Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Seems like a bad idea turning off phishing notifications and browser warnings

http://kb.mozillazine.org/Browser.safebrowsing.enabled Firefox 2.0 incorporates the Google Safe Browsing extension in its own Phishing Protection feature to detect and warn users of phishy web sites.



I think using a blocker extension like uBlock Origin restores (at least partially) this functionality without involving Google.


Right, but then you're just changing who you leak data to, you're not stopping the leak.

EDIT: wow, downvotes? Getting a list from EasyList is just as much a leak as getting a list from Google. Someone has your IP either way.


> Getting a list from EasyList is just as much a leak as getting a list from Google. Someone has your IP either way.

The problem with SafeBrowsing isn't downloading the list, it's that it sends data back to Google if it finds a match. Malware lists with AdBlock plugins don't do this.


My understanding was that Google's malware list is a two prong approach:

  1: An all-in-one lump download of blacklists
  2: Optionally, "Enhanced" also sends hashed URLs to Google in case specific sub-pages aren't on the list, etc
Easylist, of course, only offers #1. Firefox, by default, uses both, which is less private, but seemingly still configurable to use only #1.

Citations:

http://www.google.com/tools/firefox/safebrowsing/faq.html

https://developers.google.com/safe-browsing/firefox3_privacy...

http://www.pclinuxos.com/forum/index.php?topic=124878.0


Yeah. I personally don't care if something is from Google but other people do. I'm quite surprised this stupid list that doesn't even explain what each setting actually does is on page 1.

(Edit: Oh, it seems it was updated in the meantime.)


It does send your IP address to Google, when you download the filter. And I can't tell if "Enhanced Protection" is enabled which actually sends your URLs to Google.


http://kb.mozillazine.org/Browser.safebrowsing.remoteLookups That's configured here


I couldn't find Browser.safebrowsing.remoteLookups in my about:config. Does it still apply?

upd: I am searching for it in the Firefox sources now. Just for curiosity: there are 117512 files in 8610 directories totaling 743 MB, and search in files is really slow even on SSD.


browser.safebrowsing.remoteLookups works indeed, I could confirm this using Fiddler. For some reason, Notepad++ couldn't find a mention of 'remoteLookups' in sources.


    > time egrep -Rni remotelookup . 
    ./toolkit/devtools/gcli/source/lib/gcli/types/selection.js:81:    spec.remoteLookup = (typeof this.lookup === 'function');
    ./toolkit/devtools/gcli/source/lib/gcli/types/selection.js:128:  if (this.remoteLookup) {
    egrep -Rni remotelookup .  2.01s user 0.32s system 99% cpu 2.346 total


A key that's not in the config file uses the defaults. You can just add the key by going into about:config , right clicking anywhere in the list, and choosing New, and in this case, boolean, and set it to false.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: