Antenna of Freedom and XtraNotes
Friday, 01 April 2011
The collection of information via intelligence appliances, with the aid of modern technical procurement operations, is one of the essential tasks of TRON-DELTA.ORG. This article exemplifies intelligence gathering and dependent counter-intelligence procedures.

The continuous search for new technologies is therefore one of the first important steps in that context. During that search our organization regularly makes use of a large amounts of diverse information sources, including thousands of RSS feeds, newsletters and forums of various websites [1]. Also, different information search systems, mainly in the form of specific person, image, or metasearch engines, are taken into account. Using these machines includes inter alia looking for a number of key words in various combinations, and using search engine compatible queries, with logical conjunctions and Boolean operators. During a search commenced, members of staff found an article, on the right-wing website "Politically Incorrect", which primarily focuses on political issues.

Regardless of the political content of this magazine, which is not relevant for our organization nor was it for this research, the article "Plugin-weapon against one-sided reporting" with the keyword combination "reporting", "antenna", "plugin", "information" and "verify" aroused our attention. This combination is quite unique, and for that reason more than 40 days passed from the date when the article went online until our systems actually revealed it. In that course we were able to find even more sources on that topic, such as those of the online magazine "Blue Narcissus", which contained an article, about the yet unknown technology, called "Plagiarism warning! The digital weapon against one-sided reporting". Both articles contained a reference on the website "Antenna of Freedom", which was then subjected to scrutiny as a result. "Antenna of Freedom" can be downloaded from the creators' official website [2].

Through the "Install Now" tab, a Firefox plugin along with a brief guide for installation, plus an installation recommendation, was visible to its users. The functionality of that plugin was already known to us, due to the the aforementioned articles. Interesting in that context was a first explicit indication that the plugin, apparently responsible for the aggregation of content, can be downloaded and used without registration or login, in an anonymous and free manner. One paragraph expressly stated: "Also no IP addresses will be captured or saved. No one, including the participating blogs, has information on the number of users or user behavior". This was surprising, considering the fact that the link with parameter "psn=123456" refered to the plugin on [3]. The procedure itself is usual when users should not be given any direct information about the target of a hyperlink.

Another search for "xtranotes" lead to Layers4Web GmbH in Heidelberg, Germany. In stark contrast to the statement on "Antenna of Freedom", author and CEO Friedrich-Wilhelm Uthe of Layers4Web GmbH required users to register with the service on From the perspective of a potential user a lot of data was being collected, such as Name, address, zip code, city and state, without which a download and subsequent use of the plugin did not seem to be possible. It clearly appeared to be about revealing the full identity of a person, which in principle would have been possible already, even with a reduced number of unique attributes requested.

As a part of further investigation, two members of our organization had put the Firefox plugin "XtraNotes" to a more accurate code analysis. The contents of the file with the extension .xpi were unzipped, like this can be done with an archive type of the extension .zip, and then unpacked via "jar xf /xtranotes.jar" in a final step [4]. Within the subdirectory "chrome/content/scripts" the file "xtranotes.js" resided, which was actually the core file of the plugin. In a series of string analyzes (e.g. "server", "send", "get", "onnect", "auth-token", "asswor", "this.execute", "SERVICE", "", "", "http", "", "er.address", etc.), cross-comparisons, substitutions and other code-audit methods, about 2780 lines of code within the "./scripts" directory were finally evaluated.

The result was in fact not a surprise to our analysts. In several sections of the core scripts, connections to the main server of Layers4Web GmbH were ment to be established [5]. Without going too much into technical details, the main problem of "XtraNotes" in essence is, that one can create complete user profiles from both, the operator side and also on the side of the participating websites. From the operator's point of view this is possible, because by the call of the plugin's base functions (e.g. "CMD_LOAD_PAGE_INFO", "CMD_LOGIN", "CMD_NOTIFY_NOTE_VIEWED", etc.), the transfer of various amounts of data takes place within persistent sessions. This, of course happens while the registration data that resides within the plugin's configuration is loaded. Even in the case of use without prior registration on, such as recommended by "Antenna of Freedom", any given participating website could still create user profiles, though semi-anonymously only.

In any case, such tracking of user activity would also be possible, by analyzing the referrer (RFC 2616) with the help of web server log files or, simply by the use of so-called "evercookies" [6]. In both cases the creation of considerable user profiles would be possible. From the perspective of an intelligence organization like TRON-DELTA.ORG, such or similar technology would be quite useful for our adversaries, in addition to the tools and methods they already use.

Last Updated (Monday, 01 January 2018)


  2022-01-08 ✴ 20:00 UTC




  ᐊ 1&1 INTR. AG  CDN


Should ✛ΔO engage more in counter-intelligence?
∘ Yes, there is a need for such operations.
∘ No, because it may be very dangerous.


Bookmark site Press Cmd or Ctrl + D
Bookmark page Press Cmd or Ctrl + D


  Visitors: 788.250+ ℮


  25 Years of Linux



  Code of Arms: Frankfurt


  Facility: open and operating
©  2003 - 2024   TRON-DELTA.ORG  (NGO)   –   Nongovernmental  Intelligence  Organization
Portal v5.06.102 R 1 on ✛ΔO LXCMS v1.1