/kernel_reloaded/

Author:

Other contacts

Novi članci

Flickr Goodness

Categories

May 11, 2009 @ 10:20

Firefox “block reported attack sites” privacy?

attack
 
Have you tested new Firefox 3.5? It has a new feature built-in that should protect users from bad or hacked web sites. If you go to Preferences you will see option called “block reported attack sites”. It looks like this feature is giving all your web surfing info to Google!
 

One senior expert told me that this new functionality is a real privacy issue because in order for this function to work when you click on a link Firefox sends than link to Google and asks if this site is suspicious or not. That way Google knows what you are surfing.
 
I googled for it but couldn’t find any info regarding this on Google or Mozilla sites, if you have some links or some insight on how this feature works please share it.
 
I’m really interested if Firefox has made such a blunder and has given Google this surfing information (which should be private) or not.
 
UPDATE:
I found some additional info regarding this issue. Firefox Phishing and Malware Protection page has lots of info on this subject and also does the Google page.
 
From info I have gathered it looks likeFirefox as a client only downloads blacklists and whitelists from Google with suspicious links so no privacy info is leaked to Google. Right?
 
After some more reading I see that there are some cookies sent from Firefox to Google… can somebody make sense of all of this and say should we be concerned regarding our privacy and this feature or not?
 

Filed under english, općenito

7 Comments »

  1. Posted by red

    May 11, 2009 @ 12:58

    Honestly, if you’re concerned regarding your privacy there’s two simple steps that you can do:
    - Go offline NOW – oh wait, thinking about that…I’m reading your blog currently. You’ve wasted your privacy already!
    - Make sure there’s thick curtains in your house which you should no longer leave nor accept any visitors to your house.

    Oh, funny enough I’ve just checked the ‘Author’ link on the top right corner of your blog. Guess what? You use Google as your E-Mail provider! So much for your privacy concerns regarding Google…

  2. Posted by valent

    May 11, 2009 @ 13:15

    You have missed the point. It is not my own privacy that I’m thinking about, I know enough to protect my privacy, but about users who don’t know enough to protect them selves.

  3. Posted by hell man

    May 12, 2009 @ 2:02

    Can’t you just use Wireshark to see if Firefox is sending any info to google?? I would’ve done this for you but I really don’t feel like installing 3.5

  4. Posted by joshua

    May 12, 2009 @ 20:20

    Actually your misinformed in this post. Firefox downloads a blacklist from google periodicly and stores this blacklist in the client cache. It then checks the sites against this local blacklist. So it doesnt send all your traffic to google everytime you click a link.

  5. Posted by joshua

    May 12, 2009 @ 20:23

    You should be more concerned with google analytics which you can block these scripts with adblock. There is no tracking funcionality with the google safe web thing your discussing in this post.

  6. Posted by Eric

    May 12, 2009 @ 22:04

    In my opinion if FF is just pulling the blacklist from Google then it should be okay. The cookie could just track how many users return to get an updated list which is helpful.

  7. Posted by valent

    May 12, 2009 @ 22:29

    I updated my article and I say what I have read on Mozilla page, and I say that it looks like it only downloads black and white lists. But to add to the confusion see this quote from Mozilla site:

    How does Phishing and Malware Protection work in Firefox?

    Phishing and Malware Protection works by checking the sites that you visit against lists of reported phishing and malware sites. These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled. The technical details of the safe-browsing protocol are also publicly available.

    BUT see this:

    What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled?

    There are two times when Firefox will communicate with Mozilla’s partners while using Phishing and Malware Protection. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent.

    The Mozilla Privacy Policy expressly forbids the collection of this data by Mozilla or its partners for any purpose other than improvement of the Phishing and Malware Protection feature. The Google Privacy Policy explains how Google handles user cookies.

RSS feed for comments on this post · TrackBack URI

Leave a Comment

    Archives

    Flickr photostream

    SSL is required

    Meta meta :)