Privacy Concern: Firefox's "anti phishing" protection & Google

Discussion in 'privacy general' started by phkhgh, Oct 21, 2010.

Thread Status:
Not open for further replies.
  1. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    When Firefox 1st introduced the anti phishing protection (now under the Block reported attack sites, and Block reported web forgeries, in Fx 3.x),
    there was lot of concern about Google gathering info & possibly sharing w/ 3rd parties. Was even a terms of agreement pop up before using it (attached file. Read "private data may be sent to Google).

    I'm wondering what, if anything's changed since Fx v2 & now, regarding possible sharing of private data w/ Google, when d/l Google's list of dangerous sites?

    Question: Why would Google maintain & share such info w/ Mozilla "for free?" To make the internet a safer place for all? Doubt it. If they're not gathering (? private ?) data & using for profit, what's in it for them?

    Now in Fx 3.6.x (assume same in v4), if you search can find Mozilla "Privacy Policy" about the "Phishing & Malware Protection:"
    It refers readers to Google's Privacy Policy;)
    How Google handles cookies & what info it gathers from Firefox users via the anti phishing protection are probably different things. Google doesn't have the best record on privacy protection.

    Thanks.
     

    Attached Files:

  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I thought browsers now download a local DB for checking URLs?
     
  3. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    Local DB? Where would it come from - locally? Do U mean if using some 3rd party software / addon? I'm talking about the native protection feature in Fx in Tools>Options>Security (see 1st parag. of OP)
    Clearly stated in Mozilla's current Phishing Protection explanation http://www.mozilla.com/en-US/firefox/phishing-protection/ the list comes from Google:
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    What do you mean where would it come from locally..... Quite simple, instead of checking if the URL is bad by submitting your URL and comparing it to a list online, you download the list and compare it locally, pretty simple to understand.

    You might want to read closer and stop blowing this out of proportion.

    I'm pretty sure it was announced a long time ago that Mozilla swapped from submitting all URLs to google, to using a local DB.

    Nothing to worry about here.
     
  5. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    You can disable the Google/Firefox anti-phishing database. Just go into about:config and set "browser.safebrowsing.enabled" and "browser.safebrowsing.malware.enabled" both to FALSE, then delete the "urlclassifier3.sqlite" file in your Firefox directory.
     
  6. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    You can also do it here:
    Tools > Options > Security and then untick both the blocks.

    Then, you can delete the urlclassifier as suggested.
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I've had "browser.safebrowsing.enabled" and "browser.safebrowsing.malware.enabled" both to FALSE for some time, but still see these google entries

    ffsb.gif

    I'm guessing deleting urlclassifier3.sqlite as CasperFace suggests :thumb: will eliminate them ?
     
  8. tlu

    tlu Guest

    So why don't you simply block Google cookies if you're worried? I don't get it.o_O
     
  9. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    Wow, funkydude - having a bad day? No need to belittle others for asking simple questions - some might consider your remark a bit insulting. Most come here to learn. Please be patient w/ those less knowledgeable than yourself, or for overlooking something.

    Disabling the Phishing / Malware Protection is one possibility - & thanks to those giving instructions. To those mentioning disabling it - if have disabled it (as CloneRanger) - what are the main reasons for doing so?

    Re: Blocking Google cookies.
    1) I occasionally use gmail for junk acct. I'd have to change exceptions back & forth (if want to use Firefox phishing protection - & don't want Google cookies set when using that).
    2) If blocked, I wonder if it will affect Firefox "double checking" a site (assume means checking w/ Google), or if it will function correctly w/o any Google cookies set?
     
    Last edited: Oct 22, 2010
  10. tlu

    tlu Guest

    Well, this is what Mozilla writes:
    If there are none, nothing is sent. They do not say that cookies are a precondition - which wouldn't make sense anyway.

    Yes, for Gmail cookies from google.com are required - but session cookies are sufficient to make it work. I use the Cookie Monster extension to manage cookies very specifically.
     
    Last edited by a moderator: Oct 22, 2010
  11. phkhgh

    phkhgh Registered Member

    Joined:
    Aug 17, 2007
    Posts:
    166
    Thanks tlu. Many times I've noticed google cookies set, even though I've not visited or used anything directly connected w/ google at the time (search, gmail, etc).
    I use Cookie Safe. Cookies are denied globally. 3rd party cookies are blocked. Google isn't in exception list to allow session or other cookies. (no, don't have google specifically blocked). But, every so often, google cookies still appear. I can add them to block list, but think will cause probs if use gmail - not sure if could easily allow temp / session cookie to be set using Cookie Safe, if also have a Block exception rule.
     
    Last edited: Oct 22, 2010
  12. katio

    katio Guest

    They are inactive when those both options are set to disabled and deleting urlclassifier3.sqlite isn't actually needed.
     
Loading...
Thread Status:
Not open for further replies.