Privacy Concern: Firefox's "anti phishing" protection & Google

When Firefox 1st introduced the anti phishing protection (now under the Block reported attack sites, and Block reported web forgeries, in Fx 3.x),
there was lot of concern about Google gathering info & possibly sharing w/ 3rd parties. Was even a terms of agreement pop up before using it (attached file. Read "private data may be sent to Google).

I'm wondering what, if anything's changed since Fx v2 & now, regarding possible sharing of private data w/ Google, when d/l Google's list of dangerous sites?

Question: Why would Google maintain & share such info w/ Mozilla "for free?" To make the internet a safer place for all? Doubt it. If they're not gathering (? private ?) data & using for profit, what's in it for them?

Now in Fx 3.6.x (assume same in v4), if you search can find Mozilla "Privacy Policy" about the "Phishing & Malware Protection:"

It refers readers to Google's Privacy Policy

How Google handles cookies & what info it gathers from Firefox users via the anti phishing protection are probably different things. Google doesn't have the best record on privacy protection.

Thanks.

 

I thought browsers now download a local DB for checking URLs?

 

Local DB? Where would it come from - locally? Do U mean if using some 3rd party software / addon? I'm talking about the native protection feature in Fx in Tools>Options>Security (see 1st parag. of OP)
Clearly stated in Mozilla's current Phishing Protection explanation http://www.mozilla.com/en-US/firefox/phishing-protection/ the list comes from Google:

 

What do you mean where would it come from locally..... Quite simple, instead of checking if the URL is bad by submitting your URL and comparing it to a list online, you download the list and compare it locally, pretty simple to understand.

You might want to read closer and stop blowing this out of proportion.

I'm pretty sure it was announced a long time ago that Mozilla swapped from submitting all URLs to google, to using a local DB.

Nothing to worry about here.

 

You can disable the Google/Firefox anti-phishing database. Just go into about:config and set "browser.safebrowsing.enabled" and "browser.safebrowsing.malware.enabled" both to FALSE, then delete the "urlclassifier3.sqlite" file in your Firefox directory.

 

You can also do it here:
Tools > Options > Security and then untick both the blocks.

Then, you can delete the urlclassifier as suggested.

 

I've had "browser.safebrowsing.enabled" and "browser.safebrowsing.malware.enabled" both to FALSE for some time, but still see these google entries



I'm guessing deleting urlclassifier3.sqlite as CasperFace suggests will eliminate them ?

 

So why don't you simply block Google cookies if you're worried? I don't get it.

 

Wow, elapsed - having a bad day? No need to belittle others for asking simple questions - some might consider your remark a bit insulting. Most come here to learn. Please be patient w/ those less knowledgeable than yourself, or for overlooking something.

Disabling the Phishing / Malware Protection is one possibility - & thanks to those giving instructions. To those mentioning disabling it - if have disabled it (as CloneRanger) - what are the main reasons for doing so?

Re: Blocking Google cookies.
1) I occasionally use gmail for junk acct. I'd have to change exceptions back & forth (if want to use Firefox phishing protection - & don't want Google cookies set when using that).
2) If blocked, I wonder if it will affect Firefox "double checking" a site (assume means checking w/ Google), or if it will function correctly w/o any Google cookies set?

 

Well, this is what Mozilla writes:

If there are none, nothing is sent. They do not say that cookies are a precondition - which wouldn't make sense anyway.

Yes, for Gmail cookies from google.com are required - but session cookies are sufficient to make it work. I use the Cookie Monster extension to manage cookies very specifically.

 

Thanks tlu. Many times I've noticed google cookies set, even though I've not visited or used anything directly connected w/ google at the time (search, gmail, etc).
I use Cookie Safe. Cookies are denied globally. 3rd party cookies are blocked. Google isn't in exception list to allow session or other cookies. (no, don't have google specifically blocked). But, every so often, google cookies still appear. I can add them to block list, but think will cause probs if use gmail - not sure if could easily allow temp / session cookie to be set using Cookie Safe, if also have a Block exception rule.

 

They are inactive when those both options are set to disabled and deleting urlclassifier3.sqlite isn't actually needed.