This is a little complicated so I hope I can explain it well enough.

My laptop has 3 distributions installed. Each distribution has 3 browsers installed. Each browser has numerous search engines installed. Each browser has enough anti-spyware and anti-tracking addons installed to defeat the NSA, these include ublock origin, localcdn and privacy possum.

In one case, and one case only, my browser is redirecting every link that I click on within a search result to which is a tracking and ad serving site. The only way I can see this by looking at what is displayed in the address bar as it loads the search result. Now, no ads are ever served, but I still don’t like this behaviour.

The case concerned is DuckDuckGo SSL search engine, on Firefox, on Manjaro. All other 8 combinations of search engine, browser and distro go directly to the link address that I click on without the redirection.

As a privacy centric user this concerns me. I have already tried cache clearance but that makes no difference, and incidentally, neither my isp nor my vpn are in the .de domain.

Can anybody explain what is happening and perhaps suggest a solution?

Edit. One thing I should make clear is that the link I click on always loads normally, the ‘redirection’ that I mention is only visible in the browsers omnibar and only then very briefly.


Just keep on believing, my friend. Remember, those Predator drones don’t make noise like the helicopters.

Monitor with wireshark.

You have Goo*, Yand*, Bing or one of their affiliates, that’s all :

This is just ridiculous and increasing your fingerprint : just use ublock origin with correct list and that’ll be better.


Well I finally got to the bottom of this.
The browser had been infected with smartredirect adware. I don’t know how or where it came from. The problem was that, predictably, it does not show itself in the ‘about:addons’ page. In order to find it you have to look in the profile addons folder where it is called:

And delete it from there.

Incidentally I have both bitdefender and clam antivirus and neither of then considered it to be worth a mention when I scanned the firefox profile folder.


Not by default…

This :point_up:

As a small point of info, since my wife would Bobbitt me if I put fsckbook on the pihole, I block it on my machine (this includes all of their so-called subsidiaries as well); currently I have 4203 distinct (v4 and v6) addessses black-holed. So, pick and choose your battles wisely; as you found out in your quest, not everyone plays nicely.

If you were that important of a target to draw NSA’s attention (that is not counting plain-old data slurping), I really think that you’ll lose that battle, and war.

Imho, the only sane option in this case is to reinstall the OS.
If you don’t even know how or what…
The sys is compromised. Who knows what else has been ‘infected’.

Hmmm : Smart Referer – Adoptez cette extension pour 🦊 Firefox (fr)

Let’s be serious now, give us the outcome of:

grep -oP '},"name":"\K[^"]+' ~/.mozilla/firefox/*.*default*/addons.json

I use NextDNS:

Puzzled by Flathub.

I appreciate your replies and suggestions, especially that fascinating grep command from @nam1962 I certainly made use of it, but don’t wish to publish a list of addons I use to the world. Believe me when I say that this topic is now solved.
Thank you for your help.

You merely disrespect the time of those who spent time on your no no problem.

Listing addons is blatantly normal, not wanting to show them is… [Auto-censored]

btw, with this attitude and your “self appraising solution” it’s not difficult to guess that you’re running sub par and possibly fragile solutions.


1 Like

Yup. maybe OP is embarrassed as to what their NSA-defeating browser really looks like.

I do like the Grape-Ape, tho. :rofl:


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.