Fedora ain't playin' around w/Firefox 3.

Mauriat mirandam at gmail.com
Fri Jun 20 16:24:07 UTC 2008


On Fri, Jun 20, 2008 at 11:24 AM, Joe Smith <jes at martnet.com> wrote:
> bruce wrote:
>>
>> the issue of the FF security measures (and others) is that the data
>> on the URLs you visit might go back to a 3rd party company (IE
>> google), which could/would therefore have a track of the sites that
>> you visit. ...
>
> You bring up a good point, one that I hadn't thought too much about before.
>
> Except that isn't what's happening--at least according to Moz:
>
> http://www.mozilla.com/en-US/firefox/phishing-protection/
>
>> What information is sent to Mozilla or its partners when Phishing and
>> Malware Protection are enabled?
>>
>> There are two times when Firefox will communicate with Mozilla's
>> partners while using Phishing and Malware Protection. The first is
>> during the regular updates to the lists of reporting phishing and
>> malware sites. No information about you or the sites you visit is
>> communicated during list updates. The second is in the event that you
>> encounter a reported phishing or malware site. Before blocking the
>> site, Firefox will request a double-check to ensure that the reported
>> site has not been removed from the list since your last update. In
>> both cases, existing cookies you have from google.com, our list
>> provider, may also be sent.
>>
>> The Mozilla Privacy Policy expressly forbids the collection of this
>> data by Mozilla or its partners for any purpose other than
>> improvement of the Phishing and Malware Protection feature. The
>> Google Privacy Policy explains how Google handles user cookies.
>
> This would be easy to verify, either through the FF source, or by sniffing
> the traffic.
>
> If Mozilla was feeding Google browsing history, even under a "we won't peek"
> promise, it would be a huge scandal. Since it would be easy for anyone to
> check if it was happening, I feel pretty sure that it's not happening and
> that I don't even have to trust Google not to peek: they don't have the data
> to peek at.
>

Sorry to drag this on, but just to be clear that I am reading this correctly:

If I enable this anti-phishing, then I have automatically downloaded
from Google "lists of reporting phishing and malware sites". Everytime
I happen to visit one of these sites on the list, then automatically
that url AND google cookie information is uploaded back to Google.

So, I can safely say that if I use google (i.e. I have a cookie from
Gmail), then google knows that it was me specifically who visited that
malware site.

So while Google cannot track me for every possible URL, in the least
Google now can track me for every site in these "lists". And Google is
the "list provider". Curious: How do I know what sites are on these
lists?

The Google Privacy Policy which blanket covers cookie usage pretty
much says they can do whatever they want with that information from
the cookie. Curious: Why does Google need a cookie to double check
these lists of for that matter to download these lists?

If I do not use any form of google service (mail, reader, etc.) then I
guess there isn't much info google can connect with cookies, but most
people (myself included) use many google services. While it may not be
too much of a big deal, I think there is enough ambiguity to be
confusing. I do wish though that a completely open non-profit group
would provide this service instead of Google.

-Mauriat




More information about the fedora-list mailing list