Comments on: Firefox “block reported attack sites” privacy?

By: valent

valent — Tue, 12 May 2009 21:29:46 +0000

I updated my article and I say what I have read on Mozilla page, and I say that it looks like it only downloads black and white lists. But to add to the confusion see this quote from Mozilla site:

How does Phishing and Malware Protection work in Firefox?

Phishing and Malware Protection works by checking the sites that you visit against lists of reported phishing and malware sites. These lists are automatically downloaded and updated every 30 minutes or so when the Phishing and Malware Protection features are enabled. The technical details of the safe-browsing protocol are also publicly available.

BUT see this:

What information is sent to Mozilla or its partners when Phishing and Malware Protection are enabled?

There are two times when Firefox will communicate with Mozilla’s partners while using Phishing and Malware Protection. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent.

The Mozilla Privacy Policy expressly forbids the collection of this data by Mozilla or its partners for any purpose other than improvement of the Phishing and Malware Protection feature. The Google Privacy Policy explains how Google handles user cookies.

By: Eric

Eric — Tue, 12 May 2009 21:04:56 +0000

In my opinion if FF is just pulling the blacklist from Google then it should be okay. The cookie could just track how many users return to get an updated list which is helpful.

By: joshua

joshua — Tue, 12 May 2009 19:23:40 +0000

You should be more concerned with google analytics which you can block these scripts with adblock. There is no tracking funcionality with the google safe web thing your discussing in this post.

By: joshua

joshua — Tue, 12 May 2009 19:20:04 +0000

Actually your misinformed in this post. Firefox downloads a blacklist from google periodicly and stores this blacklist in the client cache. It then checks the sites against this local blacklist. So it doesnt send all your traffic to google everytime you click a link.

By: hell man

hell man — Tue, 12 May 2009 01:02:47 +0000

Can’t you just use Wireshark to see if Firefox is sending any info to google?? I would’ve done this for you but I really don’t feel like installing 3.5

By: valent

valent — Mon, 11 May 2009 12:15:18 +0000

You have missed the point. It is not my own privacy that I’m thinking about, I know enough to protect my privacy, but about users who don’t know enough to protect them selves.

By: red

red — Mon, 11 May 2009 11:58:36 +0000

Honestly, if you’re concerned regarding your privacy there’s two simple steps that you can do:
- Go offline NOW – oh wait, thinking about that…I’m reading your blog currently. You’ve wasted your privacy already!
- Make sure there’s thick curtains in your house which you should no longer leave nor accept any visitors to your house.

Oh, funny enough I’ve just checked the ‘Author’ link on the top right corner of your blog. Guess what? You use Google as your E-Mail provider! So much for your privacy concerns regarding Google…