in case of failover to the next nearest one. The requests won't be redirected, as in your example, to Germany then to USA, but european requests only go to european server.
The requests can be turned off, this is the top option in the main settings. But I agree it's probably not very clear, I'll think about a better solution. I'll also think of how to implement the better support for "Private Browsing".
To create your own collections, you must have a Mozilla Add-ons account.