Firefox 3 Antiphishing Sends Your URLs To Google

iritant writes "As we were discussing, Gran Paradiso — the latest version of Firefox — is nearing release. Gran Paradiso includes a form of malware protection that checks every URL against a known list of sites. It does so by sending each URL to Google. In other words, if people enable this feature, they get some malware protection, and Google gets a wealth of information about which sites are popular (or, for that matter, which sites should be checked for malware). Fair deal? Not to worry — the feature is disabled by default."

A better way

[brunes69]

A better way to do it would be to just maintain a database of phishing sites that the browser downloads and checks *LOCALLY* to see if it is phishing.

Instead of every page hit being set to Google or $SERVER, it checks Google or $SERVER to see if the database has changed since last downloaded. If it has, it downloads a binary update and inserts it into the database. Then it checks the LOCAL database to see if this is a phishing site.

Such a mechanism is just as up-to-date as submitting the URL to the remote site, and much more secure. And the binary form of such database updates would be minuscule, on average each request would likely take *LESS* time this way since you are only checking last-modified headers on a file instead of initiating a full HTTP GET/POST.