I just installed Firefox after using Chrome for a long time because of Google’s ethics. I got it all set up, was browsing the web, saw an embedded Youtube link. I pressed play on it, and all of a sudden my monitor flashes off and on, my keyboard turns off and on, and the Windows sound for detecting a new device is heard.

This has never happened before, and was incredibly odd. If an undetected rootkit of a sort was installed through way of an 0-day Firefox video display exploit, this is the sort of behavior I might expect to see.

How can we know if this sort of thing is happening behind the scenes, if its only purpose is to sit there and collect telemetry (visual data and certain keyboard activity), and through encrypted channels send that data back to Google (or anyone else, really). There would be countless ways to do-so without being detectable from a packet sniffing perspective as well, along with clever disguising techniques (embedding data in seemingly normal requests, spreading it out over multiple payloads, injecting it into other authentic activity or protocol communication, etc).

What sort of protection do we have, if any, or do we just need to cross our fingers? Are there any good ways to limit the exposure to this sort of thing, or is it just a matter of sophistication before there’s nothing you can do?

For the record, I fully acknowledge that this may have just been a coincidence (or some other issue), and that’s probably a far more likely reason, but this still deserves thought as a general principle regardless and I’m curious to hear about mitigations and detection.