Comment 544 for bug 269656

Revision history for this message
SilverWave (silverwave) wrote :

The Frankenphishing Service.

>Mark Shuttleworth wrote:
>pj wrote:
>> Since Mark is asking for input on the service, I will tell you that the first thing I do is
>> turn off antiphishing services, along with every other thing that tends to track my
>> surfing. I turn off Javascript and cookies too, for example, so I'm definitely not the
>> average person in my habits. I turn stuff on as needed, clean up, and turn it off
>> again.
>>
>In the community of folks who are very aware of the sort of abuse that
>goes on, being conservative about JS and cookies isn't unusual. Those
>are definite attack vectors on one's online identity and privacy.

>Out of curiosity, would you prefer that cookies and javascript be
>disabled in the default case for Ubuntu, too? If the argument is that
>anti-phishing might be used to track your surfing, like cookies and JS,
>and therefor it should be turned off, would it not also be consistent to
>want JS and cookies disabled by default? We certainly take the view that
>we (Ubuntu) are entrusted with our users security, so this would be
>worth exploring. My gut feel would be though that most people would say
>"I'll turn that off for myself where I'm concerned, but I understand
>that the default should for JS to be switched on".

The bug is in the way the antiphishing services works...

The old implementation was a choice between checking with google for each site you visited and downloading a blacklist that did its checking without calling home to google.

I had no problem with the second approach but then things changed and you now get the Frankenphishing service which does the "download the blacklist file and check thing" BUT if it gets a hit it then does a phone home to google to double check in realtime.

I would say that the downloading of the blacklist and local anti-phishing checking with no phone home should be the default.

No privacy concerns with this.

The problem is the phoning home to check thing.

So this whole problem with the anti-phishing services is just bad implementation.

1. The default should be that a file is downloaded every day\hour and this is used to check for bad sites.
No phone home or anything.

2. On first hit of a phishing site, ask for user to accept Terms an Conditions of the service.

3. Also ask if user wants to start checking with google in realtime or not (point out the privacy issues).