> For instance, it wouldn't call home > if the browser is not accessing a page with JS which makes outbound > connections. The JS (and its outbound connections) has nothing to > do with the spyware or its home address.
Yes, that would be the smart way to do it. I'm glad you don't work for Mozilla. > To our relief, Mozzarella the cheesy borser is not that wise > apparently, as it bluntly goes out to various 3rd party sites no > matter what (I hope they are not lurking here). But who can say all > the spyware out there are as dumb? Well, if we want to be fully paranoid, there's no reason Mozilla couldn't have Firefox make blatant third-party connections, be somewhat transparent about their existence, provide security rationales for having them and half-assed broken documentation for disabling them, while *also* doing as you describe with additional connections that are completely undocumented and only occur when there is sufficient noise. I suspect you're right, though, and that this is giving Mozilla too much credit.
