Comments on: The Firefox conspiracy: It’s FUD time again!

By: James Pereira

James Pereira — Mon, 25 Aug 2008 21:42:04 +0000

My site is being blocked by those assholes because it supposedly links to or has malware, and the page it refers to talks about a dream I had with Stephen Colbert in it. What is that shit?? Still, it’s blocking the whole site and nobody can access it unless they click on the little tiny “ignore this” link in the lower-right corner of the BIG FUCKING SCARY RED PAGE SAYING MY SITE IS DANGEROUS.

By: Chang Lee

Chang Lee — Fri, 25 Jul 2008 17:34:09 +0000

Just run a packet sniffer and watch the remote sites firefox connects to on launch

This simply SHOULD NOT HAPPEN if it isn’t spying

By: cs

cs — Tue, 02 Oct 2007 17:09:17 +0000

This type of protection can be implemented outside of the browser, e.g. at the DNS level.

I am using OpenDNS at home for that reason:

http://www.opendns.com/features/phishing/

By: La conspiration Firefox-Google ? Du n’importe quoi… | BeFox

La conspiration Firefox-Google ? Du n’importe quoi… | BeFox — Fri, 28 Sep 2007 20:33:48 +0000

[...] et adaptÃ© de MozillaLinks.org Imprimer — RSS des commentaires — Rétrolien Les billets suivants [...]

By: Percy Cabello

Percy Cabello — Thu, 27 Sep 2007 21:57:22 +0000

JP, that should work in some cases, but it would also reduce the efficiency of the antiphishing protection. For example if http://www.phishyphishy.com is already in the database, the hash for phishyphishy.com/try53 would not match. Of course the protocol could be extended (if it’s not already) to partition the URL and exchange hashes for each portion, but the main reason I think this is not feasible is that I can’t imagine Google giving up all this data since knowledge is its business.

That’s why I think McAfee and Netcraft could offer a more private scheme like the one you suggest because their interest is to sell their products and not the data per se.

Yet another option would be an NPF such as Antiphishing Working Group or the case for malware StopBadware.org.

Regarding your second point, as far as I know, it’s a delta what is downloaded twice an hour. A higher frequency would impact Google servers for sure and discourage users to enable enhanced mode even more.

It’s a hard situation for Google. I understand their position. They are not a non-profit, and need ROI. So I stay away of enhanced mode.

By: JP

JP — Thu, 27 Sep 2007 20:46:32 +0000

And yet another way to circumvent this: instead of transmitting the URL, request new bad URLs since the last download. So instead of downloading the whole list, only download the delta since the last access. If there are none, this is a simple status code reply. If there are new ones, the list is probably rather short anyways. Same effect as advanced mode, no tracking possible.

By: JP

JP — Thu, 27 Sep 2007 20:43:23 +0000

I hear you. Still: why not just exchance MD5 hashes or similar in enhanced mode instead of clearnames? Would work exactly the same and would not let the mailware protection service track what sites everyone is surfing to.

BTW, how are CGI parms of GET requests handled: this could contain sensitive information but could at the same time be an essential part of the URL to identify a phishing site (e.g. http://someserver.org/yeah.pl?goto=someotherserver.org)

Using MD5 hashes here could also be a way to protect sensitive information.

By: Evren K.

Evren K. — Thu, 27 Sep 2007 19:29:21 +0000

A local newspaper here in Geneva, Switzerland reports it as being news about Gran Paradiso under the title “Firefox spies for Google”. So its already circulating… FUD is so sad.