Security firm Sophos is reporting that ShowIP, a Firefox add-on designed to tell you the IP address of the website you are visiting, might be exposing your browsing habits to a German marketing firm. By default, the add-on sends the address of the page you're visiting to a number of sites that can resolve the IP, and allows you to add and remove sites as you wish. What Sophos has drawn attention to, however, is that another site, ip2info.org, is being sent addresses as well.
Data is being sent to the site unencrypted; there is no mention of ip2info.org anywhere in the add-on's description or within the settings, nor is there an option to turn off this behavior. A simple "whois" search on the site reveals that it's owned by Hats on Marketing, a German company that offers link marketing and content verticals. With over 170,000 users, ShowIP is one of the most popular Firefox add-ons around, and although there is nowhere near enough evidence to damn the developer just yet, there are certainly some questions that need answering. We've reached out to the ShowIP team for clarification on the matter, and we'll update you accordingly.