Firefox 3 Antiphishing Sends Your URLs To Google

iritant writes "As we were discussing, Gran Paradiso — the latest version of Firefox — is nearing release. Gran Paradiso includes a form of malware protection that checks every URL against a known list of sites. It does so by sending each URL to Google. In other words, if people enable this feature, they get some malware protection, and Google gets a wealth of information about which sites are popular (or, for that matter, which sites should be checked for malware). Fair deal? Not to worry — the feature is disabled by default."

And Google does it again!

[lecithin]

Does anybody remember Google Web Accelerator? This also came out with the 'selling point' that it would help the customer:

http://slashdot.org/article.pl?sid=05/05/04/2223238&tid=217

Google has your mail. They have your searches. Now they are going for your browsing history.

Add it all together and you have a lot of business intelligence. Time to target consumers and influence opinions?

Smart yes, but still quite scary.

What information are they going to collect next? What are they doing with all the information that they are already collecting?

Re:And Google does it again!

[cromar]

Also, they can already collect some of (if not a lot of) your browsing history by checking the IP making requests to Google Adwords, if I'm not mistaken.

Re:And Google does it again!

[TorKlingberg]

How about http://www.bankofarnerica.com/?

Re:And Google does it again!

[SIGALRM]

I know you're trolling, but GP ask an interesting (if somewhat reactionary) question:

What are they doing with all the information that they are already collecting?

Are there answers to his question in the EULAs? Should we pay careful attention to Terms of Service and Privacy Policies before agreeing to the terms? I think so. Even the "do no evil" guys can do evil and call it good.

Re:And Google does it again!

[Zaatxe]

Here in Brazil, Petrobras gasoline stations have the brand BR over a green and yellow pair of stripes. And then somebody had the idea of branding their gasoline stations 13R, using a font almost impossible to tell the differrence between BR and 13R. And of course this 13R stations sell very low quality fuel...

But you don't need to believe me, you can believe your own eyes. This is the 13R station and This is a real BR station.

Re:Uhh, how ELSE are you going to do this?

[Schraegstrichpunkt]

You could do it by providing a bloom filter the browser, and then when there is a match, the browser could download a certain subset of the blacklist to verify that the match is not a false positive.

Re:Already there

[Todd+Knarr]

Because http://thief.com/login.html and http://thief.com/Login.html both hash to radically different values, but both have in the plaintext a characteristic fingerprint of a phishing attempt. A service that gets the plaintext can trivially identify both, but a service that only gets a hash would be fooled by the second if it only had seen the first before.

Re:Does a master list exist?

[elyk]

In firefox 2.0, if you look in preferences > security, there are two options for antiphishing. One is the "use a downloaded list" option, and the other is the "check by asking google for each site I visit". But the word google is a dropdown box - it appears that there will eventually be more choices, but they haven't made deals with (or been offered money from, depending on how cynical you are) other providers yet.