Re: Fedora ain't playin' around w/Firefox 3.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2008/6/20 Mauriat <mirandam@xxxxxxxxx>:

> If I enable this anti-phishing, then I have automatically downloaded
> from Google "lists of reporting phishing and malware sites". Everytime
> I happen to visit one of these sites on the list, then automatically
> that url AND google cookie information is uploaded back to Google.

If you're logged into gmail, for example, you have a cookie for
Google. That will be sent (by design) with any request to google.com
for a page, due to the way the browser is designed; that's not in
itself sinister at all. Google can already track every time you visit
google.com ...

> So, I can safely say that if I use google (i.e. I have a cookie from
> Gmail), then google knows that it was me specifically who visited that
> malware site.

Quite possibly, but we'd have to redesign the browser to not send the
cookie, I suspect. Or there could be a non-google.com domain to
download these lists from, which would sidestep the issue. Someone
want to contact Google and suggest this (as a way to allay the privacy
concerns)?

> So while Google cannot track me for every possible URL, in the least
> Google now can track me for every site in these "lists". And Google is
> the "list provider". Curious: How do I know what sites are on these
> lists?

You could ask them to show you the list?

> The Google Privacy Policy which blanket covers cookie usage pretty
> much says they can do whatever they want with that information from
> the cookie. Curious: Why does Google need a cookie to double check
> these lists of for that matter to download these lists?

It probably doesn't, but if you're downloading from their domain via
HTTP then the cookie will be sent, by the browser, without any
intervention, because that's the way it works.

> If I do not use any form of google service (mail, reader, etc.) then I
> guess there isn't much info google can connect with cookies, but most
> people (myself included) use many google services. While it may not be
> too much of a big deal, I think there is enough ambiguity to be
> confusing. I do wish though that a completely open non-profit group
> would provide this service instead of Google.

Sure, but most non-profit groups will have fewer resources for a start
... even the hosting bandwidth for the list would probably cripple
most people. Think slashdot effect, but a hit for every user that has
this enabled whenever they download the list, plus the hits to check
the urls when they're encountered.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux