A Privacy Trojan Horse: How AOEMI Backupper Invaded Firefox

How AOEMI Backupper’s cookie injection undermines Firefox defenses and demands our collective action for a secure digital future.

Update: Jan 17, 2024 ~ Brought the issue back up to Mozilla via Twitter.

Update: Dec 23, 2023 ~ AOEMI seems to be modifying the cookie.sqlite file. Deleting the file removes the cookies.

Update: Reported to Mozilla via Twitter December 20, 2023

Summary (TL;DR)

As of December 2023, AOEMI backup software secretly injects cookies into your Firefox browser, even after you opt out of data collection. This bypasses your privacy settings and raises security concerns. I urge you to be vigilant about protecting your digital privacy. Choose software that respects your choices and fight for a web where privacy comes first.

Waking up to unwanted guests

When Microsoft announced the demise of File History in Windows 11, I sought refuge in alternative backup solutions. AOEMI Backupper, with its enticing free version, seemed like a safe haven. It effortlessly mirrored my files onto a separate drive, a task far simpler than navigating File History’s labyrinthine versioning system. But my comfort shattered the moment I realized AOEMI wasn’t just backing up my data; it was planting unwanted cookies in my browser.

Cookies: Not just for remembering your shopping cart

For the uninitiated, cookies are tiny data snippets websites store on your browser. While some keep track of logins or shopping carts, others surreptitiously monitor your online activities, building detailed profiles for targeted advertising or worse. Most browsers offer robust controls to manage these digital spies, but imagine my shock when I discovered AOEMI injecting an alarming **19 cookies** into my privacy-focused Firefox, every time I launched it.


A brazen disregard for boundaries

This wasn’t just an accidental crumb stuck to my digital shoe. My investigation revealed a previous AOEMI version injected different cookies. Worse, a forum post from November 2023 documented the issue, met with a dismissive “don’t worry, it’s for user experience” response from an administrator. But my “user experience” settings explicitly opted out of such data collection. This felt like a guest sneaking hidden cameras into my house, ignoring “no trespassing” signs plastered everywhere.

Beyond convenience, a breach of trust

The audacity of bypassing my explicit privacy choices sent chills down my spine. Firefox, renowned for its robust privacy protections, suddenly felt vulnerable. This wasn’t just about unwanted cookies; it was about a software program undermining my very control over my digital life. The claimed “user experience” felt like a smokescreen for data collection under false pretenses, eroding trust with every injected cookie.

The ripple effect: From one browser to countless rights

While Chrome and Edge remained unscathed, the implications were far-reaching. This wasn’t just an isolated incident; it was a potential security vulnerability allowing malicious actors to exploit this cookie injection backdoor for nefarious purposes. Beyond technical risks, it raised legal concerns. In many countries, data privacy laws like GDPR and CCPA empower users to control their data. AOEMI’s actions could land them in hot water, especially if minors were involved. Mozilla should not allow anything to inject cookies into their software. Period.

Reclaiming our digital sovereignty

My response? A multipronged attack. I’m considering uninstalling AOEMI, no matter how much I cherished its functionality. I’ reported’m reporting the issue to Mozilla, urging them to investigate and potentially blacklist the program. Firefox is set with strict settings. I delete injected cookies on every browser launch. Finally, I embarked on a quest for privacy-focused alternatives that respected my data boundaries.

A call to action: Vigilance is our shield

AOEMI’s cookie caper is a stark reminder that vigilance is our only shield in the digital landscape. We must demand transparency, control over our data, and respect for our privacy choices. By spreading awareness, holding companies accountable, and advocating for stronger regulations, we can build a safer, more privacy-conscious online world. Don’t let software inject unwanted cookies into your browser without your consent. Take control, choose programs that respect your choices, and join the fight for a digital future where privacy reigns supreme.

You May Also Like